Verimatrix Calls Time On Hardware Security

Pay TV operators are abandoning traditional smartcard based CA (Conditional Access) systems to adopt software solutions, according to revenue security vendor Verimatrix. But ironically this trend has been accelerated by incorporation of ASIC security cores inside set-top box and gateway SoCs (System on Chips), blurring the distinction between hardware and software security.

“We won 100 operators as customers last year,” said Verimatrix’s Chief Sales & Marketing Officer, Steve Oetegenn at TV Connect last week. “Depending on the region, these operators were mostly IPTV, OTT or DVB or hybrid. But what was apparent in all cases was the rise of the software-empowered operator. Across all of these networks we deployed last year, regardless of whether they were OTT, IPTV or DVB, they were all software based.”

Verimatrix’s customers are more likely to be software based than the average, given that it was one of the first advocates of software-based security with its Video Content Authority System (VCAS) system. But Oetegenn insists that the changing threat landscape, which is moving away from direct attacks on set-top boxes to retrieve control words that can then be used to decipher content towards redistribution over the Internet, makes software based approaches more appropriate. “That has shifted with the advent of high-speed Internet connections and the growing availability of content on pirated websites, so it is no longer worthwhile going to the effort of breaking into the set-top box,” Oetegenn says.

He points out that the cause of software-based approaches has been aided by the implementation of secure ASIC cores within SoCs to protect encryption keys, which removes any supposed advantage that smartcards might have for protecting credentials from attack. Verimatrix anticipated this development in September 2011 when it licensed the CryptoFirewall security core technology from Cryptography Research to start incorporating support for ASIC cores in VCAS. Such cores protect against a growing range of attacks that do not require direct access to the box but exploit variations in electromagnetic signals that can be used to deduce code words. The CrypoFirewall cores have now been embedded in set-top box SoCs from leading silicon vendors including Broadcom.

The other key technology needed to protect content in the Internet age is forensic watermarking, according to Oetegenn, and on this front Verimatrix has developed its own technology. “We have developed Videomark, a patented forensic watermarking solution that allows operators to embed code on the set-top or client device and fully integrate this with the security headend,” says Oetegenn.

“You generate a unique code that is embedded in the video stream itself saying that ‘So and so viewed this content on this device at this time of day’. Conceivably someone could put a movie camera in front of the screen and record content ‘in the clear’ [post decryption] but they may not know that the video mark has been embedded and been recorded. So now we have a complete chain of custody that can be traced all the way back. It is a great deterrent, because we know from past experience that movie studios are quite willing to send police round to people’s houses when they have evidence [of piracy].”

Verimatrix has just extended its VCAS range with VCAS for Broadcast-Hybrid for cable operators, designed to enable RF and multicast linear delivery to be combined with OTT using adaptive bitrate (ABR) streaming, with harmonized rights management. According to Oetegenn this is aimed at cable operators who are taking a hybrid interim step towards all-IP video delivery.

Oetegenn emphasizes that although content redistribution is emerging as the major piracy threat, there is still an important role for the traditional DRM regulating authorised access to content. “We still need DRMs because they keep honest people honest and also enforce geographical rights. Furthermore DRMs help operators be sure whoever is watching their content is paying for it.”