Decoder security modules for Pay-TV for example contain encryption/decryption keys for decoding an audio/video data stream entering into the decoder. In order to obtain the data in clear, third parties, more commonly called “hackers”, have to resort to different fraudulent methods such as hardware or software attacks. These attacks are directed more particularly at the data contained in the memory of the security module that the “hacker” attempts to modify for obtaining rights unduly.
A right is shown generally in form of a command, a message or an instruction accompanied by parameters or it can be a key allowing releasing an access to broadcasted audio/video data, for example. Such a right authorizes, amongst others, either access to one or a bouquet of particular broadcasted channels or programs during a predefined period, or also access to a specific type of program acquired after an on-line payment.
A current attack consists of perturbing the execution by the processor of the security module, of the machine code of the computer program (glitch attack). For example, the “hacker” analyses the signals generated by the instructions of the processor and when a comparison or skip instruction is executed, applies a fast external perturbation or increases the frequency of the clock signal. The instructions are thus temporarily blocked and the authentication of sensitive data can be bypassed.
In the field of Pay-TV, the security module associated with the decoder receives and stores the rights extracted from entitlement management messages EMM transmitted by the management center of an operator. These rights authorize the decryption and visualization of TV programs that the subscriber has acquired. Other types of attacks consist of creating false management messages EMM or of using a security failure. A countermeasure against the abusive replacement of the content of the memory relating to the rights consists of calculating a digest or a “checksum” of this content with a unidirectional mathematical function. A comparison with a reference digest allows distinguishing a modified content from an authentic one.
When a false EMM message has been accepted by the security module, this countermeasure becomes useless. In the case of a correction of this security failure by a corrective program, the locally calculated digest locally will be correct, without necessarily corresponding to a digest calculated on the rights registered at the management center. In order to complete the verification, a message requiring the comparison of the local digest with the remote digest of the management center is transmitted by each security module to said center. This sending of messages represents an important drawback as on one hand the connection of the decoder equipped with a security module with the management center can be congested and on the other hand the center itself destined for verifying the digests after each EMM messages sending can be overloaded.