Conditional access systems. History, current state and development prospects

17.04.2019 Reviews

In the last release, it was shown that CW keys are required to descramble audio and video streams. Where does the receiver get them from?

Generally speaking, there are only two options:
1) keys are transmitted in the same transport stream as the encrypted program through the conditional access system
2) keys enter the receiver from other sources

In the second version, the key can be sewn into the receiver initially and subsequently not changed at all, or it can be entered manually from the remote control. In this case, the protection is obviously weaker, since changing the key takes a significant amount of time, which means that the key has to be used for a long time, and its leak or selection nullifies the protection.

However, this option is used when the content is of little value. For example, for not very complex encryption when transporting raw journalistic materials via satellite (so-called feeds).

The first option has more flexibility and is used most often, so we will focus on it. Moreover, it is he who is used for domestic purposes in DVB.

Formally, a system of conditional access (Conditional Access, CA) is a system of methods for presenting, storing, encrypting and transmitting information that serves to restrict access to programs. In Russian-language terminology, the name "encoding" has stuck, although it is technically not entirely correct - in addition to the actual encoding of information, other aspects are also regulated.

Conditional access systems are developed by telecommunications companies that use them in their broadcasting systems, or individual companies specializing in data protection. Conditional access system identifiers are centrally allocated to developers by the DVB consortium.

The most famous conditional access systems:

Viaccess is developed by France Telecom. It is used in NTV +.
- Mediaguard (aka SECA - named after the original developer - Société Européenne de Contrôle d "Accès)
- Irdeto is a development of the company of the same name. There is also a slightly different Betacrypt system.
- Nagravision - developed by Kudelski Group
- Conax - development of the Scandinavian company Telenor
- Cryptoworks, originally developed by Philips, then acquired by Irdeto.
- Videoguard is the brainchild of the Israeli company NDS. Today it is considered the most secure system of all used for consumer DVB. In contrast to the above, not a single digital version of this system has yet been opened, although rumors about this appear regularly.

There are other, less common conditional access systems.

These systems are not static, as vulnerabilities are discovered, developers release new versions, which usually differ in encryption and storage methods, but retain the format of data presentation and transmission. This allows providers, when changing the version of the conditional access system, to replace for subscribers only relatively cheap smart cards that directly carry out decryption, and the rest receiving equipment leave unchanged. More on the division of functions between receiver modules - in the next release.

Usually providers use only one CA system, rarely two. More is very rare, mainly on individual porn channels that are not included in the large packages of national providers.

The choice of a conditional access system by a provider is a very responsible decision, since replacing it after the start of commercial operation is a rather expensive undertaking that requires [at least partial] replacement of receiving equipment for all subscribers, not to mention the equipment of the provider itself.

Nevertheless, such cases also happen. So, several years ago, a large Scandinavian provider Viasat, which had previously used the version of Viaccess that had been almost completely opened by that time, completely switched to Videoguard.

Let's return to the conditional access data transmitted in the multiplexed stream. There are two types of them: ECM (Entitlement Control Messages) and EMM (Entitlement Management Messages). In short, the ECMs directly manage the viewing experience, and the EMMs manage the subscribers' subscriptions.

ECM and EMM are also made out in the form of tables, but from the general structure they only have the table identifier and length. The rest of the content of the table is determined by the rules of a specific conditional access system, which are usually not published by the developer, but transferred to equipment manufacturers under the NDA. For ECM, table identifiers 0x80 and 0x81 are usually used (usually in turn - changing the identifier is used to indicate the changed contents of the table, since version fields, unlike standard tables, not in ECM), and for EMM - 0x82 - 0x8F. ECM and EMM tables are sometimes also referred to as packages.

As shown in the Program Map Table example given in one of the previous releases, the PMT can indicate the PID with which the program's conditional access data is transmitted in the current transport stream. This is the ECM stream, which is usually individual for each program, and sometimes (in the case of simultaneous use of several conditional access systems or several versions) there can be several such streams. In the latter case, the PMT contains the PIDs of all ECM streams along with the identifiers of the conditional access systems used in these streams.

Within the ECM are contained, in particular, the CW from the audio and video streams of the program. Naturally, in encrypted form, so that they cannot be extracted from there by everyone. CWs are usually transmitted in pairs (even and odd, in fact current and next), which allows the receiver to start descrambling immediately after tuning into the program.

In addition to CW, ECM transmits Additional Information, which determines whether each specific subscriber is allowed to view the current program or program.

So, some programs are available for viewing by all subscribers of the provider. Some - only to those who subscribed to additional packages or individual programs and paid additional money to the provider. Some are only for subscribers in a specific geographic region. And also in ECM is transmitted The current date and the time, which are compared with the period of validity of the subscriber's subscription to this program or a software package.

In addition, there is a Pay Per View (PPV) system, when payment is not charged for the entire subscription period, but for a specific transmission in its entirety, or for short viewing intervals (for example, 10, 15, 30, 60 minutes). This method is commonly used in movie screenings and high-profile sports broadcasts. In this case, the receiver can show on the screen information about how much it will cost to watch the program, and the subscriber can confirm his desire to watch it by pressing a button on the remote control.

For some transmissions, an age rating may be indicated in the ECM, and with the appropriate setting, the receiver may ask the subscriber for a password (parental code) before decrypting.

The above and other similar terms may be specified in the ECM and may affect viewing.

Certain ECM fields are usually sent unencrypted - for example, the provider ID so that the receiver can quickly determine if it is capable of handling the packet at all.

And some are encrypted, in particular CW. Also in ECM there is usually a checksum, in Russian terminology is usually called a signature or hash (hash). It allows you to determine if the packet was accidentally or intentionally corrupted during transmission. If the calculated checksum does not match the transmitted one, then the packet is ignored.

To encrypt the fields and calculate the checksum, algorithms are used that are different for each conditional access system, and of course, keys.

The encryption keys used in ECM are called operating keys (opkeys). In Russian, it is correct to call them "active", but instead the tracing "operational keys" has taken root. Usually there are several such keys, and while one of them is used for [de] encryption of ECM, others can be replaced painlessly. Valid keys are changed at the discretion of the provider, usually from once a day to once a month, although sometimes the keys do not change for years, and sometimes they change several times a day.

In addition to ECM, EMMs may be present in the multiplexed stream. Unlike ECM streams, which are usually individual for each program, there is usually only one EMM stream [for each conditional access system] in a multiplexed stream.

The PIDs from EMM streams along with the identifiers of the conditional access systems are indicated in the CAT (Conditional Access Table), an example was given in one of the previous releases.

The EMM transmits individual and group data about subscribers' subscriptions, including cancellation of subscriptions. Also, valid keys can be updated via EMM. To encrypt data and generate a checksum in EMM, a different set of keys is used - the so-called management keys or master keys. The control keys are usually flashed into the smart card when issued and are never changed again.

Once again, in a nutshell. Three sets of keys are commonly used in DVB:
- CW, which directly encrypt (scramble) audio and video streams of the program
- valid keys used to encrypt CW and other data in ECM
- control keys, which encrypt valid keys and other data in the EMM.

All of the above is not a dogma, but general rules that may differ for different conditional access systems. Little is regulated by the standards in conditional access: the scrambling algorithm, the method of specifying the scrambling key (CW) number in TS and PES packets, the order of issuing conditional access system identifiers (CA ID), the format of the conditional access table (CAT), table identifiers for ECM transmission and EMM.

In addition to the already mentioned ISO 13818-1 and "EN 300 468: DVB; Specification for Service Information (SI) in DVB systems",
those interested in details can refer to the following documents:
"DVB Document A011: DVB Common Scrambling algorithm", in which the algorithm itself is not described, but only the procedure for licensing it by equipment manufacturers from developers is determined,
"DVB Document A007: Support for use of scrambling and conditional access within digital broadcast systems",
ETR 289: DVB; Support for use of scrambling and Conditional Access (CA) within digital broadcast systems ".

You are not a slave!
Closed educational course for children of the elite: "The true arrangement of the world."
http://noslave.org

From Wikipedia, the free encyclopedia

: incorrect or missing image

This article is missing information.

Channels in this system can be opened using a receiver with a built-in encoding emulator.

NAGRA

DRECrypt

DRECrypt- a conditional access system developed in Russia. The first commercial implementation of the DRECrypt DMS was in 2004, now DRECrypt is one of the leaders in the market of complex content management systems and its protection from unauthorized access and serves more than 15,000,000 subscribers.

Developer: LLC "Tsifra"

Benefits of CAS DRECrypt:

The number of supported subscriber devices: more than 25,000,000.

DVB SimulCrypt 2.0 support.

The COURT security certification has been passed.

Has a valid certificate of conformity in the field of communications.

Interface, documentation and support in Russian and English.

Operational support 24/7.

The number of scrambling services is up to 10,000.

Spreading:

The system has been implemented by more than 50 Pay TV operators in the Russian Federation and the CIS countries. The total number of subscribers of cable and satellite TV - 12 915 000.

Broadcast operators: JV Ekran (Abkhazia). The total number of subscribers among on-air operators is 200,000.

Versions:

On the this moment the 4th version of CAS is in operation, the 5th version is being introduced.

VideoCrypt

There are currently two known versions of VideoCrypt I and VideoCrypt II. The first is used in Great Britain and Ireland, for example, by the very famous BSkyB (British Sky Broadcasting) TV company. The second version was used in Europe, but nowadays it is used quite rarely. Many decoders have VideoCrypt I / VideoCrypt II switchable capability. The difference between them is small, however, completely different cards are used and service information is transmitted with some differences. To encode the image, the method of cutting a string at a random place and rearranging parts of the strings is used. [ ] VideoCrypt provides 256 possible string slicing locations. The cutting pattern changes every 2.5 seconds. The service information for the decoder is transmitted in a form similar to teletext.

Viaccess

Viaccess PC2.3 - Hacked and found to be ineffective.
Viaccess PC2.4 - Hacked and found to be ineffective.
Viaccess PC2.5 - hacked, the "MEZZO" channel from the satellite works in this encoding Hot bird.
Viaccess PC2.6 - Hacked and found to be ineffective.
Viaccess PC3.0 - developed in the middle of 2007, with the help of the emulator only channels of the French broadcaster “TNT France” are opened, there is also the possibility of viewing by cardsharing.
Viaccess PC3.1 - not jailbroken, there is a possibility of viewing by cardsharing.
Viaccess PC4.0 - Actively used as of 2012. not cracked, but there is a possibility of viewing by cardsharing.
Viaccess PC5.0 - not hacked, used by the satellite operator NTV-Plus as of March 2013 in conditional access cards with serial numbers starting with 032875, there is a possibility of viewing by cardsharing.

Used by:

In Russia by the company "NTV-Plus".
In Europe (for example, on satellites Hot bird many channels are encoded in it).

Viaccess was the third most widely used conditional access system in 2004.

Roscrypt

Developer: FGUP NII Radio (Russia).

Cryptographic protection complies with GOST 28147-89.

There are two versions of "Roscrypt-Pro" and "Roscrypt-M 2.0". Allows to protect the components of the transport stream encoded in accordance with the MPEG-2, MPEG-4 standards at normal () and high () resolutions. Compatible with broadcasting standards: DVB-T, DVB-T2 (Roscript-Pro), DVB-S, DVB-S2 (Roscrypt-M 2.0).

Number of supported subscriber devices: more than 20'000'000.
Number of services closed by one scrambler: at least 50.
Total number of services: 2048.
The number of services opened by one CAM module: unlimited in any combination.
Transport stream speed: up to 108 Mbit / s.
Information security algorithm standard: GOST 28147-89.
Key length: 256 bits.
Allows partial or complete updates via a transport stream.
The ability to transfer control tables due to the redundancy of the transport stream.
Very burglar resistant.

Used for some of the channels on the Express AM1 satellite.

Conax

A system open to interaction without prioritization. Uses a coding system using asymmetric encryption. It is used by ER-Telecom in parallel with the Nagra system.

Conax CAS7 - for operators of DVB digital television networks.
Conax CAstream is a stand-alone system for IPTV operators. It allows you to use the existing platform and applications with the addition of conditional access and security mechanisms to them, allows you to deliver an encrypted stream to subscribers over open networks.

Irdeto

The second and also the third versions of this encoding are Irdeto 2 and Irdeto 3.

Betacrypt

Irdeto variety.

Mediaguard

Also known as Seca... The first version is hacked, the second is partially hacked. It is rarely used due to its susceptibility to hacking, basically the second version of this encoding (Mediaguard 2) cards of this version have been replaced with a more secure one (Mediaguard 3).

PowerVu

There is no information about the hacking. The only manufacturer CAM modules SMiT. Used by the provider IDC in Transnistria to encode multichannel television.

Other systems

Hacking Conditional Access Systems

Carried out through:

Fake access card
Pirated software in the receiver
Keys for software decoding

There is another way to view commercial television illegally: cardsharing. It works by distributing keys from one (or several) license card conditional access to multiple receivers via the Internet or in another way.

Write a review on the article "Conditional Access System"

Notes (edit)

An excerpt characterizing the Conditional Access System

Stand up, stretch out your hands
Open your eyes
My dear boy
My glorious son.
Stand up, look, listen
How birds sing to us
Like flowers at dawn
May they drink dew.
Stand up, look my darling
Death will wait for you!
See? - And on the graves
Sunny May lives!
Flames with flowers
Even the land of graves ...
So why are there so few
Did you, my son, live?
My clear-eyed boy
Joy, my hope!
Don't go my dear
Do not leave me...
He named him Alexander, choosing this name himself, since his mother was in the hospital and he had no one else to ask. And when the grandmother offered to help bury the baby, dad categorically refused. He did everything himself, from start to finish, although I can't even imagine how much grief I had to endure burying his newborn son, and at the same time knowing that his beloved wife is dying in the hospital ... But dad is everything. endured without a single word of reproach to anyone, only the only thing he prayed about was that his beloved Annushka would return to him, until this terrible blow completely knocked her down, and until night fell on her exhausted brain ...
And so my mother returned, and he was completely powerless to help her with something, and did not know at all how to get her out of this terrible, "dead" state ...
The death of little Alexander deeply shocked the entire family of the Seryogins. It seemed that the sunshine would never return to this sad house, and there would never be more laughter ... Mom was still “killed”. And although her young body, obeying the laws of nature, began to get stronger and stronger, her wounded soul, despite all the efforts of her father, like a bird that had flown away, was still far away and, plunging deep into the ocean of pain, was in no hurry to return from there ...

But soon, after some six months, good news came to them - mom was pregnant again ... Dad was frightened at first, but seeing that mom suddenly began to come to life very quickly, he decided to take a risk, and now everything is with great impatience were expecting a second child ... This time they were very careful, and tried in every possible way to protect their mother from any unwanted accidents. But, unfortunately, trouble, apparently for some reason, fell in love with this hospitable door ... And she knocked again ...
With a fright, knowing sad story my mother’s first pregnancy, and fearing that something would go wrong again, the doctors decided to do a “cesarean section” even before the contractions began (!). And apparently they did it too early ... One way or another, a girl was born, who was named Marianne. But, unfortunately, she also managed to live for a very short time - after three days this fragile, slightly blossoming life, for no one for known reasons, interrupted ...
A terrible impression was created that someone really did not want their mother to give birth at all ... And although by nature and genetics she was a strong and absolutely suitable woman for childbearing, she was already afraid to even think about repeating such a cruel attempt once generally...
But a person is a creature, surprisingly, strong, and is able to endure much more than he himself could ever have imagined ... Well, pain, even the most terrible, (if it does not immediately break the heart) is once visible is dulled, supplanted by the hope that eternally lives in each of us. That is why, exactly one year later, very easily and without any complications, in the early December morning, another daughter was born to the Seryogins' family, and I turned out to be this happy daughter ... But ... and this birth would certainly not have ended like this happily, if everything would continue to proceed according to the pre-prepared plan of our "compassionate" doctors ... On a cold December morning, my mother was taken to the hospital, even before she had contractions, so that, again, “to be sure” that “ nothing bad "will happen (!!!) ... Dad, wildly nervous from" bad premonitions ", rushed back and forth along the long hospital corridor, unable to calm down, because he knew that, according to their common agreement, mom did this try for the last time and if something happens to the child this time, it means that they will never be destined to see their children ... The decision was difficult, but dad preferred to see, if not children, then at least his beloved " an asterisk "alive, and not to bury all your family at once, even in our opinion who have not yet understood what it really means - his family ...
To my great regret, my mother again came to check on Dr. Ingelavichus, who was still the chief surgeon there, and it was very, very difficult to avoid his "high" attention ... o'clock in the morning, to give mom another "cesarean section", to which poor dad almost had a heart attack ...
But at about five o'clock in the morning a very pleasant young midwife came to my mother and, much to my mother's surprise, she said cheerfully:
- Well, let's get ready, now we will give birth!
When the frightened mother asked - what about the doctor? The woman, calmly looking into her eyes, tenderly replied that, in her opinion, it was high time for mom to give birth to live (!) Children ... And she began to gently and carefully massage her mother’s stomach, as if gradually preparing her for a “quick and happy” childbirth ... And so, with light hand this wonderful unfamiliar midwife, at about six o'clock in the morning, my mother easily and quickly gave birth to her first living child, which, fortunately, was me.
- Well, look at this doll, mom! - cheerfully exclaimed the midwife, bringing her mother, already washed and clean, a small screaming bundle. And my mother, seeing for the first time her, alive and well, little daughter ... fainted from joy ...

When exactly at six o'clock in the morning, Doctor Ingelavichus entered the ward, a wonderful picture appeared before his eyes - a very happy couple was lying on the bed - it was my mother and I, her live newborn daughter ... But instead of rejoicing for such an unexpected happy in the end, the doctor for some reason got into a real rage and, without saying a word, jumped out of the ward ...
We never found out what really happened with all the "tragic and unusual" births of my poor, suffering mother. But one thing was clear for sure - someone really did not want at least one mother's child to be born alive into this world. But apparently the one who so carefully and reliably guarded me throughout my future life, this time decided to prevent the death of the Seryogins' child, somehow knowing that in this family he would probably be the last ...
This is how, "with obstacles", once began my amazing and unusual life, the appearance of which, even before my birth, prepared for me, even then quite complex and unpredictable fate ...
Or maybe it was someone who already knew then that someone would need my life for something, and someone tried very hard so that I was still born on this earth, in spite of all the “difficult obstacles "...

As time went. The yard was already completely dominated by my tenth winter, covering everything around with a snow-white fluffy cover, as if wishing to show that she is the rightful mistress at the moment.
More and more people entered the shops to stock up on New Year's gifts in advance, and even the air already "smelled" of the holiday.
Two of my favorite days were approaching - my birthday and New Year's, between which there was only a two-week difference, which allowed me to fully enjoy their "celebration", without any big break ...
I spent whole days “in exploration” around my grandmother, trying to find out what I would get on my “special” day this year? even before my birthday and find out what kind of "pleasantness" I can expect. But this year, for some reason, to all my “hopeless” attempts, my grandmother only smiled mysteriously and replied that it was a “surprise” and that she was absolutely sure that I would really like it. So, no matter how hard I tried, she stood firm and did not succumb to any provocations. There was nowhere to go - we had to wait ...
Therefore, in order to occupy myself with something and not think about gifts, I began to compose a “festive menu”, which my grandmother allowed me to choose this year at my discretion. But, I must honestly say, it was not the easiest task, since the grandmother could do real culinary miracles and it was not so easy to choose from such an "abundance", and even more so - to catch grandmother on something impossible was generally a matter almost hopeless. Even the most fastidious gourmets, I think, would find something to feast on at her place! .. And I really wanted this time to “smell” of something very special, since it was my first “serious” birthday and for me for the first time so many guests were allowed. My grandmother took all this very seriously, and we sat with her for about an hour, discussing what would be so special that she could "twist" for me. Now, of course, I understand that she just wanted to please me and show that what is important to me is just as important to her. It was always very pleasant and helped me to feel needed and to some extent even “significant”, as if I were an adult, mature person who meant a lot to her. I think it is very important for each of us (children) that someone truly believes in us, since we all need to maintain our self-confidence in this fragile and highly "fluctuating" time of childhood maturation, which is already almost always represents a violent inferiority complex and extreme risk in everything we try, trying to prove our human worth. My grandmother understood this perfectly, and her friendly attitude always helped me, without fear, to continue my "crazy" searches for myself in any life circumstances that came across.

Currently on the market digital broadcasting enough big number Conditional access systems. Among them, the most popular are: VIACCESS, IRDETO, CONAX, MEDIAGUARD, NAGRAVISION. For most end users digital telecommunication systems CAS are embodied either in the form of smart cards or in the form of CAM-modules, which are inserted into the corresponding connector of the integrated receiver-decoder (STB) and allow the user to access various information services: TV channels, radio channels, Internet resources, teleconferences , video on demand (VoD) and others. However, in reality, the cards and modules represent only the surface of the "iceberg" called the "Conditional Access System".

Many of today's CAS have their origins in analog satellite systems, in which they served solely as a protection of pay TV channels from unauthorized viewing. These systems used a rather primitive technique for shuffling strings. transmitted image according to a certain algorithm. This method received the name "scrambling", this term is still used today. It was assumed that only legal receivers can restore the original image using special equipment or software... However, errors and shortcomings in the algorithms used, the development of computer technology and the increased interest of many people in illegal viewing of pay TV channels led to the hacking of most of these systems. Further development CAS is associated with the use of a combination of scrambling methods and encryption algorithms, which made it possible to somewhat increase the degree of protection of TV channels. An example of such a CAS is the Videocrypt system, interesting feature which is the use of a pseudo-random number generator to obtain the points of inversion of the image lines. The generator start value is transmitted in the beam blanking interval (VBI), which is used in analogue television to transmit information such as teletext.

The conversion of satellite and terrestrial broadcasting into digital formats, in particular, the emergence and development of the DVB standard, opened up new opportunities and development horizons for manufacturers of conditional access systems. However, the range of tasks that must be solved by conditional access systems has also significantly expanded. Along with such traditional requirements as reliability, scalability and low cost, such concepts as universality and context independence have become relevant, that is, the possibility of using CAS to protect broadcast channels with various types of traffic. In connection with the emergence of services for individual subscribers, for example, "video on demand", the Internet, teleconferencing, methods of addressing and authentication of end users began to acquire great importance. The development of computer technology has also led to qualitative changes cryptographic techniques protection of the broadcast channel.

In general, a modern conditional access system is a complex of software and hardware that form several interconnected subsystems. The most important and present in almost every CAS include the following components:

Subscriber Service and Subscription Management (SAS);
key generation and management subsystem (KMS);
transport stream scrambling and encryption subsystem (ESS);
decoder hardware-software security subsystem (SRS).

The main functions of SAS can be described by the so-called AAA (authentication, authorization and accounting) model: The main task of authentication is to confirm the authenticity of addresses and identifiers used by decoders, as well as to protect decoders and smart cards from the influence of command streams generated by a third party. In most existing implementations of conditional access systems, the authentication problem is solved by using such cryptographic mechanisms like checksums, signatures, hash functions, digests and others.

Authorization is the process of determining the user's rights to access a given information service and forming, based on this information, message streams that control the operation of the addressable decoder. Addressing consists in assigning to each legal user a unique identifier (address), in most cases located in the ROM of an electronic device (decoder, smart card, etc.). In addition, the user can be assigned to various groups that differ in some way: subscription class, priority, age, geographic location, affiliation with organizations, etc. This allows information service providers to perform both individual and group address operations, which in some cases contributes to a significant reduction in overhead costs for the transfer of address information. The problem of choosing the dimension of group and individual addresses, as well as choosing a method for coding a user's belonging to different groups at the same time, is solved in subscriber management systems in different ways. The determination of user rights is based on information obtained from databases maintained by commercial services and performing, in fact, accounting functions of subscribers. User activation and deactivation procedures can be performed different ways... The easiest way is to issue to all legal users an electronic device (smart card, PCMCIA module, etc.) containing either keys or algorithms that allow decoding certain information services. However, with this method, it is rather difficult to perform user deactivation and subscription management operations. More complex, but at the same time more flexible and functional, is the user management scheme, in which the opportunity remote control legal decoders. In this case, control commands are either transmitted to decoders via an additional terrestrial communication channel ( phone line, IDSL, etc.) - OUTBAND mode, or "mixed" into a real satellite or terrestrial transport stream - INBAND mode. The INBAND mode is more applicable in modern CAS, since it does not require a terrestrial channel and additional specialized equipment in the receiver, however, the disadvantages of this mode include the use of a part of the transport stream for transmitting service information and the ability to intercept and analyze transmitted information third party. The solution to these problems today is the intensive use of group commands and cryptographic methods of protecting the transmitted information.

V European standard For the transmission of commands and SAS information, DVB is provided and reserved for a special type of information flow - EMM (Entitlement management message) and a special service table CAT (Conditional access table) containing descriptors of all EMM streams present in this transport stream. The structure and content of EMM are not defined by the DVB standard and depend on a specific conditional access system, however, in most cases, EMM contains the following commands:

activation / deactivation of the card,
permission / prohibition of access to information service,
change / renewal of subscription,
operating key update.

To protect against unauthorized access, EMM is usually encrypted with symmetric (DES) or asymmetric (RSA) cryptography algorithms.

ECM tables (Entitlement control message) are also reserved by the DVB standard for the needs of conditional access systems. These tables usually carry the encrypted keys (CW) required for direct decoding of the transport stream. In general, in ECM, in addition to encrypted keys, the CAS identifier, the provider identifier is also transmitted information service, date, subscription class, operational key number, and hash value. After checking the access rights, the authorized decoder uses the operating key stored in its memory with the number specified in the ECM table and some received data to calculate the value of the hash function, which is compared with the value transmitted in the ECM table. Positive result comparison means that the used operational key is up-to-date and can be used to calculate control words (CW).

The generation and distribution of key information is a function of the KMS subsystem that generates ECM tables. Most modern CASs use a multilevel hierarchy of key information. Figure 1. a simplified version of such a hierarchy is presented.

Rice. 1. Hierarchy of key information.

On the lower level This hierarchy uses the so-called control words, which are used directly in the transport stream descrambling algorithm. These keys are changed quite often, usually after 10-20 s, which is necessary to exclude the possibility of brute-force attacks. As noted earlier, control keys are encrypted in ECM tables. To decode them, operational keys are used, which are stored in the non-volatile memory of the smart card or decoder. Since it takes some time to decode the control word, which depends on the complexity of the cryptoalgorithm used in the CAS and the power of the decoder's computational resources, the “even and odd keys” method is used to avoid interruption of sound and video at this moment. The essence of this method is that, in fact, at each moment of time at random access memory decoder, there are two CWs: "even" and "odd", and each encoded transport packet contains an information bit indicating which of the keys should be used to decode this packet. During a key change, only one key is actually changed, which is not currently used for decoding the transport stream.

Each smart card stores a fairly limited set of operating keys due to the small size of non-volatile memory protected from unauthorized access. These keys can also be updated. Their renewal period can range from several hours to several months. To update the operating CAS keys, use special teams transmitted in the EMM stream. The procedure for decoding operational keys is generally similar to the procedure for obtaining control words, however, it uses master keys. In addition, some CAS use different cryptoalgorithms to decode CW and OK. Master keys (MC) belong to the highest level of the key hierarchy, are the most secret and are stored in the most secure area of the non-volatile memory of the smart card. These keys are obtained by a legal user along with a smart card and almost never change.

The reliability of the entire conditional access system is directly dependent on the reliability of all the components that make up this system. For example, the benefits of using robust, time-tested cryptographic algorithms in CAS cannot prevent a system from being hacked that uses "bad" random number generators to obtain secret keys. Therefore, such a KMS function as the generation of key information is of no small importance. There are several special requirements and constraints that affect the design of a nearly stable random number generator. The main requirement (and limitation) imposed on the generator is that it cannot be based on only one source or on a small number of sources of a random variable. Additionally, the sources should not be very remote and should not be very specific from a hardware and software point of view. Also, the generator must have the following properties:

resistance to analysis of input data,
resistance to manipulation of input data,
resistance to the analysis of the output data,
protection of the internal states of the generator from any analysis and recovery using various methods,
the ability to check the correctness of the generator.

In general, all possible steps must be done to ensure that generator status information is never leaked to the outside world. Any information leakage that predicts generator output should be perceived as a catastrophic design flaw in the KMS.

The most important, fundamental part of any conditional access system is the scrambling or encryption algorithm of the transport stream, which should not be confused with the encryption algorithms for key information. The DVB standard provides support for various scrambling algorithms, but recommends using its own CSA (Common Scrambling Algorithm) method. This algorithm is designed specifically for use in broadcast DVB channels and is therefore used in most modern systems conditional access. The CSA algorithm is not publicly available, and details are provided only to authorized manufacturers and providers of conditional access systems. In addition to CSA, various "fast" modifications of the DES algorithm have become widespread. Most significant disadvantage both algorithms have a relatively small key length: nominally in both cases it is 64 bits, but actually 56 bits for DES and 48 bits for CSA. Given the current state of the art in computing, it can be argued that both algorithms are potentially vulnerable to brute-force attacks and therefore are not suitable for protecting information with a high degree of secrecy. This method is especially effective when dividing a set possible values key into several subsets, the enumeration of the values of which is carried out in parallel on several computing platforms. As a result, the total search time is inversely related to the number of selected subsets. The CAS developers try to overcome this drawback by reducing the control word change period, which in turn leads to an increase in the communication channel bandwidth required for the transmission of service information and, accordingly, to an increase in the cost of operating the CAS.

An important aspect of the conditional access system is the development of secure software and hardware that allows authorized user descramble and decrypt the information received. The term "security" in this context means that the decoder firmware must be reliably protected from unauthorized interference by a third party. Such impact can be expressed in attempts to access internal memory decoder or smart card, analysis of the exchange protocol between the decoder and the smart card, emulation of the smart card or decoder. The successful result of such attempts can most likely lead to the collapse of the conditional access system and huge financial losses for providers.

One of the main components of the technical means is the decoder of the conditional access system, which can be:

software emulation only,
only hardware implementation,
software emulation with support for smart cards,
additional decoder installed in a special connector of the integrated receiver.

Depending on the implementation, the decoder can execute descrambling algorithms either by hardware or software, it can contain in its memory all the information necessary to decode services, including secret keys, or it can only contain the descrambling algorithm and the protocol for exchanging with a smart card in the memory of which there is secret information.

Rice. 2. General scheme decoding process

A diagram of the decoding process (common for all implementations) is shown in Fig. 2.

Each of these options has specific features that make it possible to build the decoding part of the conditional access system most efficiently and flexibly. So, for example, hardware implementation is the fastest and most reliable way to decode. However, a receiver with a hardware decoder will be specialized for a specific encoding algorithm, which significantly reduces the receiver's functionality and ties it to several providers using this encoding. If such a system is hacked, the procedure for updating or restoring the decoding part of the conditional access system will consist in replacing the hardware components, which in most cases is either impossible or is associated with high financial costs.

The most flexible and reliable is a combined software and hardware implementation based, for example, on COMMON INTERFACE (CI) - a technology widely supported by developers of DVB equipment. Access to encrypted services is carried out using an additional decoder installed in the connector provided for this purpose in the receiver. This device was named Conditional Access Module (CAM). The European standard for digital broadcasting DVB is based on the principle of hardware compatibility of conditional access modules designed for various types of encoding. This possibility is realized in the presence of a universal interface in most digital receivers (receivers). Thus, in order to view programs in various conditional access systems, it is necessary to replace only the conditional access module of one coding system with another. CI CI modules are produced for most types of coding systems used for descrambling DVB broadcasts (Irdeto, Betacrypt, Viaccess, Mediaguard / Seca, CryptoWork, Nagravision, Conax). A subscriber smart card is installed in the module and stores secret information. A conditional access module is an electronic device that functions in accordance with the program it contains. Software and hardware of the conditional access module provide the following operations:

descrambling of services broadcast in a certain encoding;
control of user rights and subscription management, carried out through the exchange of information with a smart card (Fig. 3.).

The CI interface is based on the client-server technology, applications (on a module), as a client, use the resources provided by the server (host). The CI process running on the DVB receiver implements the provision of resources, that is, the functions of the host. At the hardware level, the exchange of various transactions between the module and the receiver is controlled by a specialized controller of the CI interface, which allows the CI process to provide address access to two independent conditional access modules. The disadvantages of this implementation include the complexity and high cost of decoding equipment. The most vulnerable point of this implementation is the organization of the exchange between the module and the smart card. To a large extent, this is facilitated by the development and distribution of such emulators as PHOENIX and SEASON.

The PHOENIX interface is a software and hardware tool for emulating the decoder module's operation, while the SEASON interface is designed to emulate the operation of a smart card. The use of these interfaces makes it possible to track all data transferred between the module and the smart card for the purpose of their subsequent analysis and retrieval. classified information... Thus, there is a problem of organizing a secure exchange protocol between the decoding module and the smart card.

Currently, there is no known conditional access system for which there would be no methods of overcoming or circumventing it. The cost, complexity, computational resources required, the time required, and the principles of these methods can vary significantly, but they all lead to one end result - the collapse of the conditional access system. Most experts working or conducting research in the field of information security agree that it is impossible to create absolutely reliable system information protection. This statement is undoubtedly true for systems of conditional access to transport stream services of the DVB standard. However, it seems quite possible to create such a system, breaking into which would be economically inexpedient, that is, the costs of overcoming the protection system of which would be much higher than the cost of information obtained as a result of breaking.

Conditional Access System is an electronic software complex that provides access to coded digital satellite, terrestrial and cable television channels and radio stations.

Conditional access systems are classified according to the following scrambling algorithms:

Closed systems - use corporate crypto standards. With a common scrambling algorithm (Common Scrambling Algorithm) - built on the DVB standard or DVB-compatible systems.
SimulCrypt - requires agreement between operators who use different conditional access systems, but a single encryption algorithm. The multiplexed signal stream, according to technical specifications, contains packages for each of the systems.
MultiCrypt- provides access to various conditional access systems through a PCMCIA card that uses the DVB-Common Interface (DVB-CI) or DVB-Common Interface2 (DVB-CI2) connection standard. Allows you not to depend on service providers, but is more expensive than SimulCrypt.

Names of conditional access systems and operators who use them:

BISS (Basic Interoperable Scrambling System)
System developer: EMU. The progenitor of modern standardized conditional access systems. Very simple system conditional access. Does not require smart cards for decoding.

The transmitting side encodes the signal using a secret key, at the same time this signal is decoded using the same key. The key value is equal to sixteen digits in hexadecimal format. The TV channels that are encoded by this system are decrypted by the built-in decoding emulator. This system is still used by some satellite TV operators and you can find these keys on our website in the news section.

NAGRA
System developer: Nagra (Switzerland).

V the given time works for several satellite TV operators including ER-Telecom (you may know it as Dom.ru).

DRECrypt
System developer: LLC "Tsifra"

DRECrypt is a conditional access system that was developed in Russia. It was first implemented in 2004 by the operator "Tricolor", at this time DRECrypt is one of the world leaders in the market of integrated content management systems and protection against unauthorized access. Used to service over 15,000,000 subscribers.

The main advantages of CAS DRECrypt:

The number of supported subscriber devices: more than 25,000,000.

DVB SimulCrypt 2.0 support.

The COURT security certification has been passed.

Has a valid certificate of conformity in the field of communications.

Interface, documentation and support in Russian and English.

Operational support 24/7.

The number of scrambling services is up to 10,000.

Spreading:

The system is used by more than 50 Pay TV operators in the Russian Federation and the CIS countries. The total number of cable and satellite TV operators' subscribers is 12,915,000.

Broadcast operator: SP Ekran (Abkhazia).

At this time, the 4th version of CAS is in operation, the 5th version is being introduced.

VideoCrypt
There are currently two versions of VideoCrypt I and VideoCrypt II. One is used in the UK and Ireland, for example by the satellite operator BSkyB (British Sky Broadcasting). Another version was used in Europe, but in current time used very rarely. Most decoders have VideoCrypt I / VideoCrypt II switchover function. Their differences are small, but they require the use of completely different cards and service information is transmitted with slight differences. To encode a video stream, a line splitting in a random place and replacement of parts of the lines is used. VideoCrypt provides 256 possible line cutting positions. The cutting pattern changes every 2.5 seconds. Service information for the decoder is sent in a form similar to teletext.

Viaccess
System developer: France Télécom (France).

Designed as a digital version of EuroCrypt.

Viaccess PC2.3 - Hacked and found to be unprotected.
Viaccess PC2.4 - Hacked and found to be unprotected.
Viaccess PC2.5 - hacked, the "MEZZO" channel of the Hot Bird satellite transponder is working in it.
Viaccess PC2.6 - Hacked and found to be unprotected.
Viaccess PC3.0 - developed in 2007, the emulator opens the channels of the package of the French operator "TNT France", it is possible to use cardsharing for viewing.
Viaccess PC3.1 - not jailbroken, it is possible to use cardsharing for viewing.
Viaccess PC4.0 - In heavy use as of 2012. not cracked, but it is possible to use cardsharing for viewing.
Viaccess PC5.0 - not hacked, is currently used by the satellite operator NTV-Plus as of March 2013 in conditional access cards that start with serial number 032875, it is possible to use cardsharing for viewing viewing.

Used by:

In Russia, the satellite operator "NTV-Plus".
In Europe (on the Hot Bird satellite it is encoded a large number of channels).
There is a modification - TPS-Crypt, which is used by the French satellite channels TPS (since 2007 they belong to the Canal + group).

Viaccess was the third most widely used conditional access system in 2004.

Roscrypt
System developer: FSUE NII Radio (Russia).

Cryptographic protection meets the requirements of GOST 28147-89.

There are two versions of "Roscrypt-Pro" and "Roscrypt-M 2.0". Allows you to protect the components of the transport stream encoded in accordance with the MPEG-2, MPEG-4 standards at normal (SD) and high (HD) resolutions. Compatible with broadcasting standards: DVB-T, DVB-T2 (Roscript-Pro), DVB-S, DVB-S2 (Roscrypt-M 2.0).

The number of subscriber devices that are supported: more than 20'000'000.
The number of services that can be closed by one scrambler: at least 50.
Total number of services: 2048.
The number of services that can be opened by one CAM module: unlimited in any version.
Transport stream speed: up to 108 Mbit / s.
Information security algorithm standard: GOST 28147-89.
Key length: 256 bits.
Allows partial or complete software updates via transport stream.
The ability to transfer control tables due to the redundancy of the transport stream.
Very burglar resistant.
Used for some of the channels on the Express AM1 satellite. This satellite already sent to the burial orbit.

Conax
A system open to interaction without prioritization. Uses an asymmetric encryption system. It is used by ER-Telecom simultaneously with the Nagra system. Conax CAS7 - for digital network operators DVB television.
Conax CAstream is a stand-alone system for IPTV (or OTT) operators. Provides the ability to use the existing platform and applications with the addition of conditional access and security mechanisms to them, allows the encrypted stream to be delivered to subscribers over open networks.

Irdeto
There are second and third versions of this coding Irdeto 2 and Irdeto 3. Used by satellite operators: "MTS" ("Home Digital MTS TV ")," Continent TV ", Federal State Unitary Enterprise" Space Communication ".

Betacrypt
Irdeto variety.

Mediaguard
Also known as Seca. The first version is hacked, the second is not completely hacked. It is rarely used due to its instability to hacking, basically the second version of this encoding (Mediaguard 2) cards of this version were replaced with an improved one (Mediaguard 3).

PowerVu
The encoding, which was developed in the United States, is used by the American military. It is used to broadcast almost all American Forces Network channels. To receive and watch programs legally, you need a special, very expensive receiver. Previously, it was considered burglar-proof, but at the beginning of 2015 it was completely hacked, and now its decoding is possible with the help of emulators if there are keys (currently, keys are known for most packets with this encoding).

Videoguard
The encoding used in most of the channels of the satellite television operator Sky. It is also used by the Kazakhstani system "OTAU TV". Smart cards intended for viewing TV channels in this encoding are “tied” to the receiver (ie, in other receivers, the same type on which the card was activated is inoperable). Hacked, not completely: for example: Sky UK, Sky Italia. There is software that allows you to watch part of Viasat Nordic channels without cardsharing (channels SVT1, SVT2, DR1, DR2, NRK1, NRK2, NRK3, NRK Super, Kunskapskanalen, SVT Barnkanalen, SVT 24, TV2)

Dreamcrypt
Used by some satellite TV operators to broadcast "adult content" (strawberries) from the Hotbird satellite.

At this time, there is no information about the hacking. The only manufacturer of CAM modules SMiT. Used by the provider IDC in Transnistria to encode multichannel television.

Other systems
Codicrypt
Cryptoworks
KeyFly
Omnicrypt
Neotion SHL
SkyPilot
Verimatrix

Hacking Conditional Access Systems
It is carried out using:

Fake access card
Pirated software in the receiver
Keys for software decoding
Another method of unauthorized viewing of paid commercial television is also known - cardsharing. It works by transferring keys from one (or several) licensed smart cards of conditional access to other receivers via the Internet, LAN, WIFI.

If it was not possible to solve the problem, then we are always happy to help YOU on ours.

TV channels and radio stations (radio channels).

Classification

Scrambling algorithm:

Closed systems- use corporate encryption standards.
With a unified scrambling algorithm(Common Scrambling Algorithm) - based on the DVB standard (DVB compatible systems).
- SimulCrypt- requires agreement among operators who use different conditional access systems, but one encryption algorithm. The multiplex stream must contain packets for each system.
- MultiCrypt- Access to various systems conditional access via a removable PCMCIA card using the DVB-Common Interface (DVB-CI) interface standard. Allows you not to depend on service providers, but is more expensive than SimulCrypt.