Conditional access systems (CAS) are a well-known method of distributing valuable content to users. It is a system that allows a content distribution to a limited set of subscribers to the system. Content, in particular audio and/or video content is delivered, e.g. streamed, to the playing devices of subscribers of the conditional access system. The subscribers pay a fee in exchange for which they obtain access to the content. For example, users may be able to watch movies via the conditional access system before those movies are released on via other television channels.
The content in a conditional access system is typically transmitted in the form of an electronic signal, via, e.g., satellite, cable, antennas over the air, over a data network, etc. The signal comprises the content in encrypted form to prevent users who are not authorized subscribers to the system from accessing the content.
The encryption and decryption of signals in conditional access systems has been standardized by in the Digital Video Broadcasting (DVB) project as DVB Conditional Access (DVB-CA). This standard provides compatibility with different distribution mechanisms while leaving implementers of a CAS some freedom in how they implement the system's security.
A typical way of using DVB-CA in a conditional access system is described in the paper ‘A Comparison between satellite DVB conditional access and secure IP multicast’ by H. Cruickshank, M. P. Howarth, S. Iyengar, and Z. Sun. Published in the 14th IST Mobile and Wireless Communications Summit, poster, Dresden, Germany, 19-23 Jun. 2005. See in particular section II.
In the known CAS, a tuner portion of a set-top box receives an electronic signal. The signal comprises content in the form of an MPEG-2 stream, which is encrypted with a Control Word (CW), also known as session key. The control word is a cryptographic key, which encrypts part of the content. The control word is changed frequently, say every few seconds. In order to decrypt the content the set-top box needs access to the control words which were used for encrypting the currently received signal. The control words are sent to the set-top box in messages called Entitlement Control Messages (ECM). Inside the Entitlement Control Messages, there is a table with one or more control words. An ECM message is itself encrypted with a service key. The service keys are also updated regularly, though not as regularly as the control words, say every few months. The set-top box needs access to the service key, so that it may decrypt ECMs, so that it may obtain control words, so that it may decrypt the content stream. The service keys are sent to the set-top box in messages called Entitlement Management Message (EMM). An EMM is encrypted with a Smart card key.
The smart card key is provided to the set-top box in a smart card. If one wishes to attack the conditional access system one needs to obtain access to the smart card key, access to the algorithms used by the set-top box and/or smart card, and access to the encrypted content stream. Usually the encrypted content stream is available to many television owners even though they are not content subscribers. Moreover, at least part of the algorithms used in conditional access systems are known, e.g., from the standard described above. Accordingly, the security of the system resides in a large part in the security of the smart card key.
The EMM and/or ECM are typically embedded in the content stream. Alternatively, they may also be transmitted to the set-top box via another channel.
Although measures are taken in the smart card to reduce the risk of attackers obtaining the smart card key, it nevertheless happens that an attacker finds ways to obtain it. For example, an attacker may exploit programming errors present in the smart cards programming, to trick the smart card into revealing its data structures. The attacker can use an illegally obtained smart card key to watch content distributed over the content distribution network without authorization. Moreover, he could exacerbate the problem by sharing the smart card key with many others and thereby enabling them to watch content without authorization.
One possible solution to this problem is to store a secret update key on the smart card so that, after the smart card key is compromised, the server can send an update message encrypted with the update key. The update message comprises a new smart card key for replacing the compromised key. Moreover, the update message may comprise additional programming for improving the programming of the smart card in those places where its security contained problems which allowed the attackers access. After the update message has been processed by the smart card, the security is restored: A new smart card key is in use which is unknown to the attacker and problems that allowed the attack have been removed. Although an attacker may conceivably block the update message from reaching his smart card to avoid the update, this will not help him, since decrypting new content will require an updated card having the correct smart card key.
Unfortunately, it has occurred in practice that the security is comprised even further. Sometimes all of a smart card's programming and/or data stored therein is revealed to attackers, including possible update keys stored on the card. For content distributors this is particularly problematic. If they send an update message as above an attacker can intercept the message and emulate the card's behavior. If the message contained an updated smart card key, the attacker can obtain the updated smart key by performing all of the steps the card would have taken. The attacker knows what steps the card would take since he has access to its programming and all its data.
One possible way to deal with this situation is to send each subscriber of the system a new updated smart card. This solution requires the manufacture of a large number of smart cards, and is very costly.
It is a problem of known distribution systems that their security is vulnerable to disclosure of the card's programming and data.