This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
With counterfeit pay TV smart cards just a click away on the Internet, pay TV providers are constantly looking for new ways to protect their digital content from theft, particularly as the June 12 deadline to switch signals from analog to digital looms. A team of tech companies believes it's onto something with an approach to security they hope will improve the encryption and decryption of broadcast signals, ensuring that subscribers have access to only the programs they're paying for, and non-subscribers don't get any access at all.
There are several ways to hack into a set top box and steal pay TV, says Dennis Flaharty, chief executive of SypherMedia International, Inc., a Westminster, Calif. company that provides part of this new security technology. One popular approach is to remove a set-top box's smart card (which provides the intelligence needed to decrypt a broadcast signal) and re-program it so that the card decrypts more channels than the subscriber is paying for. Non-subscribers can likewise buy pre-programmed smart cards via black market Web sites and plug them into a generic set-top box to steal content.
Pay TV is a big business. In the U.S. alone, about 102.6 million households subscribe to some form of pay TV service—cable television leads the way with 64.8 million subscribers, while satellite and Internet Protocol (IP) TV have 34.5 million and 3.3 million subscribers, respectively, according Mike Paxton, principal analyst with In-Stat's multimedia group, a division of Reed Elsevier, a U.K.-based publisher and research firm.
Cable TV providers have largely moved away from using smart cards to secure their digital signals due to their shortcomings, and this has cut down on the theft of content, Paxton says. "The satellite industry is a different story," he adds, because satellite pay TV providers tend to still use removable smart cards in their set-top boxes to validate their subscribers, and these cards can be hacked. Specific numbers quantifying the amount of pay TV that's stolen are hard to come by, he says, as the pay TV companies themselves don't know exactly how much of their content is pilfered, nor do they "want to advertise that this is a problem."
SypherMedia and partner Cryptography Research, Inc. in San Francisco are essentially looking to break down the encryption and decryption responsibilities between different system components—if those components don't work in concert, the signal won't come through.
SypherMedia and Cryptography Research plan to by early next year offer set-top box makers a combination of SypherMedia's software and GateKeyper encryption key management server with Cryptography Research's CryptoFirewall, a type of ASIC (application-specific integrated circuit) embedded in the set-top box's central processing unit (CPU). GateKeyper will function as part of the pay-TV provider's conditional access system, communicating from the broadcast end of the signal with CryptoFirewall, located in the subscriber's home, to verify which content that subscriber is paying for and provide the set-top box with the correct keys for decrypting the transmitted programs.
"You have some combination of smart card and CryptoFirewall," decrypting the signal, Flaharty says. If the smart card is tampered with—by someone writing software to it in order to decrypt more of the broadcast signal—it will not work properly with CryptoFirewall, and "you wouldn't get any TV. You would effectively break the system and have to call up your pay TV provider to get a new smart card."
Flaharty says that it's too early to determine the cost of adding CryptoFirewall and GateKeyper to pay TV systems. He adds that his company has had "contract discussions" with pay TV providers but declined to mention them by name.
SypherMedia and Cryptography Research's approach to security builds on top of security measures that many pay TV companies already have in place, including conditional access systems, such as those made by Switzerland-based Nagravision SA, which decrypt scrambled broadcast signals as they come into the set-top box.
Image ©iStockphoto.com/ Christopher Hudson