Smart TVs get more secure

One of the challenges for smart TV makers has been to avoid throwing the baby of content security out with the bathwater of the unwanted set top box (STB). Surprisingly this was not properly addressed by smart TV makers at the outset, but now they are starting to incorporate security into their SoC (System on Chip) cores in order to satisfy premium rights holders they can protect content as robustly as traditional STBs. In fact smart TVs are now falling in line with the trend towards embedding keys inside internal SoCs rather than external smart cards or modules on the basis that this is more resistant to tampering or reverse engineering.

One of the players in this field is Cryptography Research, the security subsidiary of Rambus, whose CryptoFirewall core is being adopted both by SoC makers directly and by content security vendors such as Verimatrix for integrating with their CA (Conditional Access) systems. It is also being adopted by mobile device makers, given that Qualcomm, one of the SoC leaders in that area, signed a contract in June 2014 with Cryptography Research. Most recently in November 2014 Cisco added its weight to the growing momentum behind CryptoFirewall by announcing it was incorporating the technology within various unspecified products in the pay TV and broadband arenas.

Cryptography Research, founded by its current president and chief scientist Paul Kocher, cut its teeth in the early noughts by developing BD+, the security component that helped the Blu-ray disc format defeat HD DVD in the famous format wars. It then extended the technology to develop ASIC security cores that are now being adopted across pay TV. A major step forward came in late 2011 when CryptoFirewall was embedded in two of the leading STB chips of the time, from Broadcom and ST Micro. Then three years later just before IBC 2014 came the announcement that Taiwanese fabless semiconductor company MediaTek was integrating the CryptoFirewall in its connected TV SoCs. This was significant in that MediaTek has about 80% of the world market for Smart TV SoCs, with customers including the two South Korean based market leaders Samsung and LG. It is therefore a fair bet that CryptoFirewall be incorporated in most leading smart TVs.

Paul Kocher founded Cryptography Research during the Blu-Ray format war days

Paul Kocher founded Cryptography Research during the Blu-Ray format war days

It should be stressed that security cores such as CryptoFirewall are not a universal panacea and only address some of the challenges posed by pirates in the era of online distribution. They do though give the lie to the notion that robust content security can be enabled in software only, which is clearly not the case since root keys need to be in a place where they are protected from unauthorized access. Putting them inside a SoC is necessary, but not sufficient on its own to protect keys used for authentication, since it is possible to determine them electronically from outside, for example through DPA (Differential Power Analysis) attacks that monitor the electrical activity of chips.

DPA enables key information to be recovered through statistical analysis of the chip’s power consumption profile and can cope with techniques such as insertion of random noise designed to combat the problem. Counter DPA measures therefore have to be more sophisticated, such as transformations to keys via some additional algorithms that are not affected by the cryptographic processes, or randomly varying the chip’s clock frequency to confound the attackers.

It is through deployment of such algorithms that Cryptography Research has gained pole position in security cores. It protects against control word redistribution, which took over from card cloning as the biggest piracy threat around 2008, as pirates took advantage of growing broadband penetration to distribute the keys over the Internet, enabling unauthorised access to cable and satellite pay TV services. The control word, the key to descramble content, is in effect stolen from the smart card device interface and then distributed to the pirate’s “customers”. This form of attack first evolved in the 1990s, when key words were distributed using dial up modem links, but became much more viable and extensive with high speed Internet distribution over the last decade.

However more recently still, as broadband speeds have increased further to enable distribution of high resolution video content including even 4K, illicit content redistribution has increased rapidly and is now threatening to take over from control word sharing as the biggest piracy threat, especially to premium content such as movies and live sports. Here pirates access high quality content, either by bypassing security controls of just camcording directly from a large smart TV screen say, and then redistribute over the Internet. This can be in the clear, or even potentially encrypted to protect against “re-theft”, to the pirate’s client, who may pay or even see ads run against the content. Some OTT providers have admitted recently that in some markets 50% of online live sports streams consumed over the Internet are redistributed by pirates.

It is true that security cores can tackle bypassing of access controls, but they do nothing to stop camcording of video from the screen by pirates posing as legitimate customers, often subscribing via stolen credit cards to protect their identities. There are vendors such as Verimatrix and Friend MTS that have developed defenses against content redistribution through use of digital watermarking and fingerprinting to enable labeling and subsequent detection of individual streams in near real time, without needing a presence on the actual client device. This is a big subject in itself but the main point here is that premium content protection in the high speed broadband age requires a combination of embedded security cores, DRM technology and watermarking, involving interaction between servers and clients across the Internet.

You might also like...

Designing Media Supply Chains: Part 3 - Content Packaging, Dynamic Ad Insertion And Personalization

The venerable field of audio/visual (AV) packaging is undergoing a renaissance in the streaming age, driven by convergence between broadcast and broadband, demand for greater flexibility, and delivery in multiple versions over wider geographical areas requiring different languages and…

Media Supply Chain At IBC 2022 - Rising Advertising VoD And Virtualized Cloud Production Key Themes

Streaming dominates media supply chains far more than it did even at the time of the last IBC with a physical presence in 2019.

Netflix Set To Curb Unauthorized Password Sharing

Netflix appears on the verge of introducing measures to curb sharing of passwords by subscribers with friends or others outside their household, after years resisting such a move.

NAB 22 BEIT Conferences Detail TV Engineering Progress

People visit NAB Shows for many reasons. Some are there to investigate and examine new solutions. Some are shopping with a budget ready to spend. Others visit to gather ideas and figures for next year’s budget. Many visit to a…

Protecting Premium Content OTT & VOD Distribution - Part 2

Protecting high value media content is a major priority for any broadcaster working with OTT and VOD. In the previous article in this series we looked at the three challenges facing broadcasters and in this article we dig deeper into…