sign in sign up
<<
Home , Nagravision, VideoGuard

DSTAC WG2 Background Prepared for DSTAC WG3

June 2, 2015 Presented by: Ralph W. Brown

© Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 1 Diversity of MVPD Systems

• MVPDs deploy a diversity of MVPD CAS (MVPD STB) Core Cipher Cable • DigiCipher 2 • DES-CBC security solutions for their set- • MediaCipher • DES-CBC • PowerKey • DES-ECB top boxes • NDS VideoGuard • CSA – Most deploy CAS, one deploys DRM • • CSA • • CSA • OMS • CSA/DES/AES • Key differences: • BBT • AES – Proprietary ECM/EMMs Satellite • NDS VideoGuard • DES/AES • Nagravision • CSA/DES/AES – Core Cipher used Telco • Mediaroom DRM • AES – Trust infrastructure • MediaCipher & PowerKey • CSA • Leads to non-interoperable security solutions

WG2 Presentation Materials: https://owncloud.cablelabs.com/public.php?service=files&t=b8db53318e0c2f9184e92adc4be6c583 WG2 Report: https://transition.fcc.gov/dstac/wg2-report-01-04212015.docx

2 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 2 Diversity of MVPD DRM Solutions

• MVPDs deploy a variety of MVPD DRM (retail devices) security solutions (DRM) for Cable • PlayReady • Adobe retail devices • FairPlay • NDS VideoGuard Connect • DRM is either embedded in Satellite • NDS VideoGuard Connect MVPD’s App or provided by • Nagra Telco • PlayReady platform • SecureMedia & PlayReady • DRMs use proprietary key (license) distribution systems

3 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 3 Example MVPD CAS Trust Infrastructure*

1 *In some implementations $L License Agreement/Contract one or more of these Security Data functions are performed by 26 Separable security HW CAS the same entity or renewal, e.g. card swap Hardware/Software organization Vendor(s) $ **Also known as Black Box 12 9 $ 6 Operator 5 Secure Key $ – flow of payment Chip Box/SW 11 Provisioning L – financial responsibility Database Qualifier(s) Qualifier(s) 14 Service(s)** Advertisers 10 7 8 $L 27 $ 29 Chip 28 3 Manufacturer(s) 13 Content 4 Providers Set-top Box 24 Manufacturer(s) 23 $L Metadata Set-top 15 22 Provider(s) 25 $ $ Application 16 Provider(s) Subscriber 18 MVPD(s) 20 $ Middleware 21 19 $ Provider(s) 17 $ 2

4 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 4 Example DRM Trust Infrastructure* $L *In some implementations 1 one or more of these 2 License Agreement/Contract functions are performed by the same entity or Security Data Advertisers 21 organization DRM Hardware/Software/Content

$ – flow of payment Vendor(s) 17 18 L – financial responsibility $L $L 3 $L $L MVPD(s) 8 L 13 CDN 19 or OTT 16 Content Provider(s) Chip Providers Providers 4 Database Qualifier(s) 20 15 14 $ L Application Subscriber/ 12 11 Integration Consumer (Mobile) 5

L Browser App 10 Player Plug-in Device 7 (PC/Mac) Qualifier(s) $ L 9 Retail Device Manufacturer Chip 6 Manufacturer(s) L

5 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 5 CableCARD System*

1 *In some implementations $L License Agreement/Contract one or more of these functions are performed by CASCAS Security Data the same entity or Vendor(s)Vendor(s) Hardware/Software organization

12 9 **Also known as Black Box 24 Operator 5 SecureSecure KeyKey $ ChipChip $ – flow of payment DatabaseDatabase 11 ProvisioningProvisioning L – financial responsibility QQualifier(s)ualifier(s) Advertisers 1515 Service(s)**Service(s)() 4 CableCARD 1010 6 $ 22 3 ChipChip Manufacturer(s)() 23 $L 2525 $ Content CableLabs Providers CableCARDCableCARD 8 Qualification & Vendor(s)Vendor(s) Output Approval 21 $L 7 $ 2 $ Cable $ L 14 Subscriber 17 20 13 Operator L $ 18 19 Retail Device 16 Manufacturer(s) $ $ 26

6 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 6 DSTAC WG2 Backup Material

© Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 7 MVPD CAS & DRM

MVPD CAS (MVPD set-top box) CAS Core Cipher DRM (retail devices)

Cable • DigiCipher 2 • DES-CBC • PlayReady • MediaCipher • DES-CBC • Adobe • PowerKey • DES-ECB • FairPlay • NDS VideoGuard • CSA • NDS VideoGuard Connect • Conax • CSA • Nagravision • CSA • OMS • CSA/DES/AES • BBT • AES Satellite • NDS VideoGuard • DES/AES • NDS VideoGuard Connect • Nagravision • CSA/DES/AES • Nagra Telco • Mediaroom DRM • AES • PlayReady • MediaCipher & PowerKey • CSA • SecureMedia & PlayReady

8 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 8 MVPD Network Technologies

MVPD Physical Layer Modulation/Transport Control Channel Video Codec

Cable HFC QAM/MPEG-2 TS SCTE-55-1 only MPEG-2 only RFoG SCTE-55-1/DOCSIS-DSG MPEG-2 & SCTE-55-2/DOCSIS-DSG AVC In-Band DOCSIS only Satellite Ku BSS QPSK/DSS TS, DVB-S2/MPEG-2 TS In-Band MPEG-2 only Ku FSS QPSK, 8-PSK Turbo/MPEG-2 TS In-Band MPEG-2 & Ka FSS 8-VSB/MPEG-2 TS N/A AVC Terrestrial Off-air MPEG-2 only Telco Twisted Pair (VDSL) Multicast & Unicast-IP IP/VDSL & IP/FTTP AVC only FTTP (B/GPON) QAM/MPEG-2 TS & Unicast-IP/ATM AAL5 SCTE-55-1/SCTE-55-2 & MPEG-2 & IP AVC

9 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 9 MVPD Customer Premise Equipment (CPE)

MVPD Network Interface Customer Premise Equipment (CPE) In-Home Distribution Cable Coax & RFoG Optical Network Termination DVR & Non-DVR set-tops Cable RF & MoCA (ONT) Satellite Out Door Unit (ODU) – Satellite Dish Genie Server (DVR) & Genie Mini clients 802.11 & MoCA

Low noise block down-converter (LNB) Hopper (DVR) & Joey clients MoCA

Multi-switch (RF switching unit) Telco VDSL Modem or Gateway DVR & Non-DVR IPTV set-tops 802.11

B/GPON Optical Network Termination (ONT) Cable RF & MoCA

10 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 10 MVPD Retail Device Support

Mobile MVPD TVE PC (Windows/Mac OS X) Other Retail Device Support Apps

Comcast   Flash Browser Plug-in Samsung TV, Xbox 360 Flash Browser Plug-in Samsung TV, Sony TV, Toshiba TV, & LG TV with RVU DirecTV   Cisco/NDS VG Connect DRM NFL Season Ticket – PlayStation 3 & 4, Xbox 360 & One DISH   DishWorld Application LG TV Virtual Joey

TWC   Flash Browser Plug-in Samsung TV, Xbox 360, Roku

AT&T U-verse   Flash & Silverlight Browser Plug-in

Verizon   Flash Browser Plug-in Samsung TV, LG TV, Xbox 360

Charter   Cisco Browser Plug-in

Cox   Cox TV Connect Application

Cablevision   Optimum Application

11 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 11 Estimated Downloads of MVPD Mobile TV Apps*

Mobile App Android iPhone iPad Total

DirecTV 10,000,000 6,100,000 2,700,000 18,800,000 Xfinity TV Go 5,100,000 2,300,000 1,400,000 8,800,000 DISH Anywhere 5,200,000 1,800,000 1,700,000 8,700,000 AT&T U-Verse 2,200,000 2,400,000 1,600 4,601,600 TWC TV 2,300,000 882,000 788,000 3,970,000 Verizon FiOS Mobile 1,200,000 756,000 729,000 2,685,000 Cablevision Optimum 508,000 617,000 607,000 1,732,000 Charter TV 510,000 147,000 89,000 746,000 Bright House TV 268,000 256,000 184,000 708,000 Cox TV Connect 146,000 80,000 366,000 592,000 Total 27,626,000 15,357,000 8,573,400 51,556,400

*Source: http://xyo.net (accessed 2/6/15)

12 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 12 PolyCipher Background Prepared for DSTAC WG3

June 2, 2015 Presented by: Ralph W. Brown

© Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 13 PolyCipher

• Cable industry JV (Comcast, TWC & Cox) to develop a new software downloadable CAS as a replacement for CableCARD (circa 2005-2009) • Designed as unitary approach for two-way cable systems, not for one-way networks (different goal than DSTAC) • Based on a mandated specific secure micro and a qualified transport processor and introduced a new key management infrastructure

14 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 14 PolyCipher Lessons Learned

• Diverse, competitive market of hardware-based content security solutions emerged – Massive investment required to invent new security solution from scratch; but other security solutions were emerging faster – Technology moved to diversity of target as opposed to the PolyCipher unitary approach • Regulatory uncertainty – FCC denied the integration ban waiver for boxes that would have provided test bed

15 © Cable Television Laboratories, Inc. 2015. Prepared For FCC Downloadable Security Technical Advisory Committee (DSTAC). 15