Securing the future of pay TV: are cardless solutions good enough?

Christopher Schouten, Senior Product Marketing Director, Nagra asks if cardless security solutions are appropriate for modern pay TV providers.

As pay-TV has developed, content protection systems have emerged and evolved to protect it. With the advent of IPTV, new vendors began to offer software-based solutions to reduce costs and speed time to market. With their closed networks and less exclusive content, IPTV providers encountered few problems with this cardless technology. But as broadcast digital TV services launched in developing markets, service providers jumped on board with this low-cost but higher risk approach. As higher-value services begin to follow suit, they risk leaving their systems open to a range of potentially devastating attacks

A Question of Trust

Today, cardless solutions are mostly used by broadcast pay-TV providers in low-ARPU emerging markets. Industry analyst firm ABI Research  found that cardless solutions were overwhelmingly used by low-cost Indian, Asian and Latin American operators that typically serve fewer than 200,000 subscribers. Meanwhile larger operators have been more resistant to cardless solutions, largely because questions remain about the ability of cardless alternatives to protect high-value content and recover from major security breaches.

The more valuable the content, the higher the stakes, which means using the most advanced security solutions. One of the best ways to prevent issues such as cloning, emulation and tampering is to move control world decryption from software to hardware. That way you’re making all the critical CAS decisions in the safest possible place, and not simply in a software environment, which is more subject to tampering and reverse engineering.

However few cardless vendors employ this hardware technique because they lack the expertise in hardware design. Instead they rely on “spaghetti code”, which despite the fact that it has existed for decades, is still seriously called into question by experts. Hardware-based solutions like Nagra anyCAST Protect eliminate the need for a smart card without compromising on security by running in the set-top-box’s (STB) system-on-a-chip (SoC).

Another issue with the approach of most cardless vendors is the use of the publicly-available ETSI key ladder, which is essentially the equivalent of every lock using the same key. So it’s no wonder that the race to crack it is well underway. Cracking ETSI offers huge potential rewards – and its breach would directly affect every operator that uses such a key. Eventually, of course, any standard code, such as the ETSI key ladder, will be broken. At that moment, providers that employ cardless would be left with very few options. The only realistic solution would be to replace the set-top box (STB) with a new-generation chipset but this would only be achievable at an extremely high cost to the TV provider. Therefore non-standard key ladders, such as those used with Nagra’s On-Chip Security 3 (NOCS3), together with proprietary rights enforcement, provide a safer alternative to relying on the ETSI key ladder alone.

Staying Safe
Cardless vendors may promise smart cards as a backup solution. But this promise is only valid if the smart card itself can resist a breach. One of the main problems with this is the variation in smart card development capabilities. Many small and mid-size vendors that have fully-embraced cardless solutions have stopped investing in the development of their smart card technology. Some of them have advanced their card-based solutions very little over the last five years. By contrast, larger companies that fully design their own smart cards and continuously invest in the technology are a smarter bet. Although cardless solutions from small and mid-sized companies might seem attractive at first, the potential losses – from a revenue, content and brand reputation perspective – are likely to outweigh the benefits in the long run.

What’s the Verdict?

With so many challenges to cardless solutions, the security risks may seem to outweigh the advantages. But that doesn’t mean that the benefits of cardless should be ignored. Instead any cardless solution should take a cue from the best that hardware-based security has to offer. That means incorporating hardware in the solution; using a combination of proprietary key ladders and algorithms (rather than the standard ETSI key ladder); offering effective countermeasures if the conditional access system (CAS) comes under attack; and incorporating a strategy to re-secure the STB if a breach is unable to be fixed by further countermeasures.

Ultimately, media is a business in which security matters a great deal. It’s not enough simply to create and distribute great content; you have to achieve a consistent level of security across an increasing range of platforms. When the water gets choppy you need a cardless solution that will steady the ship. And that means employing a security provider that understands the piracy threat like nobody else.

For more information, download the white paper Cardless Without Compromise here.