Pirate Decryption - Technical Issues

Technical Issues

Initial attempts to encrypt broadcast signals were based on analogue techniques of questionable security, the most common being one or a combination of techniques such as:

• Weakening or attenuating specific portions of the video signal, typically those required to maintain synchronization.
• Inverting video signals so that white becomes black (and vice-versa).
• Adding an interfering signal at one specific frequency which could be simply filtered out at a suitably equipped receiver.
• Moving the audio portion of the signal to some other frequency or sending it in a non-standard format.

These systems were designed to provide decoders to cable operators at low cost; a serious tradeoff was made in security. Some analogue decoders were addressable so that cable companies could turn channels on or off remotely, but this only gave the cable companies control of their own descramblers — valuable if needed to deactivate a stolen cable company decoder but useless against hardware designed by signal pirates.

The first encryption methods used for big-dish satellite systems used a hybrid approach; analogue video and digital encrypted audio. This approach was somewhat more secure, but not completely free of problems due to piracy of video signals.

Direct broadcast satellites and digital cable services, because of their digital format, are free to use more robust security measures such as the Data Encryption Standard (DES) or the RSA and IDEA digital encryption standards. When first introduced, digital DBS broadcasts were touted as being secure enough to put an end to piracy once and for all. Often these claims would be made in press releases.

The enthusiasm was short-lived. In theory the system was an ideal solution, but some corners had been cut in the initial implementations in the rush to launch the service. The first US DirecTV smart cards were based on the BSkyB VideoCrypt card known as the Sky 09 card. The Sky 09 card had been introduced in 1994 as a replacement for the compromised Sky 07 card. It, the Sky 09 card, had been totally compromised in Europe at the time (1995). The countermeasure employed by NDS Group, the designers of the VideoCrypt system was to issue a new smartcard (known as the Sky 10 card) that included an ASIC in addition to the card's microcontroller. This innovation made it harder for pirates to manufacture pirate VideoCrypt cards. Previously, the program in the Sky card's microcontroller could be rewritten for other microcontrollers without too much difficulty. The addition of an ASIC took the battle between the system designers and pirates to another level and it bought BSkyB at least six months of almost piracy-free broadcasting before the pirate Sky 10 cards appeared on the market in 1996. Initial pirate Sky 10 cards had an implementation of this ASIC but once supplies ran out, pirates resorted to extracting the ASICs from deactivated Sky cards and reusing them.

The first US DirecTV "F" card did not contain an ASIC and it was quickly compromised. Pirate DirecTV cards based on microcontrollers that were often ironically more secure than that used in the official card became a major problem for DirecTV. Similar errors had been made by the developers of the UK's terrestrial digital Xtraview Encryption System, which provided no encryption and relied on hiding channels from listings.

The DirecTV "F" card was replaced with the "H" card, which contained an application-specific integrated circuit to handle decryption. However, due to similarities between the "H" and other existing cards, it became apparent that while the signal could not be received without the card and its ASIC, the card itself was vulnerable to tampering by reprogramming it to add channel tiers or additional programming, opening TV channels to the prying eyes of the pirates.

Two more card swaps would be necessary before the piracy headaches at DirecTV would finally go away; a number of other providers are also in the middle of swapping out all of their subscribers' smartcards due to compromised encryption methods or technology.

A number of vulnerabilities exist even with digital encryption:

• The same algorithm is used, potentially, for millions of subscribed receivers and or smartcards. The designers have the choice of using their own custom, and secret algorithm or using a publicly tested one. The first approach is often referred to as security by obscurity. It can work well if the technology and the algorithm are robust. This approach also has a hidden catch for any potential pirate in that he would have to understand and emulate the custom algorithm in order to implement a pirate device.

• With many digital TV encryption systems relying on smartcards for their security, any compromise of the smartcard would require a complete replacement of all smartcards being used. That could potentially involve the replacement of millions of smartcards. On a system with a low number of subscribers, the smartcards can be replaced periodically. However as the number of subscribers grows, the cost of replacing the smartcards and the logistics of the replacement encourages the system users to try to get the longest use out of the smartcards before replacement. The chances of a fatal compromise on the smartcard increases as the time between replacement increases.

• Any compromise of the smartcard or algorithm will become public quickly. Computers and Internet can be used to make crucial design details publicly available. Internet sites may be located offshore in countries where local laws permit the information and software to be distributed openly; some of the more notorious software distributed to pirates ranges from NagraEdit (a program intended to edit the information stored on Swiss-designed Kudelski NagraVision 1 smartcards) to firmware which may be used to reprogram some free-to-air set-top boxes or desktop PCs equipped with Digital Video Broadcasting (DVB) tuner cards to permit them to decode encrypted broadcasts.

• The secrecy of any algorithm is only as trustworthy as the people with access to the algorithm; if any of them were to divulge any of the design secrets, every card with the compromised algorithm may need to be replaced for security to be restored. In some cases, outside personnel (such as those employed by lawyers in the NDS vs. DirecTV intellectual property lawsuit over the P4 card design) may obtain access to key and very sensitive information, increasing the risk of the information being leaked for potential use by pirates.

• If less secure encryption is used due to processor limitations on the smartcards, the system is vulnerable to cryptographic attack using distributed processing. While most secure Internet and online banking transactions require 128-bit encryption, 56-bit codes are not uncommon in video encryption. A cryptographic attack against a 56-bit DES code would still be prohibitively time-consuming on a single processor. A distributed approach in which many users each run software to scan just a portion of the possible combinations, then upload results to one or more central points on a network such as the Internet, may provide information of value to pirates who wish to break security. Distributed processing attacks were used, successfully in some cases, against the D2-MAC/EuroCrypt system used in Europe during the 1990s.

• The resources available for reverse engineering increase significantly if a direct competitor with smartcard manufacturing knowledge were to attempt to maliciously compromise the system. Integrated circuits may be vulnerable to microprobing or analysis under an electron microscope once acid or chemical means have been used to expose the bare silicon circuitry. One lawsuit has already been launched by Canal+, dropped as the result of the one billion Euro deal to sell TelePiu (Italy), then continued by Echostar (USA). The suit alleged that competitor NDS Group had maliciously used reverse engineering to obtain the computer programs contained within various pay-TV smartcards (including SECA and Nagra cards) and allowed the results had been posted to Internet sites such as the notorious DR7.com.

On May 15, 2008 a jury in the Echostar vs NDS civil lawsuit(8:2003cv00950) awarded Echostar just over $1500 USD in damages, Echostar original sought 1 billion in damages from NDS however a jury was not convinced of the allegations Echostar had made against NDS and awarded damages only for the factual claims that were proven and for which the jury believed an award should be given in accordance with the laws of the United States.

• The signals moving between the smartcard and the receiver can be easily intercepted and analyzed. They can be vulnerable to a "glitch" by which the incoming power and clock signals are disrupted for a short and carefully timed length of time (such as a millionth of a second) in order to cause the processor to skip an instruction. In many cases, off-the-shelf hardware with modified firmware designed to exploit this weakness was sold to pirates for use in tampering with cards for the US-based DirecTV system.

• In some cases, buffer overflow exploits have been used to gain access to otherwise locked cards in order to reprogram them.

• A scheme to monitor the exact instantaneous power consumption of smartcards as they make their computations also provides clues as to what type of computations are being performed.

In some cases, fraudulent cloning has been used to assign identical serial numbers to multiple receivers or cards; subscribe (or unsubscribe) one receiver and the same programming changes appear on all of the others. Various techniques have also been used to provide write protection for memory on the smartcards or receivers to make deactivation or sabotage of tampered cards by signal providers more difficult.

Systems based on removable smartcards do facilitate the implementation of renewable security, where compromised systems can be repaired by sending new and redesigned cards to legitimate subscribers, but they also make the task of replacing smartcards with tampered cards or inserting devices between card and receiver easier for pirates. In some European systems, the conditional access module (CAM) which serves as a standardized interface between smartcard and DVB receiver has also been targeted for tampering or replaced by third-party hardware.

Improvements in hardware and system design can be used to significantly reduce the risks of any encryption system being compromised, but many systems once thought secure have been proven vulnerable to sufficiently sophisticated and malicious attackers.

Two-way communication has also been used by designers of proprietary digital cable TV equipment in order to make tampering more difficult or easier to detect. A scheme involving the use of a high-pass filter on the line to prevent two-way communication has been widely promoted by some unscrupulous individuals as a means of disabling communication of billing information for pay-per-view programming but this device is effectively worthless as a cable operator remains free to unsubscribe a digital set-top box if two-way communication has been lost. As a device intended to pass signals in one direction only, the line filters offer nothing that couldn't be done (with the same results) by an inexpensive signal booster - a simple one-way RF amplifier already widely available cheaply and readily for other purposes. Also, many such boxes will disallow access to pay-per-view content after a set number of programs are watched before the box can transmit this data to the headend, further reducing the usefulness of such a filter.