With the improvements to the ability of providers of conditional access to prevent attackers from cloning or circumventing the service protection that is provided by smartcards, hackers have increasingly turned to the “card sharing” or “control word sharing” methods of attack. In these attacks, a pirate-customer Alice receives the encrypted content stream from a public source such as a satellite network or CDN, and relies on a central hacker server provided by Eve to provide her with the content decryption keys.
This type of attack is particularly applicable to the timing of key distribution in conditional access systems. For various logistical reasons, it is necessary to allow preparation of the control word needed to access the content seconds before it is actually used to encrypt content. For example, the presence of PVR functionality in a system means that a single device could be processing several streams simultaneously. Furthermore, features such as Picture-in-picture (PIP), and multi-screen systems also increase the number of streams processed. In all these cases, as there is typically only one smartcard or secure chip, and it must be accesses serially, key messages or ECMs can often pile up in a queue. In order to ensure than no matter what the case is, the key is ready in time, it is often necessary to send the key message or ECM early enough to ensure that the key will be ready in time. This provides Eve plenty of time to distribute the control word over the internet to Alice (and others). (Note that the designation of “Alice” and “Eve” follows the convention in use in cryptography, wherein “Alice” is sending a message to “Bob”, and “Eve” is trying to eavesdrop. “Mallory” is trying to maliciously attack the exchange between the Alice and Bob. Sometimes Eve and Mallory are used interchangeably.)
Summarizing the above discussion, the control word is available early is due to the bottleneck of getting the smartcard to prepare the control word, and the fact that the smartcard may need to handle several simultaneous streams.
Accordingly, a method and system is presented which makes card sharing attacks more difficult and/or costly. Currently, the control words are ready earlier than they are needed. This is a significant problem, primarily because these control words are in no way unique per user. All valid set top boxes receive the same control word (as they all decrypt the same content stream), and thus this control word doesn't expose Eve to detection.
The use of the term set top box is used herein to refer to any device which has a security element (often a removable security element) such as a smart card or other hardware which receives entitlement control messages (ECMs) and generates control words (CWs) from them. The CWs are sent by the security element to an interface comprised in the device for use in decrypting video. As such, the device to which term set top box refers to may in fact comprise a set top box; a portable video recorder (PVR); a hand held device; a table device; or other device comprising the above mentioned elements. Other hardware and software, as is known in the art are also comprised in the set top box.
Accordingly, it is necessary to deliver ECMs early enough to ensure processing, even if there are several ECMs to process at the same time. Thus, the delivery of these ECMs cannot simply be delayed by the headend.