39

And if it is possible, why has it been decided to keep using a smart card for this task?

I will be grateful if you can provide some practical examples on how to bypass the use of a smart card (if possible).

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
Israfel_21
  • 399
  • 1
  • 3
  • 3

2 Answers2

50

A satellite TV system must face the following challenge: it is one-way. The receivers cannot do anything but receive; they cannot emit anything.

The generic problem is known as broadcast encryption. In practice, things go that way:

  • Each subscriber has a smartcard, and that card contains a key Ks specific to that subscriber.
  • The media stream is encrypted with a key K. That key is updated regularly.
  • Along with the media stream, the publisher sends K encrypted with each Ks in circulation. That is, every minute or so, thousands of small blobs are sent in some "holes" in the data stream (apparently there is sufficiently free bandwidth for that); all these blobs contain K, but encrypted with the key of a subscriber.

Thus, a given decoder will just wait for the blob which contains K encrypted with his card-specific key Ks, and use the card to obtain K and decrypt the stream.

When a subscriber is no longer a subscriber (he ceased to pay), the publisher simply stops sending the blob containing K encrypted with the corresponding Ks. The next time K is updated (it happens several times per day), the ex-subscriber is "kicked out".

In older times, media publishers had the habit of doing everything "their way", which means that they designed their own encryption algorithms, and they were very proud of them, and kept them secret. Of course, such secrets were never maintained for long because reverse engineering works well; and, inevitably, these homemade encryption algorithms almost invariably turned out to be pathetically weak and breakable.

Nowadays, the publishers have begun to learn, and they use proper encryption. In such a situation, the only recourse for attackers is to clone smartcards, i.e. break their way through the shielding of a legally obtained smartcard, to get the Ks of that card. Breaking through a smartcard is expensive, but not infeasible, at least for the kind of smartcard that are commonly used for such things; it requires a high-precision laser and an electronic microscope, and is rumoured to cost "a few thousands of dollars" for each break-in. Attackers do just that.

Publishers react in the following way: with traditional police methods. The cloning method is worth the effort only if thousands of clones can be sold, as part of some underground market. Inspectors just masquerade as buyers, obtain a clone, see what card identity the clone is assuming, and deactivate the corresponding subscriber identity on the publisher side, evicting all clones of that card in one stroke.

From what I have seen, the break-clone-sell-detect-deactivate cycle takes about two weeks. It is more-or-less an equilibrium: the non-subscribers who accept the semi-regular breakage of connectivity are in sufficient numbers to maintain professional pirates, but they are not numerous enough to really endanger the publishers' business model.


We may note that Blu-ray discs are a much more challenging model, because readers can be off-line and must still work; and though each Blu-ray reader embeds its own reader-specific key, there is not enough room on a Blu-ray disc to include "encrypted blobs" for all readers in circulation. They use a much more advanced algorithm called AACS. However, for satellite TV, the simple method described above works well.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • [I was reading up on Broadcast encryption](http://xenon.stanford.edu/~horwitz/pubs/broadcast.pdf) and quickly got overwhelmed. If you know of any roadmap to getting from this description to the next concepts I should learn, I'd be very grateful – makerofthings7 Sep 04 '13 at 21:17
  • 1
    The article you link to is extremely formal and theoretical; beginning with it is hardly recommended. For a more practical description of AACS, try [that one](http://cacr.uwaterloo.ca/techreports/2007/cacr2007-25.pdf). – Thomas Pornin Sep 04 '13 at 22:14
  • I wish to add that cloning Smart Cards does not guarantee the access to paid bouquet ( depends STB & service) as most manufacturers these days use paired set-top boxes, meaning the smart card (CAS) is paired to the decoder's chipset, even using the same original smart card on two different set-top box (same make /model ) will not work.. it is designed in a way that every SC has its unique decoder.. I'm not an expert in encryption but if you were to decrypt signal then it is definitely not the Smart card where you should look at.. – Awena Dec 18 '14 at 05:05
  • @Awena: who says there's no market for manufacturing unlocked/modified set-top box? – Lie Ryan Jul 06 '15 at 01:26
19

This is just some extra information but it didn't fit as a comment under Thomas' answer.

There's an interesting pirating method that have made it possible for the cycle to extend way longer than two weeks. It's called CardSharing. Here's how it works:

  • Somebody buys a legitimate card and inserts it into a modified satellite receiver that will use the card to decrypt and reveal K (which changes several times a day).

  • K is updated on a central servers to which satellite receivers connect and fetch the key. Many people use PC satellite devices such as SkyStar.

  • The key is used to decrypt the stream. Once the key is changed, the satellite receiver will ask for a new one from the central pirating server and repeat the process.

That way, the provider has no way of knowing who is the source of the leak since only the non-personal K ("control word") is being shared rather than the personal subscriber-specific key.

Adi
  • 43,953
  • 16
  • 137
  • 168
  • 1
    How does the Sun make sure that only those, who paid for her beams will brown out? You should put some more effort to eliminate the superflous cycles in satellite => receiver => decode => scramble => unscramble => TV. – ott-- Sep 04 '13 at 22:40
  • I use a NEWCAMD protocol on my digital receiver and have currently access to more than 1,200 encrypted channels.. These server accounts are available everywhere over here. Not all Stbs can support card sharing, depends the software & needs an ethernet port. Legal? it is not legal, but the government does not care or act towards this. it is sold over the counter for as low as 10$/year... – Awena Dec 18 '14 at 05:17