Cardless CA: The perfect security solution for DVB

38

1. Foreword

It can be said that the TV content security system is the heart of a pay-TV system. Because without a content security system, pay-TV service providers cannot protect the content of the production program as well as the content copyright acquired from digital content providers.

In previous years, pay-TV systems often use the security system using Smart Card or SIM card like the mobile phone SIM attached inside set-top box. However, the use of Smart Card or SIM card is one of the weaknesses for hackers to penetrate the vulnerability and illegally exploit the content of TV channels.

Today, with the rapid development of science and technology, conditional access (CA) systems using Smart Card or SIM card has been gradually removed, instead of applying new technology, do not use the card (Cardless) in pay television systems is an inevitable trend.

Figure 1. Traditional set-top boxes using Smart Card or SIM card.

2. Overview of DVB television signal processing system

DVB (Digital Video Broadcasting) television signal processing system includes the following components:

Figure 2. Diagram of DVB television system.
  • Source Channel processing system

Input source from camera or studio; Satellite STB or copyright from digital content providers is sent to the input signal processing system. Here, the signal will be processed, compressed and encapsulated according to the MPEG standard into MPEG-TS streams, leading to the Broadcasting Edge Modulator system.

Figure 3. Video signal compression model according to MPEG standard.
  • Broadcasting Edge Modulator system

The Edge signal processing system implements multiplexing of MPEG transport streams into MPTS streams (Multi-Programs Transport Stream). MPTS streams are taken to Scrambler to perform an algorithm to tamper with the MPTS stream with the key generated from CAS (Conditional Access System), then to Modulator to modulation of a baseband signal.

Figure 4. Diagram of television programs multiplexing.
  • CA system (Conditional Access system)

CA system performs the function of creating keys and deliver to Scrambler to scramble TV contents with the keys created, to secure the content of television channels.

Figure 5. Content of TV program is secured by many key layers.
  • Subcriber Management System (SMS)

SMS system performs the function of managing and billing subscribers according to television channel packages, calculating monthly subscription fees, etc.

Thus, the most important part of a pay television system is that CA system. The following section describes in detail the CA system.

3. Architecture of cardless CA security system at the Headend

As mentioned in the introduction, the heart of the pay-TV system is the TV content security system. The architecture of Cardles CA security system at the Headend as follows:

Figure 6. Diagram of cardless CA security system at the Headend.
  • CA core module
  • CW (Control Word) is generated by random algorithm from Simulcrypt Synchronizer (SCS) integrated in Multiplexer.
  • CW is then encrypted by ECM Generator (ECMG) with the key generated from Key Generator & Managemeng (KGM) according to its own algorithm, technology know-how of each CA service provider, packed into ECM packets and sent back to SCS.
  • Key Generator & Manager (KGM) creates key to provide ECMG and EMMG blocks. EMMG requests information from SMS subcriber management system (such as subscriber name, identity card, phone number, etc.), then encrypts this information with the key generated from the KGM, packetized into EMM message and send it to Multiplexer.
  • Multiplexer using ECM and EMM messages received from CA Core module to scrmable and multiplex content of the input stream video/audio streams into scrambled TV content and distribute to the broadcasting infrastructure.

Thus, it can be seen that the ECM message contains the key for ecrypt video and audio; and the EMM message contains the key to encrypt information about television subscription. These two messages must be combined, then receivers are allowed to watch the content of the TV channels to ensure the legal content and television copyright.

  • The remaining blocks in the core module such as CA DB and Configuration & Operation (CO) contain the database and configuration of the system.
  • SMS subscriber management subsystem.

SMS subscriber management subsystem performs the function of subscriber management, customer management, package management, etc.

SMS module is connected to the CA core module to request core system to authorize the devices to see if set-top box is accessing content; charge subscription fee based on information about package price, usage time. All this information is stored in the database to track and manage customers, manage subscribers.

In addition, SMS subscriber management module also allows sending SMS messages (Short Message Services), identifying fingerprinting information, changing PIN codes, starting and updating software over the air (OTA) for set-top box, etc.

  • Monitoring subsystem

The Monitoring module to allow administrators and operators to monitor the entire cardless CA system; Turn on/off or start system modules. Monitoring is done through the status of each module and monitoring the operation information, system logs. When one module fails, system will have appropriate warning levels such as blue: normal operation; yellow: warning accompanied by recommendations; Red: Dangerous level with detailed description.

Operator and system administrator based on operational information (module status, system logs) easily handle and fix errors in time, ensuring to minimize downtime of the system.

4. Architecture of cardless CA security system at set-top box side

Cardless CA television security system is a total solution from the central security system to the receiving terminal set-top box. The previous section presented the architecture of cardless CA system at the Headend center. This section further describes the architecture of cardless CA system at the receiving terminal set-top box.

For the traditional security system, the decryption implementation takes place on Smart Card or SIM Card, which already contains the key to decrypt. This is a deadly vulnerability for hackers to take advantage of, compromise and steal keys, then they will use sophisticated measures such as analyzing electrical impulses on communication channels between Smart Card and set-top box to decrypt CW. Figure 7 is a decryption flowchart performed on a set-top box using a Smart Card or SIM card.

Figure 7. Diagram of television signal decoding using Smart Card.
Figure 8. Diagram of cardless CA security system at set-top box.

Meanwhile, cardless CA security system has removed Smart Card. The functions of processing and analyzing EMM and ECM messages are implemented by software in RAM memory of SoC chip. The final decoding steps are performed by the SoC chip hardware with a separate key for each SoC chip. Thus, since CW never appears in explicit form, hackers cannot derive from this CW.

SoC chips used in the cardless CA system are highly personalized and have their own serial numbers (each SoC chip has its own unique identifier and is unique to all chip families and chip lines).

In addition, cardless CA security system does not use Smart Card, so the SoC chip is the place to store and manage the highest key layers as well as perform decryption of CW. Therefore, to meet the security requirements of the security system without using Smart Card (called Cardless CA), SoC chip must ensure the safety, unique and able to withstand forms of attacks such as measuring power consumption, hardware circuit recovery attacks, buffer-based access attacks, etc. Therefore, the certified SoC chip from vendors providing security is secure before being sent to production. The security data is only written to SoC chip during factory production. That process is called black box programming. The process requires high technology, understanding the architecture of system chip from hardware to software, strictly monitored and certified by independent review firms.

5. Advantages of cardless CA security system

Traditional TV security systems using Smart card or SIM card are still popular not only in Vietnam but also in many countries around the world because they are developed in the period when security functions of hardware of SoC chip in the set-top box terminal are incomplete. However, in the past few years, semiconductor chip manufacturers have perfected the decoding function of SoC chips, so the trend of securing television without using Smart Card is inevitable. Therefore, TV security system providers are gradually moving to solutions that do not use the Smart Card.

An important feature of cardless CA security system compared to traditional security systems, is not to use a Smart Card to implement security features including storing and processing encrypted information and calculate out CW. Advantages of cardless CA system in terms of security and safety compared with traditional Smart Card solutions including:

  • Ability to share CW: When using cardless CA security system, there will be no communication channel between Smart Card and set-top box for hackers to penetrate and analyze and stealing CW, since the CW is processed and decrypted inside SoC chip.
  • Hardware copy protection capability: cardless CA security system uses SoC chip which is a chip designed and operated very complex, including components such as CPU core, memory, DSP (Digital Signal Processing), etc built-in SoC chip with only a few dozen nanometers (nm), which is heavily invested by semiconductor chip manufacturers. Therefore, it is difficult to attack inside SoC chip to copy hardware.
  • Ability to clone software: Client security software of cardless CA system at set-top box is stored in special memory area inside the SoC chip and protected by an encryption key. The software loading process is performed at the factory in compliance with strict procedures, supervised by chip vendors and security. SoC chip itself has been designed very complicated, so attacking the chip to copy and duplicate software is very difficult.
  • In addition, the cardless CA system also allows to find out the set-top box which is decoding and providing signal for the distribution of illegal content via FingerPinting feature, allowing TV content providers cut of signal to prevent the possibility of spreading illegal content.

6. Conclusion

With the rapid development of science and technology, the security solution of television content without the smart card, cardless CA was an inevitable trend to protect the content of paid television channels and copyright of digital content providers before the problem of stealing and distributing increasingly sophisticated illegal TV content of hackers. Besides, it also raises the awareness of intellectual property as well as copyright issues in the field of pay television in general, DVB television in particular. It can be said that cardless CA is a perfect security solution for DVB television.

MSc. Hoang Van Cuong (Mr.)
Solution Research & Development Specialist (ISS) – FPT Information System Company.

Related posts: