Tech corner

New generation DVB scrambling

As technology becomes more sophisticated and content and media players become ever more advanced, so do criminals and opportunistic content pirates. One area that is as much at risk as any other is digital pay television services. With any content the risk of piracy and theft is high unless technologies are created and updated to thwart thieves.

The industry consortium DVB Project, set up to define digital TV broadcasting standards, has also classified security and encryption standards - like the DVB Common Scrambling Algorithm (CSA) adopted by the DVB consortium since 1994. But as technology and computing power have increased, the threats to the DVB-CSA have too.

Closely affiliated to the DVB Project, this article details the upgrades and changes to ensure that paid digital television content and services remain intact. Nagravision is actively involved in defining the next-generation of security solutions as well as developing and deploying these in the content industry.

Used to encrypt video streams, the CSA is defined by DVB as the scrambling method to encrypt content. Conditional access providers develop their specific key management solution on top of the DVB-CSA to manage access to the protected content.

To ensure the protection algorithm remains state of the art against possible attacks on encrypted DVB transmissions, DVB Project designed a new version of the DVB-CSA in 2008 – called DVB-CSA3. The initial DVB-CSA version was designed to last up to ten years, and even if no attack has yet been published, the rise in increasingly sophisticated means used by professional hackers called for a far much robust ciphering method.

The new CSA3 algorithm follows the same licensing model as the previous CSA version:

• 1) the manufacturers of scramblers must get a licence and ensure their customers (the operators operating the scrambling equipments) are also licensed.
• 2) the manufacturers of chipsets using CSA3 technology must apply for a CSA3 descrambling licence and ensure their customers using the chipsets (the device manufacturers) also have also a CSA3 licence.

The CSA3 has been designed to satisfy the following requirements:

• Take into account new types of crypt-analytical attacks
• Increase the key (control-word) length to add another layer of security features to the existing security solutions
• Create a method that will last for at least the next 15 years
• Use state-of-the-art mathematical methods which are reviewed by well-known cryptographical experts
• Ward off any brute force attack by making it non-economically feasible or viable
• Recover design confidentiality - the goal was clearly not to make security rely on obscurity, which is a poor cryptographic design goal, but to increase the time between the release of the confidential specifications and the appearance of devices emulating DVB-CSA3
• Ensure improved administrative processes and follow the example of stakeholders who have coordinated their efforts over the last 15 years to deal with security issues by deploying a robust technical standard along the value chain through the delivery of licences
• Integrate intellectual property into the method to allow legal action to be taken against potential pirate (unlicensed) implementation vendors
• New signalling definitions - new signalling has been defined in [ETS07] to cope with the use of DVB-CSA3 in DVB systems. Some room has been reserved for potential future advanced modes of use (like partial over-scrambling, etc.)

While the technology’s security can be tightened and cracking made harder, another way to strengthen the code and ensure protection of the content is to provide licences to own it. Full licensing terms are available on ETSI’s homepage (www.etsi.org) which stipulate strict conditions and payments to guarantee the security of content.

While the DVB-CSA algorithm wasn’t actually broken in 2008, the security margin is ever narrowing. The adoption of CSA3 and its deployment along the content protection value chain will help secure digital TV services and content and enable ever better viewing options for consumers.