Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

  • Be the first to comment


  2. 2. TABLE OF CONTENTS 1 Introduction 2 Bundling and cross-selling between IP broadband, broadcast and mobile 3 Software or hardware security - What is better? 3 Key length 3 Ubiquitous interactive bandwidth... and what about smartcards? 4 The home network reality... Client media devices all over the place 5 The right tool for the job. From conditional access to content protection to... service protection by and by MARC ULDRY ROBIN WILSON IPTV Product Manager, VP of Business Development, Nagravision Nagravision Marc Uldry started his career in 1999 in set-top box Robin has spent 20 years in marketing and engineering software engineering when he first joined Nagravision. roles for companies based in Europe and the US including He contributed to the development of the Nagra secure NBC, BBC, Grass Valley Group and at DiviCom where he kernel and its integration into third party decoders. In managed the first 4 generations of highly successful com- 2001, Marc became program manager, responsible for pression solutions and established the initial European the launch and the extension of major digital TV plat- presence. Prior to Nagravision, Robin co-founded an forms around Europe such as Premiere in Germany and advanced compression (H.264) start-up and consulted for TV Cabo in Portugal. In 2004, Marc took over the IPTV PVR, security and VC organizations world-wide. Robin grad- product management function with the responsibility to uated with a BSc. degree from Dundee University, Scotland, develop and expand Nagravision solutions into the IPTV and holds a watermarking patent. market. Marc holds a Masters of Science in Micro-engi- neering from Swiss Federal Institute of Technology. with the additional editorial contribution of IVAN VERBESSELT Principal Quadratio Consulting
  3. 3. IPTV AS A CHANGE ENGINE FOR THE DIGITAL TV INDUSTRY INTRODUCTION With the advent of sizeable commercial deployments on a worldwide basis, IPTV is starting to induce some fundamental changes in the way digital media are being produced, delivered and consumed. In this respect we may well find ourselves at a pivotal moment for the digital media industry in which some key drivers of change will have a significant impact across the whole end-to-end delivery chain. We are convinced that the impact of those change drivers will extend way beyond the boundaries of IPTV as such and will also influence the established broad- cast delivery chains on many fronts, especially in the area of content protection. But the influence goes both ways. Inversely, cross-over projects between DVB and IPTV are equally bringing an opportunity to leverage some old broadcast wisdom into the IPTV world. Let’s explore some of these axes of change… 1 NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV
  4. 4. IPTV AS A CHANGE ENGINE FOR THE DIGITAL TV INDUSTRY BUNDLING AND CROSS-SELLING BETWEEN SOFTWARE OR HARDWARE SECURITY IP BROADBAND, BROADCAST AND MOBILE WHAT IS BETTER? A clear consensus is emerging throughout different mar- Here there are some of the greatest confusions sur- ket research that a significant part of the subscriber rounding security. The fundamentals: uptake will in fact be hybrid deployments where IPTV and broadcast (satellite, terrestrial or cable) will mutually • Security software runs on hardware enrich each other in a single combined service (e.g. TDG • Security hardware runs software Research pointing to 75% hybrid within a 37Million IPTV subscriber base by 2010). In some geographies such So what does software or hardware security really hybrid deployments are an obvious choice to maximize mean? the richness of the content offer but also to address e.g. satellite coverage issues in urban areas. Likewise, Firstly your house door-lock is hardware security. even in areas where terrestrial broadcast has no strong Pretty much everything else used to secure digital footprint yet, it will present a very cost effective addition content always uses a mixture of hardware and soft- to an IPTV offering without unnecessary waste of inter- ware. active bandwidth. The real issue is does the security software runs on The actual approach much depends on the precise secure or insecure hardware? situation of a given service provider in terms of local natural allies and content bouquets, but the best prac- A solution where the secure software runs on a tice clearly points to pragmatically combining the best of secure hardware is based on a unique interface with broadcast and IP broadband whenever possible. In this the CPE and its applications, which limits the number sense, some established broadcast principles in terms of doors hackers might use. In comparison, a solution of automated service discovery and push VOD services where the secure software runs on an insecure hard- are even starting to have a reverse influence on IPTV. ware, usually called software-only solution, has to control many more doors: CPU, applications, OS, etc. However, beyond the operational tendency to maximize infrastructure reuse, the real success of any hybrid In Nagravision we always use secure hardware to pro- deployment has to be judged on its commercial success cess the critical keys or to provide an unalterable which will largely depend on the ‘consistency of expe- authentication signature. Besides the Nagra Cardless rience’ that can be offered to an end-user irrespective solution relies on mpeg-chipset security features, of the delivery network. being therefore much more secure than a software- only solution without requiring any additional hard- This is even more a challenge when mobile video servi- ware component in the consumer device. That way cri- ces are added to the mix. When one really wants to tical security information cannot be “sniffed” as could exploit the full ARPU potential of cross-selling between be the case in a design running on insecure hardware. terminals and networks an integrated approach is a must for the content-centric elements of the solution: (i) The piracy industry has already shown that software, the content management defining the content business even obfuscated and tamper resistant, can only be rules, (ii) the service delivery platform presenting the sustained for a matter of weeks in the hands of pira- business logic to the end users and (iii) the content pro- tes. One of the most significant software piracy on tection enforcing the content business rules. obfuscated and tamper resistant code takes place today in the gaming industry: games, even protected, In this sense, it is clear that content protection is can only resist piracy for a matter of weeks, if not addressing a lot more than a security challenge, it days. It is a protection lifetime the gaming industry increasingly evolves to a cornerstone of the end-to-end can put up with but which a pay-TV service, built for architecture which is truly service defining. years or decades of operations, cannot rely on for pre- mium content. NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV 2
  5. 5. KEY LENGTH UBIQUITOUS INTERACTIVE BANDWIDTH… AND WHAT ABOUT SMARTCARDS? This is another topic with a huge amount of misun- derstanding, as cryptographic key length has almost Many of the established broadcast service definitions nothing to do with security. have been developed with the constraint that two-way communication can not be taken for granted. With the The barrier in the picture advent of IP broadband this has radically changed in the above is intended to keep sense that one increasingly relies on broadband IP to cars from traversing the enrich broadcast delivery networks with interactivity or connecting road. The bar- even to carry media delivery for an increasing portion of rier has a short length and the content. This clearly opens new avenues for content little height. As you can protection which can now be smartcard-less in some see this security is ineffec- cases (an always-on connection does indeed allow for a tive. This is equivalent to ‘virtual smartcard’ that can be hosted in the content a short key length. It can protection head-end). easy be broken. It can also be ignored. The choice for a smartcard or smartcard-less solution is, however, a decision to be taken with care, clearly gui- Here’s the barrier with ded by the exact network and service characteristics of “improved” security. In the service to be launched. this case it is unlikely but not impossible that the The decision criteria can be roughly summarized as fol- barrier can be broken lowed: through, but it would still be much easier to ignore - The target business models envisioned. the barrier and drive Commercial models that rely on off-line transactions around it. This is equiva- like anonymous pre-pay, pre-paid events like lent to a barely adequate concerts or soccer games, time-based tokens, push- key length VOD, off-line viewing,… are only practically feasible with a smartcard approach where the off-line trans- Here we have something action can be fulfilled by interactions with the smart- analogous to an accepta- card only. ble key length. It would be difficult without explosives - The operational implications of security counter- to get through this barrier. measures It is important to note that in order to attain broad- cast-grade security also the smartcard-less solution relies on secure hardware support at the client side. Likewise, the security counter-measures for both models rely on remote software upgrades, which can take place as long as the underlying security capabi- Of course we can increase the width and the thickness lities of the client hardware (smartcard or set-top- of the barrier. Just as focusing on key length is often box) are not exhausted. At one point, however, the meaningless to security, a gigantic barrier would have security hardware does reach the end of its operatio- little effect on improved security. nal life cycle. In the smartcard scenario, this would trigger the ope- rations to replace the card. In the smartcard-less model, lacking a token decoupled from the set-top- box, this inevitably involves replacing the set-top-box. 3 NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV
  6. 6. IPTV AS A CHANGE ENGINE FOR THE DIGITAL TV INDUSTRY This could be avoided by in any case providing a Now, the stake holders in the area of content distribu- smartcard-reader anticipating on an introduction of a tion are as diverse as their interests: smartcard later on in the process. - End-users, not a priori averse to content protection, In this sense there is also a CAPEX-OPEX trade-off provided it all remains convenient and procured involved with the counter-measures. A smartcard- content and rights can flow freely in the home less solution may indeed have a lower CAPEX at the start but the OPEX of every software counter-mea- - Service providers, not necessarily expecting a sure is linear with the combination of vendors, direct ARPU increase associated to in-home content variants and software versions in the field. distribution but nonetheless very aware of the churn reduction induced by ‘digital convenience’ - Network & head-end scaling rules induced by real- time interaction with the content protection head- - Content owners, requiring the content to be ade- end. Having the smartcard logic in the head-end quately protected throughout the entire delivery entails increased traffic and processing that needs chain to be dimensioned for at service peak times. In terms of content protection this presents a significant - The dynamics of the local content market and the industry challenge if not a dilemma: to ensure content level of acceptance of smartcard-less solutions by rights are enforced while supporting the convenience of the leading providers of premium content bouquets. rights flowing within an increasingly complex home. Respecting the horizontal approach which is vital to the consumer electronics industry, it looks like one will have THE HOME NETWORK REALITY… to be extremely pragmatic here. CLIENT MEDIA DEVICES ALL OVER THE PLACE One way to solve this conundrum revolves around a The end user’s appetite for ‘consistency of experience’ separation of the notions ‘home delivery of rights + does not just apply to the different delivery networks, usage rules’ and ‘management of those rights across but at least as much to the different media devices and residential media devices’. the types of content they carry. In this way, one would match the business constraints An end user’s media infrastructure will inevitably be a of the service provider to the concerns of the content mix of service-centric devices like set-top-boxes but also owner while not compromising the usability. comprising consumer electronics devices like digital video recorders, portable media players and smart pho- However, this observation inevitably requires us to get nes. These consumer electronics devices represent a more precise as to what is being protected against horizontal market with ample room for differentiation by which threats and, even more importantly, for the bene- the manufacturers as opposed to set-top-boxes which fit of whom in the delivery chain. are service-specified and hence present a much easier environment to manage. To even complicate matters, content viewed across all those devices will have to be a mix of on-line media from service providers and off-line media locally stored by the end-user irrespective of the original source. There is indeed market evidence that service churn is extremely sensitive to the availability of multiple devices and their interconnection (cf. Broadcasting and Cable: churn redu- cing by over 50% by offering multiple receivers and ano- ther 50% by adding conveniently integrated DVR capabi- lity). NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV 4
  7. 7. THE RIGHT TOOL FOR THE JOB. end users interested in the content actually pay for FROM CONDITIONAL ACCESS TO CONTENT the service. A service provider’s revenue is entirely PROTECTION TO…SERVICE PROTECTION driven by the security of the transactions at this level (subscription to bouquets, purchase of movies,…) It has become common in the digital media industry to and this is clearly where the operator’s prime focus refer to all technologies related to conditional access, should be. digital rights management and the likes with the single umbrella term ‘content protection’. Key observation in this respect is also that the value to be protected still mostly resides in linear TV and In a way we may well have created a misnomer here as derivatives thereof (85% as per a Nagravision- an industry and there is a clear benefit here to be more conducted survey with 14 major digital TV operators) precise in terms of what mechanisms are doing what for and that the techniques applied should be scaleable whom in the value chain. in a broadcast context. Along the delivery chain from the creation of content to - Managing rights and usage across the end user’s the actual consumption the following elements need to media devices – Digital Rights Management be addressed: While mainly an interest of the content owner, the - Securing the distribution chain – content aggrega- operator and his security partner can be of great tors, theatres, … help in addressing this challenge, by adequately brid- ging the service protection of the operator to the This is a significant operational issue given that the DRM system of choice in the home environment. majority of high-quality content piracy is in fact an insiders’ play happening at this stage, in many cases An approach like this has been worked out between even leading to availability of pirated content right Nagravision and Microsoft in the form of a CA-to- after or alongside the theatrical release. This is DRM bridge, allowing content, rights and usage rules clearly the area where digital forensics technologies to be exported from the pay-TV platform to a Media play their role with techniques like watermarking and Center PC and its connected devices like Xbox the likes. It is important to note, though, that not 360™. unlike traditional criminal investigation, all forensics are after-the-fact tools allowing to trace back the It is rather unrealistic to assume that a single compre- place where the piracy occurred. At best it will have hensive end-to-end solution can address all these a dissuasion effect in the longer run, but it does not dimensions with an appropriate level of depth and resul- fundamentally alleviate the operational issue of ting security. securing content delivery to the distribution chain which is very much a people issue. Instead it likely makes a lot more sense to allow content and service protection mechanisms to complement Some would even advocate to apply similar techni- each other throughout the life cycle of digital media. ques all the way to the user’s set-top-box but this really begs the question whether (i) this is a relevant For a service provider the guiding factor to select a enough use case of content piracy by end users content security partner should therefore be centered noting that DVD’s present a much more convenient around how well ‘service protection’ is not only imple- target and (ii) whether legal recourse based on set- mented but managed throughout the service life cycle in top-box identification is operationally feasible at all. a way that is also realistic about the consumer electro- nics market which will be a driver for the innovation of - Securing the delivery of media and rights to the our living room. home – “Service Protection” For the foreseeable future, content security will continue From the service provider viewpoint, this is the stage to be rather a verb than a noun. at which there is most at stake: ensuring that the 5 NAGRAVISION TECHNOLOGY SERIES - WHITE PAPER : IPTV
  8. 8. Nagravision and the Nagravision logo are registred trademarks of Nagravision SA. All other trademarks are the property of their respective owners. Nagravision assumes no responsability for the accuracy of the information presented, which is subject to change without notice. © Nagravision SA 2006 - All rights reserved