Since the first appearance of pay television there have been people who tried, sometimes very successfully, to get access without paying, writes Graham Turner, Chairman - Multimedia Communications Network at Institution of Engineering and Technology (IET). This has resulted in an arms race, where new content protection technology is introduced and is then cracked or sidestepped by the pirates, after which countermeasures are deployed and then finally the technology is replaced and the whole cycle starts over.
When I first started working in the content protection area in the late 1980s a major battle was being fought between General Instrument, whose VideoCipher system protected a range of satellite services, and US, Canadian and Caribbean pirates.
A degree of naivety on the part of GI allowed the pirates to find simple ways of hacking the system, including the infamous Musketeering hack where if a subscriber paid for a low-cost service their set top box could be modified so that they received every service – “one for all and all for one”.
Eventually a combination of improved technology, which required a complete swap out of STBs, and the involvement of the US Secret Service to track down the leading hackers, brought the situation back under control.
In the 1990s a number of satellite-delivered analogue pay TV services launched in Europe, including Sky in the UK and FilmNet in Scandinavia. These were smart card based systems using what were then state of the art secure banking chips to protect their data. Unfortunately it turned out that not only were these chips insecure, but also some of the conditional access system implementations and modes of operation exposed the systems to a range of simple hacks.
Despite countermeasures being fielded to tackle FilmNet piracy and Sky undertaking numerous card swaps, piracy remained rampant, and eventually the systems were replaced when digital TV services appeared.
"Despite countermeasures being fielded to tackle FilmNet piracy and Sky undertaking numerous card swaps, piracy remained rampant, and eventually the systems were replaced when digital TV services appeared."
Unfortunately not only were the improvements in chip security for the digital systems not as great as hoped, but some of the systems exposed their secrets needlessly through poor design. In one case, for a Central European satellite system, a 64-bit key was processed as 8 distinct bytes and timing the processing of each byte allowed a pirate to see when they had the correct value for that byte. This was an example of a side-channel attack based on differential timing.
In the UK, ITV Digital’s cards became totally compromised so that not only could pirate devices be produced but the original cards could be reprogrammed to act as pirate cards, so called MOSCing (Modified Original Smart Card). A combination of technical countermeasures, card swaps and legal activities kept most of these pirate operations under some degree of control, and eventually led to it being uneconomic for the pirates to continue since they had discovered better ways to pirate the services.
This next phase in the war was when the pirates realised that they could very easily obtain the key used to initialise the descrambler in most STBs which made use of plug-in smart cards since it was passed between the card and the STB in the clear.
This piracy technique is referred to as card or key sharing, where the pirate pays for valid subscriptions for their own cards and then transmits these keys, the control words, at first by means of dial-up servers and later across the internet, to people who pay to subscribe to their pirate service.
This mode of piracy has become very widespread since it is relatively difficult, although not impossible, to detect for sure which cards are being used for the pirate service and then de-authorise them.
However one small mercy of card sharing is that piracy is limited to the locations where the service can normally be received, that is, in a satellite’s footprint or on a particular cable system.
The latest threat to media content is for it to be streamed from a pirate operator’s receiver across the internet to subscribers to the pirate service, who now can be anywhere in the world provided they have a reliable, fast enough internet connection. Suddenly the exposure is total!
The weapons at the disposal of the rights holders are limited to techniques such as watermarking where an invisible mark is placed in the video stream which can be detected by the rights holder and identifies the STB or card from which the stream originated, together with the application of the law.
In Europe there is an industry body, AAPA – the Audiovisual Anti-Piracy Alliance, funded by technology and media companies, which tracks down the sources of illegal content streams as well as identifying people selling pirate receivers and software, and brings prosecutions or encourages local police forces to do so.
Of course, as well as these attacks on broadcast media there have been some widely publicised attacks on the servers and infrastructure at film studios and media companies, the best known probably being Sony.
This has highlighted the fact that pirates are enterprising and persistent and wherever there may be weaknesses in the chain of protection they will dig away until they find them. This is most definitely an area of media technology where there is no shortage of challenges!