Cardless security comes of age for one-way broadcast

The changing nature of piracy threats means that some broadcasters should be considering cardless security systems even for one-way services with no return path.

This is the conclusion of a white paper just published by UK TV consultancy group Farncombe, sponsored by U.S. content security vendor Verimatrix. This was what Verimatrix wanted to hear as a vendor of software-based conditional access (CA), but Farncombe emphasized that cardless security was only appropriate for one way services when the incentives for pirates were not too great.

Even then, Farncombe advocated inclusion of a slot for a smart-card solution as a contingency just in case the service is victim of a perfect clone attack, which would otherwise require replacing all set tops or receiving devices at an average cost of at least $25 per user. In that event, a smart-card solution could be deployed more cheaply if slots were available in the devices.

According to Farncombe, circumstances in which cardless security is suitable for one way services include cases where there is a small customer base, or when there is a low volume of premium content that is not available elsewhere, when the target for pirates does not merit high investment in hacking. If these were the only use cases, the appeal of cardless security would be limited, but Farncombe goes on to argue that it is also appropriate for markets with high broadband penetration and speeds, for a slightly more subtle reason.

In that case, there is good scope for pirates to succeed by getting hold of content at sufficiently high resolution, regardless of what CA is used, because the CA does not need to be attacked. Then the only response to the piracy is through monitoring and, if necessary, shutting down the service, so the CA might as well be cardless because it makes little difference if it is less secure.

However, Farncombe argues that in many of these cases cardless security can equal the protection afforded by traditional card based systems, providing it is implemented correctly. It can then reduce total cost of ownership (TCO). But, operators need to adopt the right technological approach, which, according to Farncombe, should have the security functionality shared appropriately between the set top’s main processor and a dedicated SoC (System on Chip).

Under this combined architecture, the unique elements of the system, such as the root of trust, should be provided by the secure processor within the SoC, while generic elements that may require changing, like processing of common data such as content keys, should reside in the main processor. The coming-of-age of cardless security is a result of changes in the threat landscape. There are three main categories of threat.

The first is content redistribution, where a pirate makes a high-quality copy of content after it has been legally decrypted and then redistributes it over the Internet. Second comes control-word sharing, where a pirate discovers a common key used to decrypt the content and distributes it via the Internet or other means. Third comes cloning, where a pirate replicates part of a device’s software or hardware such that control words can then be extracted and used to decrypt content. This replicated part can then be distributed, although the severity of this threat depends on exactly what part of the CA system has been hacked.

As Farncombe pointed out, cloning was the most common and serious of the three threat categories in the era of pure broadcast before the availability of mass broadband services. As Farncombe’s survey has revealed, the balance of risk has now shifted away from cloning towards control-word sharing. But, more significantly, the situation is about to change again as content redistribution becomes the biggest threat. This, in turn, reduces the advantage of hardware based security, for even if it does offer stronger protection against cloning, it does not help prevent redistribution.

This means that other forms of protection and detection become more valuable or even essential, with Farncombe identifying content watermarking, content fingerprinting and Internet monitoring as being three that will increasingly be deployed.

Watermarking embeds indelible and imperceptible data within the audio or video, and can be applied at any stage of content distribution, from creation to consumption on a device, designed mainly to identify the source of the content piracy.

Fingerprinting is different in that it allows the video itself to be identified by comparing some unique signature generated from a video segment and stored in a database before distribution with the one calculated on receiving the video. This process allows for automated and rapid comparison of multiple video streams on a single server. Then, monitoring involves various processes to identify and locate pirate activity, including behavioral analysis to seek anomalous network activity that might indicate piracy has occurred.