Control word sharing demands a new approach to content security

    Share on

    Control word sharing is seen as a growing and important threat to Pay TV and it is forcing the content industry to rethink the way it deals with piracy. There seems to be an acceptance that all smartcards or set-top box communications interfaces will get hacked in the end, so there is now a focus on what you do when this happens. According to Viaccess-Orca, the content security and UEX specialist, it is important to be able to infiltrate pirate networks that use control word (CW) redistribution and then shut down the source of the CW streams.

    Control words are the secret keys that unlock encrypted video so that Pay TV content can be viewed by those people who have paid for a subscription or a Pay Per View event and who are therefore authorized to view it. They are delivered in their own stream to the set-top box, distinct from the content stream that they unlock, and synchronized in real-time. The control words are protected but if pirates can get hold of them they can now distribute them in real-time over broadband, either direct (via servers) to illegal STBs that are themselves plugged into broadband, or even over satellite. The illegal receive devices can then display the encrypted content.

    Control word sharing is being tackled by Viaccess-Orca using a service-led approach to anti-piracy. The company has found ways to effectively infiltrate the CW sharing networks and identify the source from which the control words are being leaked into the broadband networks. The company can see when control word streams are being routed through a satellite Internet Service Provider and uplinked to satellites, for example. The satellite ISP can be made aware that their spectrum is being used in this way. And the knowledge enables Viaccess-Orca and its Pay TV operator customers to then take appropriate measures at the source of the leak, which is usually a legal STB with a proper subscription.

    Whether the sanctions are a gentle warning, a suspension of services for the duration of a major sports event, longer suspension or even permanent termination of subscriptions is a choice for the Pay TV operator. But the key to success is to understand in real-time where the control word redistribution is coming from and then shutting down that source. If you can remove the sources of CW sharing during a major sports event, for example, then it clearly devalues the pirate services. And on the Internet chatrooms favoured by pirate consumers, news will soon spread that people are having their streams shut down, or that people are being blacklisted by Pay TV providers for their actions.

    According to David Leporini, EVP Marketing, Products & Security at Viaccess-Orca, anti-piracy services are an important addition to the content security armoury. Smartcards may have become better but pirates have been attacking the communications interface between the smartcard and the set-top box to gain access to control words. This threat is reduced in advanced set-tops and it is possible to strengthen the interface on some legacy STBs using firmware upgrades but this still leaves a large number of devices that could be vulnerable. Leporini stresses that there is no such thing as 100% security anyway, and given the nature of real-time control word sharing, you have to plan for the day when the CW stream is compromised, however long it might take.

    “When you design a security system you have to think about the ‘What if’,” he says. “Even if you deploy a new and secure system, at some point it will be hacked. A good security system will give you time and if you do a great job designing your smartcard it could last 5-10 years. Even so, you have to work on the basis that the solution for protecting the smartcard or the set-top box interface could be broken.”

    Viaccess-Orca now provides two anti-piracy services. The first addresses control word sharing and the second tackles peer-to-peer distribution of content and illegal streaming websites. The company is already working with Pay TV customers and Leporini reveals that Viaccess-Orca had a campaign with a big operator recently where they defined key programmes that would be targeted by pirates and attempted to trace the source of control word leakage in real-time. “The service is effective and our customers are pleased with it,” he says.

    To identify the control words you have to be part of the pirate network. Explaining how this works for a pirate system that uses a satellite feed for the CW stream, Leporini, says: “At one end of this chain is a smartcard in a set-top box and someone leaking the control word into the broadband network. The broadband network can feed [illegal] hybrid set-top boxes that are connected to the Internet and the broadband network is also feeding the satellite ISP. We are building our own network of satellite boxes and we monitor and analyse the streams that these boxes are receiving, or analyze the firmware of these boxes to understand where the control word comes from. We are working with the satellite ISPs to provide the information that their uplinks are being abused by this particular Internet server, which means you can filter the streams in real-time.”

    With its P2P tracking service, Viaccess-Orca is addressing a different kind of problem where the content itself, rather than the control words that unlock the content, is being shared by users via the Internet. Once again, the strategy is to infiltrate the P2P networks and then use that position to monitor and learn about activity (including which content is being hijacked and how many people are accessing it). As with music before, it would be possible to try to sabotage the P2P user experience but so far this service is being used primarily to understand the scale of the threat and any trends in the piracy threat. The same approach is being taken with streaming websites, since neither they or P2P are seriously damaging Pay TV at this point.

    Right now, control word sharing is the main worry and Leporini sees real-time monitoring and intervention as a key service moving ahead. His company will be talking about its anti-piracy services, among other things, during ANGA next week.


    Share on