TV Anywhere Will Need Hardware Security

The debate over whether pay TV security is best done in hardware or software may now finally be resolved with the answer being that both are needed, especially if premium content is on offer. This is the thrust of some recent industry developments, such as the announcement by Verimatrix, vendor of the software-based VCAS system, that it is licensing Cryptography Research's CryptoFirewall security core technology to help build advanced solutions protecting video delivery revenue streams.

This seems to be recognition that some form of hardware security is needed to augment the Verimatrix public key-based approach to content delivery and provide an extra layer of defence. In fact Cryptographic Research itself acknowledges that even this may not ultimately be enough to enable premium pay TV services to work over the Internet and mobile networks, with other ingredients becoming necessary, including digital watermarking and also snooping agents that prowl around the network on the lookout for security attacks and breaches.

Pay TV security has two objectives, to buy time and create confidence among content providers that the service can be trusted. No system is immune from attack forever, and to an extent Cryptography Research has already shown it can meet these two fundamental requirements in the different field of Blu-ray discs. The company developed the digital rights management system called BD+ for Blu-ray based on the idea of self-protection where the content itself contains embedded codes needed for it to play. With the participation of the Blu-ray players, this meant that rights owners could change the DRM security in the event of a breach by changing the codes, without having to make any alternations to the players themselves. Eventually BD+ was cracked, but it took 10 years, so the technology succeeded on the first criterion of buying time. It also succeeded on the second count of creating confidence, since several movie studios cited Blu-ray Disc's adoption of BD+ as the reason they supported the Blu-ray Disc rather than the alternative HD-DVD. Cryptography Research is now hoping to generate similar confidence in the pay TV world around CryptoFirewall.

For OTT services it is also vital that any solution can work across multiple platforms, and on this front Cryptography Research has been signing up the major vendors of system-on-chip (SoC) silicon for pay TV devices including STBs, with ST Micro Electronics, Broadcom, MStar, and ViXS on board so far. This will ensure the firewall is compatible across most leading boxes, which is valuable for pay TV in general because it enlarges the target market and reduces costs. For OTT it will be essential that a given service reaches all devices irrespective of whose chip is in them.

The function of the CryptoFirewall is to protect session encryption keys themselves from attack by shielding them within the SoC, while also providing a layer of security that enhances the CA system it is working with. The point here is that CryptoFirewall is not a complete security system but designed to interoperate with a CA system from Verimatrix or some other CA vendor. In doing so, it provides a kind of double-layered security, in that compromise of either a given CA system or the CryptoFirewall on its own is insufficient to crack a pay TV service that uses both in combination. CryptoFirewall was designed on the assumption that the associated CA is insecure. Similarly, CA systems such as Verimatrix VCAS are stand-alone and do not intrinsically rely on any other component. Now Verimatrix's licensing of CryptoFirewall reinforces the security offered.

It remains to be seen whether systems such as the CryptoFirewall/CA combination will hold up against piracy, although there are signs that the studios and other content houses are gaining confidence for now. One thing is becoming clear though: Any security system must be transparent to consumers if it is to be successful. On this front, Cryptography Research's CTO and VP of engineering makes an important point when he argues that two factor security, where the user has a separate token to generate one-time passwords in synchronisation with service, will not work in pay TV, even though it is being used in some cases for online banking.

In the case of banking, the interests of both parties coincide, since neither the customer nor the bank want money to be stolen from an account. But in pay TV, a registered user may also be stealing the service by transmitting content on to friends. Two-factor security would still protect the user from having the service stolen, but not the pay TV provider. For example, the user could point a webcam at the token to transmit the temporary passkey immediately to friends.

The second reason two-factor will not work for pay TV follows from this. Since users do not care as much if the service is compromised as in the case of online banking, they will be less willing to endure the inconvenience of having to sign on via a separate device — i.e. the second factor. Any pay TV service that tries to impose two-factor security is therefore likely to have to withdraw it pretty quickly.

Instead therefore other remedies will be used to strengthen single-factor security. One will be to deploy supervisory processes within the network to provide defence in depth by monitoring for any signs of security breaches. The use of fingerprinting or watermarking in various ways to mark content can also help. Verimatrix, for example, uses on-screen display (OSD) fingerprinting in its recently launched VCAS for Internet, forcing periodic display of a device identifier overlaid on streamed content to deter its unauthorized retransmission.

It can be seen then the battle lines between the content security industry and pirates are being redrawn in the era of TV Anywhere and OTT.

By Philip Hunter, Broadcast Engineering