IPTV AS A CHANGE ENGINE
FOR THE DIGITAL TV INDUSTRY
TABLE OF CONTENTS
2 Bundling and cross-selling between IP broadband, broadcast and mobile
3 Software or hardware security - What is better?
3 Key length
3 Ubiquitous interactive bandwidth... and what about smartcards?
4 The home network reality... Client media devices all over the place
5 The right tool for the job. From conditional access to content protection to... service protection
by and by
MARC ULDRY ROBIN WILSON
IPTV Product Manager, VP of Business Development,
Marc Uldry started his career in 1999 in set-top box Robin has spent 20 years in marketing and engineering
software engineering when he first joined Nagravision. roles for companies based in Europe and the US including
He contributed to the development of the Nagra secure NBC, BBC, Grass Valley Group and at DiviCom where he
kernel and its integration into third party decoders. In managed the first 4 generations of highly successful com-
2001, Marc became program manager, responsible for pression solutions and established the initial European
the launch and the extension of major digital TV plat- presence. Prior to Nagravision, Robin co-founded an
forms around Europe such as Premiere in Germany and advanced compression (H.264) start-up and consulted for
TV Cabo in Portugal. In 2004, Marc took over the IPTV PVR, security and VC organizations world-wide. Robin grad-
product management function with the responsibility to uated with a BSc. degree from Dundee University, Scotland,
develop and expand Nagravision solutions into the IPTV and holds a watermarking patent.
market. Marc holds a Masters of Science in Micro-engi-
neering from Swiss Federal Institute of Technology.
with the additional editorial contribution of
Principal Quadratio Consulting
IPTV AS A CHANGE ENGINE FOR THE DIGITAL TV INDUSTRY
With the advent of sizeable commercial deployments on a worldwide basis, IPTV is starting to induce some fundamental
changes in the way digital media are being produced, delivered and consumed.
In this respect we may well find ourselves at a pivotal moment for the digital media industry in which some key drivers
of change will have a significant impact across the whole end-to-end delivery chain. We are convinced that the impact of
those change drivers will extend way beyond the boundaries of IPTV as such and will also influence the established broad-
cast delivery chains on many fronts, especially in the area of content protection. But the influence goes both ways.
Inversely, cross-over projects between DVB and IPTV are equally bringing an opportunity to leverage some old broadcast
wisdom into the IPTV world.
Let’s explore some of these axes of change…
1 NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV
IPTV AS A CHANGE ENGINE FOR THE DIGITAL TV INDUSTRY
BUNDLING AND CROSS-SELLING BETWEEN SOFTWARE OR HARDWARE SECURITY
IP BROADBAND, BROADCAST AND MOBILE WHAT IS BETTER?
A clear consensus is emerging throughout different mar- Here there are some of the greatest confusions sur-
ket research that a significant part of the subscriber rounding security. The fundamentals:
uptake will in fact be hybrid deployments where IPTV and
broadcast (satellite, terrestrial or cable) will mutually • Security software runs on hardware
enrich each other in a single combined service (e.g. TDG • Security hardware runs software
Research pointing to 75% hybrid within a 37Million IPTV
subscriber base by 2010). In some geographies such So what does software or hardware security really
hybrid deployments are an obvious choice to maximize mean?
the richness of the content offer but also to address
e.g. satellite coverage issues in urban areas. Likewise, Firstly your house door-lock is hardware security.
even in areas where terrestrial broadcast has no strong Pretty much everything else used to secure digital
footprint yet, it will present a very cost effective addition content always uses a mixture of hardware and soft-
to an IPTV offering without unnecessary waste of inter- ware.
The real issue is does the security software runs on
The actual approach much depends on the precise secure or insecure hardware?
situation of a given service provider in terms of local
natural allies and content bouquets, but the best prac- A solution where the secure software runs on a
tice clearly points to pragmatically combining the best of secure hardware is based on a unique interface with
broadcast and IP broadband whenever possible. In this the CPE and its applications, which limits the number
sense, some established broadcast principles in terms of doors hackers might use. In comparison, a solution
of automated service discovery and push VOD services where the secure software runs on an insecure hard-
are even starting to have a reverse influence on IPTV. ware, usually called software-only solution, has to
control many more doors: CPU, applications, OS, etc.
However, beyond the operational tendency to maximize
infrastructure reuse, the real success of any hybrid In Nagravision we always use secure hardware to pro-
deployment has to be judged on its commercial success cess the critical keys or to provide an unalterable
which will largely depend on the ‘consistency of expe- authentication signature. Besides the Nagra Cardless
rience’ that can be offered to an end-user irrespective solution relies on mpeg-chipset security features,
of the delivery network. being therefore much more secure than a software-
only solution without requiring any additional hard-
This is even more a challenge when mobile video servi- ware component in the consumer device. That way cri-
ces are added to the mix. When one really wants to tical security information cannot be “sniffed” as could
exploit the full ARPU potential of cross-selling between be the case in a design running on insecure hardware.
terminals and networks an integrated approach is a
must for the content-centric elements of the solution: (i) The piracy industry has already shown that software,
the content management defining the content business even obfuscated and tamper resistant, can only be
rules, (ii) the service delivery platform presenting the sustained for a matter of weeks in the hands of pira-
business logic to the end users and (iii) the content pro- tes. One of the most significant software piracy on
tection enforcing the content business rules. obfuscated and tamper resistant code takes place
today in the gaming industry: games, even protected,
In this sense, it is clear that content protection is can only resist piracy for a matter of weeks, if not
addressing a lot more than a security challenge, it days. It is a protection lifetime the gaming industry
increasingly evolves to a cornerstone of the end-to-end can put up with but which a pay-TV service, built for
architecture which is truly service defining. years or decades of operations, cannot rely on for pre-
NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV 2
KEY LENGTH UBIQUITOUS INTERACTIVE BANDWIDTH…
AND WHAT ABOUT SMARTCARDS?
This is another topic with a huge amount of misun-
derstanding, as cryptographic key length has almost Many of the established broadcast service definitions
nothing to do with security. have been developed with the constraint that two-way
communication can not be taken for granted. With the
The barrier in the picture advent of IP broadband this has radically changed in the
above is intended to keep sense that one increasingly relies on broadband IP to
cars from traversing the enrich broadcast delivery networks with interactivity or
connecting road. The bar- even to carry media delivery for an increasing portion of
rier has a short length and the content. This clearly opens new avenues for content
little height. As you can protection which can now be smartcard-less in some
see this security is ineffec- cases (an always-on connection does indeed allow for a
tive. This is equivalent to ‘virtual smartcard’ that can be hosted in the content
a short key length. It can protection head-end).
easy be broken. It can
also be ignored. The choice for a smartcard or smartcard-less solution
is, however, a decision to be taken with care, clearly gui-
Here’s the barrier with ded by the exact network and service characteristics of
“improved” security. In the service to be launched.
this case it is unlikely but
not impossible that the The decision criteria can be roughly summarized as fol-
barrier can be broken lowed:
through, but it would still
be much easier to ignore - The target business models envisioned.
the barrier and drive Commercial models that rely on off-line transactions
around it. This is equiva- like anonymous pre-pay, pre-paid events like
lent to a barely adequate concerts or soccer games, time-based tokens, push-
key length VOD, off-line viewing,… are only practically feasible
with a smartcard approach where the off-line trans-
Here we have something action can be fulfilled by interactions with the smart-
analogous to an accepta- card only.
ble key length. It would be
difficult without explosives - The operational implications of security counter-
to get through this barrier. measures
It is important to note that in order to attain broad-
cast-grade security also the smartcard-less solution
relies on secure hardware support at the client side.
Likewise, the security counter-measures for both
models rely on remote software upgrades, which can
take place as long as the underlying security capabi-
Of course we can increase the width and the thickness lities of the client hardware (smartcard or set-top-
of the barrier. Just as focusing on key length is often box) are not exhausted. At one point, however, the
meaningless to security, a gigantic barrier would have security hardware does reach the end of its operatio-
little effect on improved security. nal life cycle.
In the smartcard scenario, this would trigger the ope-
rations to replace the card. In the smartcard-less
model, lacking a token decoupled from the set-top-
box, this inevitably involves replacing the set-top-box.
3 NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV
IPTV AS A CHANGE ENGINE FOR THE DIGITAL TV INDUSTRY
This could be avoided by in any case providing a Now, the stake holders in the area of content distribu-
smartcard-reader anticipating on an introduction of a tion are as diverse as their interests:
smartcard later on in the process.
- End-users, not a priori averse to content protection,
In this sense there is also a CAPEX-OPEX trade-off provided it all remains convenient and procured
involved with the counter-measures. A smartcard- content and rights can flow freely in the home
less solution may indeed have a lower CAPEX at the
start but the OPEX of every software counter-mea- - Service providers, not necessarily expecting a
sure is linear with the combination of vendors, direct ARPU increase associated to in-home content
variants and software versions in the field. distribution but nonetheless very aware of the churn
reduction induced by ‘digital convenience’
- Network & head-end scaling rules induced by real-
time interaction with the content protection head- - Content owners, requiring the content to be ade-
end. Having the smartcard logic in the head-end quately protected throughout the entire delivery
entails increased traffic and processing that needs chain
to be dimensioned for at service peak times.
In terms of content protection this presents a significant
- The dynamics of the local content market and the industry challenge if not a dilemma: to ensure content
level of acceptance of smartcard-less solutions by rights are enforced while supporting the convenience of
the leading providers of premium content bouquets. rights flowing within an increasingly complex home.
Respecting the horizontal approach which is vital to the
consumer electronics industry, it looks like one will have
THE HOME NETWORK REALITY… to be extremely pragmatic here.
CLIENT MEDIA DEVICES ALL OVER THE PLACE
One way to solve this conundrum revolves around a
The end user’s appetite for ‘consistency of experience’ separation of the notions ‘home delivery of rights +
does not just apply to the different delivery networks, usage rules’ and ‘management of those rights across
but at least as much to the different media devices and residential media devices’.
the types of content they carry.
In this way, one would match the business constraints
An end user’s media infrastructure will inevitably be a of the service provider to the concerns of the content
mix of service-centric devices like set-top-boxes but also owner while not compromising the usability.
comprising consumer electronics devices like digital
video recorders, portable media players and smart pho- However, this observation inevitably requires us to get
nes. These consumer electronics devices represent a more precise as to what is being protected against
horizontal market with ample room for differentiation by which threats and, even more importantly, for the bene-
the manufacturers as opposed to set-top-boxes which fit of whom in the delivery chain.
are service-specified and hence present a much easier
environment to manage.
To even complicate matters, content viewed across all
those devices will have to be a mix of on-line media from
service providers and off-line media locally stored by the
end-user irrespective of the original source. There is
indeed market evidence that service churn is extremely
sensitive to the availability of multiple devices and their
interconnection (cf. Broadcasting and Cable: churn redu-
cing by over 50% by offering multiple receivers and ano-
ther 50% by adding conveniently integrated DVR capabi-
NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV 4
THE RIGHT TOOL FOR THE JOB. end users interested in the content actually pay for
FROM CONDITIONAL ACCESS TO CONTENT the service. A service provider’s revenue is entirely
PROTECTION TO…SERVICE PROTECTION driven by the security of the transactions at this level
(subscription to bouquets, purchase of movies,…)
It has become common in the digital media industry to and this is clearly where the operator’s prime focus
refer to all technologies related to conditional access, should be.
digital rights management and the likes with the single
umbrella term ‘content protection’. Key observation in this respect is also that the value
to be protected still mostly resides in linear TV and
In a way we may well have created a misnomer here as derivatives thereof (85% as per a Nagravision-
an industry and there is a clear benefit here to be more conducted survey with 14 major digital TV operators)
precise in terms of what mechanisms are doing what for and that the techniques applied should be scaleable
whom in the value chain. in a broadcast context.
Along the delivery chain from the creation of content to - Managing rights and usage across the end user’s
the actual consumption the following elements need to media devices – Digital Rights Management
While mainly an interest of the content owner, the
- Securing the distribution chain – content aggrega- operator and his security partner can be of great
tors, theatres, … help in addressing this challenge, by adequately brid-
ging the service protection of the operator to the
This is a significant operational issue given that the DRM system of choice in the home environment.
majority of high-quality content piracy is in fact an
insiders’ play happening at this stage, in many cases An approach like this has been worked out between
even leading to availability of pirated content right Nagravision and Microsoft in the form of a CA-to-
after or alongside the theatrical release. This is DRM bridge, allowing content, rights and usage rules
clearly the area where digital forensics technologies to be exported from the pay-TV platform to a Media
play their role with techniques like watermarking and Center PC and its connected devices like Xbox
the likes. It is important to note, though, that not 360™.
unlike traditional criminal investigation, all forensics
are after-the-fact tools allowing to trace back the It is rather unrealistic to assume that a single compre-
place where the piracy occurred. At best it will have hensive end-to-end solution can address all these
a dissuasion effect in the longer run, but it does not dimensions with an appropriate level of depth and resul-
fundamentally alleviate the operational issue of ting security.
securing content delivery to the distribution chain
which is very much a people issue. Instead it likely makes a lot more sense to allow content
and service protection mechanisms to complement
Some would even advocate to apply similar techni- each other throughout the life cycle of digital media.
ques all the way to the user’s set-top-box but this
really begs the question whether (i) this is a relevant For a service provider the guiding factor to select a
enough use case of content piracy by end users content security partner should therefore be centered
noting that DVD’s present a much more convenient around how well ‘service protection’ is not only imple-
target and (ii) whether legal recourse based on set- mented but managed throughout the service life cycle in
top-box identification is operationally feasible at all. a way that is also realistic about the consumer electro-
nics market which will be a driver for the innovation of
- Securing the delivery of media and rights to the our living room.
home – “Service Protection”
For the foreseeable future, content security will continue
From the service provider viewpoint, this is the stage to be rather a verb than a noun.
at which there is most at stake: ensuring that the
5 NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV