Smartcards are used by Conditional Access Systems (CAS) in pay-TV operations such a cable and satellite content delivery systems. Smartcards provide a secure means to process keys in receivers in those operations. Smartcards execute a key processing hierarchy that typically involves the decryption of slower changing periodic keys delivered using Entitlement Management Messages (EMMs) and encrypted under unique secret smartcard device keys. These periodic keys may then be used to decrypt faster changing content keys which are delivered using Entitlement Control Message (ECMs) when tuning to a program. The periodic keys delivered with EMMs are changed regularly, but on a relatively infrequent basis, e.g. monthly, weekly or even daily. Content keys are used to directly protect content.
Smartcards are subject to intense hacking attacks in order to obtain services for which the appropriate subscription fees have not been paid. There are predominantly four hacking techniques in common use. They are commonly referred to as cloning, three musketeering, wizarding, and droning. Briefly, with cloning, the identity of the smartcard (unit address, device keys and key processing algorithms) are replicated. The cloned card benefits from the subscription associated with the original subscriber of the smartcard. The CAS in the content delivery system delivers the periodic keys as normal to the cloned unit address.
In three musketeering, a hardware or software security flaw is exploited to elevate the subscription level in some way, e.g. increase the service tier, increase PPV credit, or delete PPV purchases. The periodic keys are delivered as normal to the unit address (whether or not it is cloned).
Wizarding is where either the periodic keys or even low level content keys are delivered out-of-band using a pirate network, phone or Internet. Content keys may be delivered in real-time or off-line. When delivered real-time, the pirates utilize a constant network connection, and the hackers calculate and provide a flow of content keys for each channel being hacked to each pirate receiver—this can be very resource intensive. To accomplish wizarding of content keys on a significant scale, the pirates may need a “server farm” to handle the traffic of key delivery. When delivered off-line, the keys may be delivered as a file to a pirate receiver which has recorded encrypted content. The pirate receiver applies the keys from the key file on playback of the recorded content. Pirates prefer to wizard at the periodic key level since it only requires intermittent manual input or connection to a network, and minimized overall hacker resources.
Droning is the hardware re-use of a circuit or part of a receiver, otherwise pirates have to replace the hardware. Pirates prefer to drone hardware, if possible, because it minimizes investment in specialized hacking hardware. Hacking can involve combinations of techniques. For example, a receiver may be reprogrammed (droned) and infused with an identity of a smartcard (cloning). A security flaw might allow more services to be obtained than that received by just a clone (three musketeering).
CAS vendors invest huge sums of money in research and development to secure smartcards from hacking. But likewise, due to the high return on investment and lack of any cost for the content, pirates can invest considerable sums to break the security of a smartcard. Satellite systems are especially vulnerable since the keys extracted can often be used by receivers located over an entire continent or large portion thereof. Hackers can find many people willing to pirate the satellite signal, and so there are economies of scale. Pirates can invest small fortunes to thoroughly reverse engineer and hack a smartcard because they know they will find enough customers for their pirate products. Since smartcard identities (unit address, device keys and key processing algorithms) have become expensive for hackers to obtain, due to the need for specialized IC and failure analysis tools, such as Focus Ion Beams (FIBs), evacuation and deposition chambers, etc. and specialists to run them, wizarding has become the preferred method of hacking. Wizarding does not expose the compromised smartcard identity as in the case of cloning. If a cloned identity is intercepted by the legal authorities, it can be shut-down causing the hackers to lose their considerable investment. But wizarding does require the pirate receivers to obtain the periodic keys through other means than the content delivery system. Ironically, the hackers often charge for this “key service”. But, the cost is typically much lower than a legitimate subscription.
Periodic keys are often delivered slowly enough, e.g. once a day, week or month, that they can be input my hand by interacting with a pirate receiver's user interface. But many satellite receivers now have a telephone or Ethernet connection that permits the keys to be automatically downloaded from an offshore website that is outside the recipient device's legal jurisdiction making law enforcement difficult.
Hacking the satellite signal has been made easier by the advent of Free-to-Air (FTA) satellite receivers. These are often imported from overseas, sold and distributed by local satellite equipment dealers. They are designed to receive available unencrypted satellite signals, but after purchase by a customer, they may be reprogrammed to steal protected content from a pay-TV service. The FTA receiver can be made to download pirate software which will allow the inputting of periodic keys through various means—through manual input, through a network connection, or even through an attached USB drive. When tuned to a pay-TV service, the periodic keys are used to descramble pay-TV programs without paying the appropriate subscription fees. The FTA hardware has all the tuning and descrambling hardware to hack the pay-TV service similar to the legitimate installed base of receivers. These modifiable FTA receivers provide an endless supply of droning hardware for hackers. Moreover, the hackers don't need to design and supply them—the satellite equipment dealers openly sell them with apparent impunity.
CAS providers have focused on upgrading the security of smartcards so that the cards could not be hacked in any way. Keys would not leak—device, periodic or content, and the smartcards would not be three musketeer'ed or droned. Additionally, a new hardware-based content decryption algorithm, which is part of the host receiver and not in the card, could be introduced such that all the pirating using FTA receivers would be defeated. But such a massive hardware upgrade would require the replacement of all fielded receivers which would be costly and operationally difficult for satellite service providers to carry out in a short amount of time. Meanwhile, the continued use of pirate FTA receivers enabled through wizarding is costing the service providers and copyright owners many millions of dollars of revenue each year.