SlideShare uma empresa Scribd logo

Conditional Access Systems

N
Namith CM

Introduction to CAS technology in PayTV industry, with focus on end-to-end key management for broadcast networks.

Tecnologia
1 de 11
Introduction to Conditional Access Systems Namith CM
What is CAS?  A Conditional Access System is the collection of security components in the end-to-end pipeline of broadcast media, from source headend equipments to client devices.  PayTV systems generate revenue by enabling media content rights exclusively to viewers who pay for it.  “Paid channels” or channels with premium content, which are not available free-to-air.  Video-on-demand and movie-on-demand services.  In simple terms, in general, all devices in the network can theoretically get access to all the available (free-to-air and encrypted) media contents/streams. But only those devices with some specific keys can view the encrypted/protected contents. The secure management of these keys in the open network, is the prime responsibility of a CAS vendor.
Types of CAS in PayTV systems  Smartcard based solution  Smartcard contains proprietary security logic for decryption.  Proven and tested, and most widely accepted solution.  Recovery time after hacking is high, since cards need to be replaced.  CAM-based solution  Similar to smartcard based, but the device is just provided with a slot for CAM module, and any smartcard (meeting CAM requirements) should be able to work.  More open standard, but poor adoption by market leaders.  Cardless or full-software solution  SoC level security features are used by software modules.  Relatively newer technology, cheaper and growing in popularity.  Recovery time after hacking is very low, hence discouraging hackers.
CAS for Broadcast Networks  The next few slides explain the end-to-end management of secure content.  This is a very generalized and simplistic explanation (intended for engineers with DVB background), and not specific to any particular CAS vendor.  The basic concept would be similar for all Broadcast CAS systems, with slight variations in the number of levels for key encryption, key ladder logic, encryption/scrambling algorithms used, etc.
Scrambling and Descrambling Free-to-air service Scrambled service Scrambler Control Word (CW) Random key, from a Random Number Generator Can this key be sent to STB clients without encryption? Think about ECM! Should it same for all users? Think about bandwidth! Scrambled service Descrambler Free-to-air service @ Headend Mux @ STB Client How frequently should this key be changed? Think about brute-force attacks!
Why is CW shared? ESPN (free-to-air) ESPN (user-1) Scrambler CW-1 CW-2 CW-3 CW-4 ESPN (user-2) ESPN (user-3) ESPN (user-4) Bandwidth wastage. Millions of users. Impractical! Multiple CW impractical, so use common CW per service
Why is ECM shared? Encryptor Key-1 Key-2 Key-3 Key-4 CW ECM (user-1) ECM (user-2) ECM (user-3) ECM (user-4) Multiple ECM impractical, so use common ECM per service Bandwidth wastage. Millions of users. Will run short of PIDs. Even if sent on same PID, the overhead to encrypt & send so many million ECMs so frequently is too high. Thus impractical!
End-to-end Key Handling (Headend) CW Kser1 CWenc CWenc ECM Kusr1 K-ser1enc K-ser1enc EMM KserN K-serNenc K-serNenc Kusr1 Khw from SoC/smartcard db K-usr1enc K-usr1enc AUTH Common to all User-specific or group-specific, common PID User-specific, common PID … … Free-to-air service Scrambled serviceScrambler Common to all CW
K-usr1 End-to-end Key Handling (STB Client) K-usr1enc AUTH K-ser1enc EMM K-serNenc … CWenc ECM Khw from SoC or smartcard K-usr1K-usr1enc K-ser1enc K-ser1 CWenc CW Free-to-air serviceScrambled service Descrambler CW K-serNenc K-serN …
Simulcrypt MUX Scrambler CW- generator & Simulcrypt Synchronizer (SCG) PID/Tables generator & multiplexer Free-to-air service Scrambled service CAS-1 EMM g ECMg CAS-2 EMM g ECMg ECM-1 EMM-1 ECM-2 EMM-2 CW CAT CA descriptors EMM-1 PID (CAS- 1) EMM-2 PID (CAS- 2) PMT CA descriptors ECM-1 PID (CAS- 1) ECM-2 PID (CAS- 2) EMM-1 EMM-2 ECM-1 ECM-2 Enables coexistence of multiple CA systems operating simultaneously in the same network.
Thank You! http://linkedin.com/in/namithcm

Recomendados

DVBSimulcrypt
DVBSimulcryptDVBSimulcrypt
DVBSimulcryptaniruddh Tyagi
 
Bassics Of Biss Scrambling
Bassics Of Biss ScramblingBassics Of Biss Scrambling
Bassics Of Biss ScramblingSais Abdelkrim
 
Set Top Box
Set Top BoxSet Top Box
Set Top BoxNamith CM
 
Stb
StbStb
StbĐặng Đức
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE MonitoringYoss Cohen
 
dmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confdmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confSumanPramanik7
 
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)Ilissa Miller
 
HDCP
HDCPHDCP
HDCPBenjamin Kreeger
 

Recomendados

DVBSimulcrypt
DVBSimulcryptDVBSimulcrypt
DVBSimulcryptaniruddh Tyagi
 
Bassics Of Biss Scrambling
Bassics Of Biss ScramblingBassics Of Biss Scrambling
Bassics Of Biss ScramblingSais Abdelkrim
 
Set Top Box
Set Top BoxSet Top Box
Set Top BoxNamith CM
 
Stb
StbStb
StbĐặng Đức
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE MonitoringYoss Cohen
 
dmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confdmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confSumanPramanik7
 
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)Ilissa Miller
 
HDCP
HDCPHDCP
HDCPBenjamin Kreeger
 
IMS Standards
IMS StandardsIMS Standards
IMS StandardsMarie-Paule Odini
 
IPTV Basics
IPTV BasicsIPTV Basics
IPTV BasicsGAUTAM KOPPALA (JORGE)
 
HDMI
HDMIHDMI
HDMISwaroop Reddy Bugulu
 
Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Basics of IPTV
Basics of IPTVBasics of IPTV
Basics of IPTVRitul Sonania
 
Iptv
IptvIptv
IptvRajan Kumar
 
Hdmi
HdmiHdmi
HdmiNIKHIL NAIR
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTVDulith Kasun
 
Remote Access
Remote AccessRemote Access
Remote Accesszaisahil
 
Hdmi
Hdmi Hdmi
Hdmi pratikblackunicorn
 
Practical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP CommunicationsPractical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP Communicationsiphonepentest
 
Linkedin
LinkedinLinkedin
Linkedindgarrard
 
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...shrinathAcharya
 
HDMI
HDMIHDMI
HDMIVisva Jeet
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)Peter R. Egli
 
Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Mahdi Ameri
 
PathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVPathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVAndrew Tram
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
Hdmi cables
Hdmi cablesHdmi cables
Hdmi cablesJasgt Singh
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP VideoVideoguy
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 
Mamouth white paper
Mamouth white paperMamouth white paper
Mamouth white paperW Fred Seigneur
 

Mais conteúdo relacionado

Mais procurados

Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTVDulith Kasun
 
Remote Access
Remote AccessRemote Access
Remote Accesszaisahil
 
Practical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP CommunicationsPractical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP Communicationsiphonepentest
 
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...shrinathAcharya
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)Peter R. Egli
 
Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Mahdi Ameri
 
PathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVPathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVAndrew Tram
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP VideoVideoguy
 

Mais procurados (20)

IMS Standards
IMS StandardsIMS Standards
IMS Standards
 
IPTV Basics
IPTV BasicsIPTV Basics
IPTV Basics
 
HDMI
HDMIHDMI
HDMI
 
Remote access connection
Remote access connection Remote access connection
Remote access connection
 
Basics of IPTV
Basics of IPTVBasics of IPTV
Basics of IPTV
 
Iptv
IptvIptv
Iptv
 
Hdmi
HdmiHdmi
Hdmi
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTV
 
Remote Access
Remote AccessRemote Access
Remote Access
 
Hdmi
Hdmi Hdmi
Hdmi
 
Practical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP CommunicationsPractical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP Communications
 
Linkedin
LinkedinLinkedin
Linkedin
 
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
 
HDMI
HDMIHDMI
HDMI
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)
 
Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Multimedia Streaming (Networking)
Multimedia Streaming (Networking)
 
PathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVPathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TV
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
Hdmi cables
Hdmi cablesHdmi cables
Hdmi cables
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP Video
 

Semelhante a Conditional Access Systems

LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLinaro
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
3M CG6000
3M CG60003M CG6000
3M CG6000savomir
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 parisMarcel Hartgerink
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular SystemsACMBangalore
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxMatt Leming
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Mi0035 computer networks...
Mi0035 computer networks...Mi0035 computer networks...
Mi0035 computer networks...smumbahelp
 
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryptionRK Nayak
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEEMEMTECHSTUDENTPROJECTS
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...IEEEFINALYEARSTUDENTPROJECT
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...IEEEGLOBALSOFTSTUDENTSPROJECTS
 

Semelhante a Conditional Access Systems (20)

HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
 
Mamouth white paper
Mamouth white paperMamouth white paper
Mamouth white paper
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
3M CG6000
3M CG60003M CG6000
3M CG6000
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular Systems
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptx
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
Mi0035 computer networks...
Mi0035 computer networks...Mi0035 computer networks...
Mi0035 computer networks...
 
Mi0035
Mi0035Mi0035
Mi0035
 
CMTAS-04
CMTAS-04CMTAS-04
CMTAS-04
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryption
 
ATM
ATMATM
ATM
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
 

Último

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Conditional Access Systems

  • 2. What is CAS?  A Conditional Access System is the collection of security components in the end-to-end pipeline of broadcast media, from source headend equipments to client devices.  PayTV systems generate revenue by enabling media content rights exclusively to viewers who pay for it.  “Paid channels” or channels with premium content, which are not available free-to-air.  Video-on-demand and movie-on-demand services.  In simple terms, in general, all devices in the network can theoretically get access to all the available (free-to-air and encrypted) media contents/streams. But only those devices with some specific keys can view the encrypted/protected contents. The secure management of these keys in the open network, is the prime responsibility of a CAS vendor.
  • 3. Types of CAS in PayTV systems  Smartcard based solution  Smartcard contains proprietary security logic for decryption.  Proven and tested, and most widely accepted solution.  Recovery time after hacking is high, since cards need to be replaced.  CAM-based solution  Similar to smartcard based, but the device is just provided with a slot for CAM module, and any smartcard (meeting CAM requirements) should be able to work.  More open standard, but poor adoption by market leaders.  Cardless or full-software solution  SoC level security features are used by software modules.  Relatively newer technology, cheaper and growing in popularity.  Recovery time after hacking is very low, hence discouraging hackers.
  • 4. CAS for Broadcast Networks  The next few slides explain the end-to-end management of secure content.  This is a very generalized and simplistic explanation (intended for engineers with DVB background), and not specific to any particular CAS vendor.  The basic concept would be similar for all Broadcast CAS systems, with slight variations in the number of levels for key encryption, key ladder logic, encryption/scrambling algorithms used, etc.
  • 5. Scrambling and Descrambling Free-to-air service Scrambled service Scrambler Control Word (CW) Random key, from a Random Number Generator Can this key be sent to STB clients without encryption? Think about ECM! Should it same for all users? Think about bandwidth! Scrambled service Descrambler Free-to-air service @ Headend Mux @ STB Client How frequently should this key be changed? Think about brute-force attacks!
  • 6. Why is CW shared? ESPN (free-to-air) ESPN (user-1) Scrambler CW-1 CW-2 CW-3 CW-4 ESPN (user-2) ESPN (user-3) ESPN (user-4) Bandwidth wastage. Millions of users. Impractical! Multiple CW impractical, so use common CW per service
  • 7. Why is ECM shared? Encryptor Key-1 Key-2 Key-3 Key-4 CW ECM (user-1) ECM (user-2) ECM (user-3) ECM (user-4) Multiple ECM impractical, so use common ECM per service Bandwidth wastage. Millions of users. Will run short of PIDs. Even if sent on same PID, the overhead to encrypt & send so many million ECMs so frequently is too high. Thus impractical!
  • 8. End-to-end Key Handling (Headend) CW Kser1 CWenc CWenc ECM Kusr1 K-ser1enc K-ser1enc EMM KserN K-serNenc K-serNenc Kusr1 Khw from SoC/smartcard db K-usr1enc K-usr1enc AUTH Common to all User-specific or group-specific, common PID User-specific, common PID … … Free-to-air service Scrambled serviceScrambler Common to all CW
  • 9. K-usr1 End-to-end Key Handling (STB Client) K-usr1enc AUTH K-ser1enc EMM K-serNenc … CWenc ECM Khw from SoC or smartcard K-usr1K-usr1enc K-ser1enc K-ser1 CWenc CW Free-to-air serviceScrambled service Descrambler CW K-serNenc K-serN …
  • 10. Simulcrypt MUX Scrambler CW- generator & Simulcrypt Synchronizer (SCG) PID/Tables generator & multiplexer Free-to-air service Scrambled service CAS-1 EMM g ECMg CAS-2 EMM g ECMg ECM-1 EMM-1 ECM-2 EMM-2 CW CAT CA descriptors EMM-1 PID (CAS- 1) EMM-2 PID (CAS- 2) PMT CA descriptors ECM-1 PID (CAS- 1) ECM-2 PID (CAS- 2) EMM-1 EMM-2 ECM-1 ECM-2 Enables coexistence of multiple CA systems operating simultaneously in the same network.