Communications Technology: Archive

Storm the Digital Set-Top Beachhead
Secure It With Conditional Access
By Doug Larson

After three years and more than $20 billion in system upgrades, digital D-Day has arrived, and operators are rushing to establish and hold a digital beachhead against an onslaught of hungry competitors. At stake are staggering new revenue streams awaiting multiple system operators (MSOs) when tomorrows digital interactive applications such as video-on-demand (VOD), home networking and Web browsing come online.

Cahners In-Stat Group, for example, predicts the U.S. home networking market will grow more than 600 percent to $1.4 billion by 2003, fueled in part by the proliferation of digital set-top boxes. And a new report from The Strategis Group forecasts new digital services to increase traditional EBITDA (earnings before interest, taxes, depreciation and amortization) per subscriber by 18 percentfrom $0.49 to $3.52 per subscriberby 2003. Ensuring the integrity of these services, and protecting the revenue they will generate, is mission-critical. And while legacy conditional access (CA) systems have seen this industry through revolutionary change, they will not make the muster in the digital interactive networks of tomorrow. Recognizing these shortcomings, set-top manufacturers are overhauling their systems to meet the security demands of an interactive world.

Despite the fact that the data encryption standard (DES), which has long been a staple of analog set-top security, has never been easily broken, its days are numbered. Why? DES is a symmetric, or secret key, system, which means the same key (mathematical algorithm) is used to encrypt and decrypt the data. Because the same key is used for both functions, hence the term symmetric, compromising one key compromises the entire system. The industry is instead shifting to a two-key system. Public key cryptography, which last year was endorsed by CableLabs, uses mathematically matched pairs of keys for encryption and decryption. The public key, which can reside on the network, encrypts content data while the private key decrypts the data. In this scenario, compromising one key does not compromise the entire network. The public key lengths, which go up to 1,024 bits, offer additional peace of mind over DESs 56-bit keys, which are becoming more vulnerable to exhaustive attacks.

Scientific-Atlanta, which has been developing its Internet protocol (IP)-based network technology for almost 10 years, was an early adopter of public key encryption, and the native PowerKEY CA system on its Explorer 2000 advanced digital set-top box features RSA public key encryption (named after its inventors, Rivest, Shamir and Adleman).

"The use of public key cryptography sets us apart from others that are available today," says Tony Wasilewski, chief engineer for S-As subscriber networks sector. "Because we use RSA public key cryptography, the headend is a more secure place because the keys you use to send encrypted messages to an individual set-top are now public keysthey can be stored openly, and shared in fact, in the headend," says Wasilewski. "With the Explorer 2000, you no longer have to protect a secret database in the headend."

In addition to making the headend more secure, Wasilewski also notes the critical role RSA plays in its e-commerce offerings. "We operate for the MSO a public key infrastructure, which includes a database of public key certificates for every single Explorer," explains Wasilewski. "We also have public key digital signatures that the MSO can actually enact on its own. So, with the public key infrastructure, you can actually link to larger chains of trust where by (using) a digital signature you really know whom it is on the other end of the digital transaction.

"Because weve adopted public key cryptography, we can use digital signatures to authenticate messages that are sent from the headend, for example, to authorized set-tops," explains Wasilewski. "It becomes impossible to send false messages."

While RSA data security is a relative newcomer to the cable TV industry, more than 400 million copies of the companys brand of encryption and authentication technologies have been installed worldwide. They can be found in products from companies such as Microsoft and Netscape, have been a staple of Internet-based applications, and are part of existing and proposed standards for the Internet, World Wide Web, International Telecommunications Union-Telecommunications, International Standards Organization, American National Standards Institute and the Institute of Electrical and Electronics Engineers.

A newcomer to the U.S. set-top box market, Netherlands-based Philips Broadband Networks also has adopted RSA public key encryption for its CryptoWorks CA system, which it says has simplified the security functions for the operator.

"The reason for a public key management system like RSA is that it enables change of keys on a per-card basis in order to exclude pirated cards," says Mathieu Goudsmits, product marketing manager for CryptoWorks. "Systems without this feature will have to rely on card exchange in case all keys in a card are found. With RSA, the only secrets that a card can reveal are the public key of the provider or the secret key of that single card."

For changing keys on a smart card, Philips uses the RSA public key mechanism with key lengths that go up to 1,024 bits. In addition, Philips, which has more than 45 years of experience in designing cryptographic algorithms, developed proprietary algorithms for entitlement management messages (EMMs) and entitlement control messages (ECMs).

Goudsmits says his companys CryptoWorks CA system was originally designed for use with broadcast services but now also comes in a Fine Grain CA version for use with Internet-based services, which he says will allow it to encrypt content at the IP level and target data services to specific subscribers.

For its part, General Instrument has licensed RSA encryption technologies for use in its DCT 5000 advanced digital set-top, but currently offers secret key encryption on its baseline DCT 2000 model, allowing its customers to tailor its CA to the unique requirements of their networks. "Our conditional access technology has been designed to be flexible," says Kevin Keefe, GIs director of product management, digital network systems. "It can be used to secure broadcast and narrowcast distribution of content, in both interactive two-way systems as well as systems with limited return-path capability."

The DCT 2000 and DCT 5000 both feature the companys DigiCipher II CA system, which employs a hierarchical key management scheme and uses DES as an algorithm building block to construct more complex mechanisms for encryption and authentication.

"DigiCipher II features powerful base security features (primitives) that can be used to provide session-based encryption for new revenue services such as video-on-demand while supporting more common services such as tier-based and subscription services," says Keefe, adding that the company continues to innovate its system to accommodate the growth of digital applications.

"New features of the GI conditional access technology will support industry standard cryptographic APIs (application programming interfaces), which will greatly enhance the performance of e-commerce type applications," says Keefe.

"In addition, features for controlling advanced interactive services available via the DOCSIS (Data Over Cable Service Interface Specification) data channels are also being added to current generation digital networks," adds Keefe.

While current versions of DigiCipher use secret key encryption, Keefe notes that support for public key cryptography can be added via the use of TvPass modules or software downloaded to the DCT 2000 set-tops.

"Next generation set-tops (DCT 5000s) will have built-in hardware support for public key cryptography. The DCT 5000 will support Secure Sockets Layer (SSL), RSA public key cryptography, and Authentication and Authorization (A&A) for secure code downloads," says Keefe.

Keefe says the companys DCII CA system remains unbroken after more than 3.5 million digital set-tops and 760 digital headend deployments.

While all of the CA systems discussed earlier currently reside within their host navigation devices, this soon will change. In an effort to spur competition and create a retail set-top box market, the Federal Communications Commission in 1998 released a Report and Order mandating set-top box security be removable by July 2000.

Since then, the Society of Cable Telecommunications Engineers Engineering Committee has been working with CableLabs to develop this specification for removable security, known more commonly as the point of deployment (POD) module.

At press time, SCM Microsystems and Mindport were working together with CableLabs on the development of a POD interoperability test tool, and the first wave of interoperability testing was scheduled to begin in July. "One of the most important aspects of a retail market will be interoperability," says Luc Vantalon, director of SCMs digital TV group. "The test tool, named POD Tool, allows checking that any receiver or host will have a POD socket compliant with the Open Cable specification."

Vantalon says the tool will be used by CableLabs for interoperability testing and will be sold by SCM to consumer electronics vendors for self-certification.

In addition to creating consumer choice, the removable security mandate also will help further secure digital cable networks.

"Security is a state of mind," says Vito Brugliera, a consultant in cable TV and consumer electronics. "If the value is there, it will eventually be compromised. The conclusion is that security must be renewable and replaceable and owned by the operator or content source."

In addition to the POD development, General Instrument and Scientific-Atlanta currently are in the process of hammering out an interoperability specification to further competition and retail availability. Known as Harmony, the accord will enable operators to run GI and S-A boxes within the same system.

"Harmony is progressing well, with set-top solutions already in place that comply with the specification," reports S-As Wasilewski. "Work on the headend key sharing solution is also on track. Harmony gives operators an expanded choice of vendors for set-top boxes that can receive common secure programming in an interoperable way on their network."

Wasilewski notes that a Harmony dual CA system will have only a 1-percent overhead.

Our broadband HFC network has emerged as the transport medium of choice for tomorrows digital interactive applications and offers the promise of a seemingly unlimited number of advanced applications.

The medium, however, is only one part of the total equation. Critical to the success of these new services will be our ability to protect the data they will generate. Public key cryptography is quickly emerging as the conditional access technology of choice for delivering on that promise.

Bottom Line:

The Changing Face Of Conditional Access

Digital D-Day is here, and operators are rushing to establish and hold a digital beachhead against the competitive onslaught. At stake is great potential revenue for cable operators when the digital interactive applications of the future such as video-on-demand (VOD), home networking and Web browsing become widespread reality.

Ensuring the integrity of these services, and protecting the revenue they will generate, is mission-critical. And while secret key conditional access (CA) systems have seen this industry through revolutionary change, they cant stand up to the demands of tomorrows digital interactive networks. Public key cryptography is emerging as the new industry standard, and set-top vendors increasingly are moving in that direction, touting the greater security that the new CA systems can provide for cable operators.

Vendors are also working on removable security in the form of point of deployment modules (PODs). CableLabs was slated to begin POD interoperability testing in July.

Doug Larson is senior editor of "Communications Technology" in Denver.