How the Past has Shaped the Future of Broadcast Cardless Security
Earlier this week, Farncombe introduced its latest white paper, The Future of Broadcast Cardless Security. The paper, which we sponsored, features an in-depth look at the trends in technology and cost models that are driving operator requirements for video security in a rapidly evolving marketplace. The paper is full of compelling observations and it is definitely worth reading (you can access the full paper here), but I also wanted to share why we think the topic of cardless security is so important right now.
Smartcards have obviously been around for quite some time, and the past two decades have been instrumental in shaping their perception in the marketplace today. For years, many broadcast one-way conditional access (CA) systems focused primarily on the smartcard, more or less ignoring the weak points in the end-to-end system. As years passed and technology progressed however, pirates became savvier and began attacking the interface between the smartcard and the set top box (STB), realizing that it is the weakest point in the security scheme, or even attacking the STB itself, which often lacked any suitable security functionality.
When this form of piracy emerged, it was a game changer. Initially the security functionality was housed in the smartcard under the assumption that in doing so, the STB would not need its own security. However, this is not the case, especially when you consider that the STB is responsible for actually decrypting and processing the content, not the smartcard, which only processes the decryption keys and entitlements.
As hackers increasingly targeted the interface to the STB and the STB itself, security functionality was pushed back into the STB box, and the STB became responsible for securing the communication between the smartcard and the STB itself. As more security was added to the STB and the chipset, however, it became increasingly apparent that the security of both the smartcard and the STB were of equal importance. If only one component is secure, the system is broken and at a greater risk for attack.
As such, the pressure shifted to chipset makers to ensure that their hardware contained robust security mechanisms, such as secure boot, Flash encryption and memory scrambling. These security features allow software to be executed by trusted hardware within the confines of the “safe” chipset. Advances in personalized chipsets with multistage key ladders increased the overall robustness even further.
So why not transfer the security features of the smartcard to the chipset, if there are so many benefits having the functionality housed within the hardware? While this seems like a very practical idea, it requires a significant shift in thinking that many people have not yet made.
In The Future of Broadcast Cardless Security, the authors explore these underlying assumptions and historical approaches to security, and gauge their validity in the market today.
In addition, Farncombe explores the evolution of cardless security. With the Internet-based consumption of content skyrocketing on a daily basis, operators are eager to offer their subscribers access to premium content on as many devices as possible, with some adding over-the-top (OTT) capabilities to their existing DVB networks, thus creating hybrid networks.
Given the fact that most of two-way IP STB devices and all of the portable devices do not use smartcards, industry is slowly coming to the conclusion that a cardless solution is necessary. This realization has spurred new uses of advanced security techniques, including white box cryptography and software obfuscation techniques. These are the technologies that are dramatically impacting the increased adoption of cardless content protection systems in general.
For more information about how these new technologies are impacting the status and future of cardless CA systems, please download the full white paper here. We anticipate that operators around the globe will undoubtedly appreciate Farncombe’s unique perspective on this timely and compelling topic, especially since having a choice of cardless- and card-based client security in the same DVB or DVB hybrid network allows the operator to match subscriber revenue potential with suitable STBs.
Please don’t hesitate to drop me a comment as we always welcome your thoughts and we encourage you to share your opinion on the card-based vs. cardless security system debate!