Looking Ahead

Next Generation NOCS

Security at the heart of technology

Since 2002 Nagravision has been working with major set-top box (STB) chipset companies to ensure protection of content in the pay-TV environment. To be really effective, content must be protected at source, before it’s broadcast or streamed online, and security integrated inside the STB chipsets.

Nagravision set up a partnership programme called Nagravision On-Chip Security (NOCS) which established the concept to integrate security within chipsets. As part of this programme, partners receive advice, requirements and instructions on how to develop the correct NOCS security into their chipsets. Nagravision then verifies implementation and provides the logistics, tools and processes to manage the information embedded in the chipset. It also provides advice on how to hand over these details to the pay-TV operator.

Where is NOCS now?

So far more than 40 million NOCS 1.0 or 1.1 compliant chipsets have been deployed in STBs for around 100 Nagravision customers. As with any technology it’s vital to remain at the forefront of innovation, especially in security to beat criminals looking to crack encryption codes. Nagravision has been working on integrating the new generation of hardware security with major chipset companies. The most up-to-date list of partners is accessible on Nagravision’s website (http://www.nagravision.com/partners-program-chipset-chipsets.php). This new generation of security will include a security block developed by Nagra which represents a big step forward for the industry.

Going beyond the latest technological advances, though, this also heralds a change in the way Nagravision is approaching the NOCS partnership programme. It’ll be applying all its knowledge and experience of hardware security to the STB chipset markets. At the moment all implementation rules and advice are handed out by Nagravision to chipset companies for them to carry out the work.

The next NOCS generation will change this, with Nagravision implementing the security parts and working more closely with the chipset companies to integrate security into the chipset architecture.

What does this mean for pay-TV operators?

The next NOCS generation means that customers will have more control over the entire security implementation process and so more confidence in it. Pay TV operators with NOCS 1.0 and 1.1 enjoy features such as:

• different types of Conditional Access Systems (CAS) including those not based on smart card security (NAGRA Media ACCESS CLK and ELK). This not only protects live content but also secures DVR and/or home networking (NAGRA Media ACCESS PRM).
• individual DVB-CSA hardware descrambling keys (A.K.A Control Word; CW) offering protection at the heart of the chipset. This feature protects against attacks such as attempting to illegally extract and share descrambling keys without paying for content.
• Protection of the STB’s integrity – using the Nagra Advanced Security Concept (NASC) implemented within STBs, it’s possible to protect STBs against illegal modifications. It removes the risk of running unauthorized software on legal STBs and also protects pay TV operators’ investments in STBs as modifications or migrations of STBs from legal to non-legal services are reduced.

However, criminals in the security space are constantly evolving, and the number of attacks are on the increase. So security providers need to progress too and stay at least one step ahead of them. While current technologies are still up-to-date now, Nagravision is developing the next NOCS generation technology and is integrating it with major chipset vendors. Upgrading before an attack is far more preferable than waiting for the illegal technology to catch up. As the old saying goes ‘prevention is better than cure’.

Staying ahead of the pirates – what does the next generation of NOCS offer?

As well as maintaining the features and services offered by NOCS 1.1, the next NOCS generation also introduces new ones, such as:

• a security block implemented by Nagravision – this will offer even better guarantees to pay-TV operators of the security of chipsets/STB devices
• added algorithm strength – new NOCS technology supports standard descrambling algorithms such as DVB-CSA but also includes proprietary algorithms as a failsafe. It allows special and separate deployments which don’t rely on standard configuration and can be separated. Finally, it enables legal protection for the use of proprietary algorithms
• increased protection against typical and future attacks to the system such as the distribution of content or descrambling keys. One particularly innovative element included in the new NOCS technology is the capability to trace those descrambling keys which have been distributed illegally
• simplified logistics and management of the STBs/chipsets’ configuration and programming with reliable in-field programming and activation mechanisms. This means that programming is secure even after production times when this secure programming/configuration isn’t always possible
• integrated security within the chipsets – the new NOCS generation renders security completely independent of any hardware design protection on the STB.

Beyond the next generation of NOCS

With the next generation of Nagravision’s hardware security embedded into STB chipsets, new NOCS technology will bring major benefits to Nagravision customers and the pay-TV industry in general. This technology will be available in chipsets on the market as soon as 2011.

The new NOCS generation represents a major step towards improving system security. However, you can’t afford to stand still. We’re already planning the next steps after this new NOCS generation – including increasing security of execution of the software in the STBs. This is already in advanced research and will be included in subsequent versions of NOCS.

The next NOCS technology is currently in final development and being integrated with major chipset companies. At the same time Nagravision is planning to have technology integrated with all NOCS partners. The aim is to have the new NOCS technology embedded in all STB chipsets to stay one step ahead of illegal technologies!