SlideShare une entreprise Scribd logo

Conditional Access Systems

N
Namith CM

Introduction to CAS technology in PayTV industry, with focus on end-to-end key management for broadcast networks.

Technologie
1  sur  11
Introduction to Conditional Access Systems Namith CM
What is CAS?  A Conditional Access System is the collection of security components in the end-to-end pipeline of broadcast media, from source headend equipments to client devices.  PayTV systems generate revenue by enabling media content rights exclusively to viewers who pay for it.  “Paid channels” or channels with premium content, which are not available free-to-air.  Video-on-demand and movie-on-demand services.  In simple terms, in general, all devices in the network can theoretically get access to all the available (free-to-air and encrypted) media contents/streams. But only those devices with some specific keys can view the encrypted/protected contents. The secure management of these keys in the open network, is the prime responsibility of a CAS vendor.
Types of CAS in PayTV systems  Smartcard based solution  Smartcard contains proprietary security logic for decryption.  Proven and tested, and most widely accepted solution.  Recovery time after hacking is high, since cards need to be replaced.  CAM-based solution  Similar to smartcard based, but the device is just provided with a slot for CAM module, and any smartcard (meeting CAM requirements) should be able to work.  More open standard, but poor adoption by market leaders.  Cardless or full-software solution  SoC level security features are used by software modules.  Relatively newer technology, cheaper and growing in popularity.  Recovery time after hacking is very low, hence discouraging hackers.
CAS for Broadcast Networks  The next few slides explain the end-to-end management of secure content.  This is a very generalized and simplistic explanation (intended for engineers with DVB background), and not specific to any particular CAS vendor.  The basic concept would be similar for all Broadcast CAS systems, with slight variations in the number of levels for key encryption, key ladder logic, encryption/scrambling algorithms used, etc.
Scrambling and Descrambling Free-to-air service Scrambled service Scrambler Control Word (CW) Random key, from a Random Number Generator Can this key be sent to STB clients without encryption? Think about ECM! Should it same for all users? Think about bandwidth! Scrambled service Descrambler Free-to-air service @ Headend Mux @ STB Client How frequently should this key be changed? Think about brute-force attacks!
Why is CW shared? ESPN (free-to-air) ESPN (user-1) Scrambler CW-1 CW-2 CW-3 CW-4 ESPN (user-2) ESPN (user-3) ESPN (user-4) Bandwidth wastage. Millions of users. Impractical! Multiple CW impractical, so use common CW per service
Why is ECM shared? Encryptor Key-1 Key-2 Key-3 Key-4 CW ECM (user-1) ECM (user-2) ECM (user-3) ECM (user-4) Multiple ECM impractical, so use common ECM per service Bandwidth wastage. Millions of users. Will run short of PIDs. Even if sent on same PID, the overhead to encrypt & send so many million ECMs so frequently is too high. Thus impractical!
End-to-end Key Handling (Headend) CW Kser1 CWenc CWenc ECM Kusr1 K-ser1enc K-ser1enc EMM KserN K-serNenc K-serNenc Kusr1 Khw from SoC/smartcard db K-usr1enc K-usr1enc AUTH Common to all User-specific or group-specific, common PID User-specific, common PID … … Free-to-air service Scrambled serviceScrambler Common to all CW
K-usr1 End-to-end Key Handling (STB Client) K-usr1enc AUTH K-ser1enc EMM K-serNenc … CWenc ECM Khw from SoC or smartcard K-usr1K-usr1enc K-ser1enc K-ser1 CWenc CW Free-to-air serviceScrambled service Descrambler CW K-serNenc K-serN …
Simulcrypt MUX Scrambler CW- generator & Simulcrypt Synchronizer (SCG) PID/Tables generator & multiplexer Free-to-air service Scrambled service CAS-1 EMM g ECMg CAS-2 EMM g ECMg ECM-1 EMM-1 ECM-2 EMM-2 CW CAT CA descriptors EMM-1 PID (CAS- 1) EMM-2 PID (CAS- 2) PMT CA descriptors ECM-1 PID (CAS- 1) ECM-2 PID (CAS- 2) EMM-1 EMM-2 ECM-1 ECM-2 Enables coexistence of multiple CA systems operating simultaneously in the same network.
Thank You! http://linkedin.com/in/namithcm

Recommandé

DVBSimulcrypt
DVBSimulcryptDVBSimulcrypt
DVBSimulcryptaniruddh Tyagi
 
Bassics Of Biss Scrambling
Bassics Of Biss ScramblingBassics Of Biss Scrambling
Bassics Of Biss ScramblingSais Abdelkrim
 
Set Top Box
Set Top BoxSet Top Box
Set Top BoxNamith CM
 
Stb
StbStb
StbĐặng Đức
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE MonitoringYoss Cohen
 
dmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confdmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confSumanPramanik7
 
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)Ilissa Miller
 
HDCP
HDCPHDCP
HDCPBenjamin Kreeger
 

Recommandé

DVBSimulcrypt
DVBSimulcryptDVBSimulcrypt
DVBSimulcryptaniruddh Tyagi
 
Bassics Of Biss Scrambling
Bassics Of Biss ScramblingBassics Of Biss Scrambling
Bassics Of Biss ScramblingSais Abdelkrim
 
Set Top Box
Set Top BoxSet Top Box
Set Top BoxNamith CM
 
Stb
StbStb
StbĐặng Đức
 
IPTV QoE Monitoring
IPTV QoE MonitoringIPTV QoE Monitoring
IPTV QoE MonitoringYoss Cohen
 
dmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confdmt modulation cpe security in wifi Dsl adsl cpe conf
dmt modulation cpe security in wifi Dsl adsl cpe confSumanPramanik7
 
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)A recap of the JMA webinar hosted by NEDAS on December 13, 2017)
A recap of the JMA webinar hosted by NEDAS on December 13, 2017)Ilissa Miller
 
HDCP
HDCPHDCP
HDCPBenjamin Kreeger
 
IMS Standards
IMS StandardsIMS Standards
IMS StandardsMarie-Paule Odini
 
IPTV Basics
IPTV BasicsIPTV Basics
IPTV BasicsGAUTAM KOPPALA (JORGE)
 
HDMI
HDMIHDMI
HDMISwaroop Reddy Bugulu
 
Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Basics of IPTV
Basics of IPTVBasics of IPTV
Basics of IPTVRitul Sonania
 
Iptv
IptvIptv
IptvRajan Kumar
 
Hdmi
HdmiHdmi
HdmiNIKHIL NAIR
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTVDulith Kasun
 
Remote Access
Remote AccessRemote Access
Remote Accesszaisahil
 
Hdmi
Hdmi Hdmi
Hdmi pratikblackunicorn
 
Practical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP CommunicationsPractical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP Communicationsiphonepentest
 
Linkedin
LinkedinLinkedin
Linkedindgarrard
 
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...shrinathAcharya
 
HDMI
HDMIHDMI
HDMIVisva Jeet
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)Peter R. Egli
 
Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Mahdi Ameri
 
PathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVPathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVAndrew Tram
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
Hdmi cables
Hdmi cablesHdmi cables
Hdmi cablesJasgt Singh
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP VideoVideoguy
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 
Mamouth white paper
Mamouth white paperMamouth white paper
Mamouth white paperW Fred Seigneur
 

Contenu connexe

Tendances

Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTVDulith Kasun
 
Remote Access
Remote AccessRemote Access
Remote Accesszaisahil
 
Practical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP CommunicationsPractical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP Communicationsiphonepentest
 
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...shrinathAcharya
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)Peter R. Egli
 
Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Mahdi Ameri
 
PathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVPathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVAndrew Tram
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP VideoVideoguy
 

Tendances (20)

IMS Standards
IMS StandardsIMS Standards
IMS Standards
 
IPTV Basics
IPTV BasicsIPTV Basics
IPTV Basics
 
HDMI
HDMIHDMI
HDMI
 
Remote access connection
Remote access connection Remote access connection
Remote access connection
 
Basics of IPTV
Basics of IPTVBasics of IPTV
Basics of IPTV
 
Iptv
IptvIptv
Iptv
 
Hdmi
HdmiHdmi
Hdmi
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTV
 
Remote Access
Remote AccessRemote Access
Remote Access
 
Hdmi
Hdmi Hdmi
Hdmi
 
Practical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP CommunicationsPractical Attacks Against Encrypted VoIP Communications
Practical Attacks Against Encrypted VoIP Communications
 
Linkedin
LinkedinLinkedin
Linkedin
 
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
Excelfore releases Full Ethernet AVB Stack for ADAS and Infotainment Endpoint...
 
HDMI
HDMIHDMI
HDMI
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)
 
Multimedia Streaming (Networking)
Multimedia Streaming (Networking)Multimedia Streaming (Networking)
Multimedia Streaming (Networking)
 
PathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TVPathTrak™ Video Monitoring System for Cable TV
PathTrak™ Video Monitoring System for Cable TV
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
Hdmi cables
Hdmi cablesHdmi cables
Hdmi cables
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP Video
 

Similaire à Conditional Access Systems

LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLinaro
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
3M CG6000
3M CG60003M CG6000
3M CG6000savomir
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 parisMarcel Hartgerink
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular SystemsACMBangalore
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxMatt Leming
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Mi0035 computer networks...
Mi0035 computer networks...Mi0035 computer networks...
Mi0035 computer networks...smumbahelp
 
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryptionRK Nayak
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEEMEMTECHSTUDENTPROJECTS
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...IEEEFINALYEARSTUDENTPROJECT
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...IEEEGLOBALSOFTSTUDENTSPROJECTS
 

Similaire à Conditional Access Systems (20)

HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic Training
 
Mamouth white paper
Mamouth white paperMamouth white paper
Mamouth white paper
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
3M CG6000
3M CG60003M CG6000
3M CG6000
 
Workshop 16 october 2015 paris
Workshop 16 october 2015 parisWorkshop 16 october 2015 paris
Workshop 16 october 2015 paris
 
Securing Wireless Cellular Systems
Securing Wireless Cellular SystemsSecuring Wireless Cellular Systems
Securing Wireless Cellular Systems
 
IBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptxIBM MQ Whats new - up to 9.3.4.pptx
IBM MQ Whats new - up to 9.3.4.pptx
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
Mi0035 computer networks...
Mi0035 computer networks...Mi0035 computer networks...
Mi0035 computer networks...
 
Mi0035
Mi0035Mi0035
Mi0035
 
CMTAS-04
CMTAS-04CMTAS-04
CMTAS-04
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
 
Gsm security and encryption
Gsm security and encryptionGsm security and encryption
Gsm security and encryption
 
ATM
ATMATM
ATM
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS Secure outsourced-attribute-base...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
 
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
2014 IEEE JAVA PARALLEL DISTRIBUTED PROJECT Secure outsourced-attribute-based...
 

Dernier

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Conditional Access Systems

  • 2. What is CAS?  A Conditional Access System is the collection of security components in the end-to-end pipeline of broadcast media, from source headend equipments to client devices.  PayTV systems generate revenue by enabling media content rights exclusively to viewers who pay for it.  “Paid channels” or channels with premium content, which are not available free-to-air.  Video-on-demand and movie-on-demand services.  In simple terms, in general, all devices in the network can theoretically get access to all the available (free-to-air and encrypted) media contents/streams. But only those devices with some specific keys can view the encrypted/protected contents. The secure management of these keys in the open network, is the prime responsibility of a CAS vendor.
  • 3. Types of CAS in PayTV systems  Smartcard based solution  Smartcard contains proprietary security logic for decryption.  Proven and tested, and most widely accepted solution.  Recovery time after hacking is high, since cards need to be replaced.  CAM-based solution  Similar to smartcard based, but the device is just provided with a slot for CAM module, and any smartcard (meeting CAM requirements) should be able to work.  More open standard, but poor adoption by market leaders.  Cardless or full-software solution  SoC level security features are used by software modules.  Relatively newer technology, cheaper and growing in popularity.  Recovery time after hacking is very low, hence discouraging hackers.
  • 4. CAS for Broadcast Networks  The next few slides explain the end-to-end management of secure content.  This is a very generalized and simplistic explanation (intended for engineers with DVB background), and not specific to any particular CAS vendor.  The basic concept would be similar for all Broadcast CAS systems, with slight variations in the number of levels for key encryption, key ladder logic, encryption/scrambling algorithms used, etc.
  • 5. Scrambling and Descrambling Free-to-air service Scrambled service Scrambler Control Word (CW) Random key, from a Random Number Generator Can this key be sent to STB clients without encryption? Think about ECM! Should it same for all users? Think about bandwidth! Scrambled service Descrambler Free-to-air service @ Headend Mux @ STB Client How frequently should this key be changed? Think about brute-force attacks!
  • 6. Why is CW shared? ESPN (free-to-air) ESPN (user-1) Scrambler CW-1 CW-2 CW-3 CW-4 ESPN (user-2) ESPN (user-3) ESPN (user-4) Bandwidth wastage. Millions of users. Impractical! Multiple CW impractical, so use common CW per service
  • 7. Why is ECM shared? Encryptor Key-1 Key-2 Key-3 Key-4 CW ECM (user-1) ECM (user-2) ECM (user-3) ECM (user-4) Multiple ECM impractical, so use common ECM per service Bandwidth wastage. Millions of users. Will run short of PIDs. Even if sent on same PID, the overhead to encrypt & send so many million ECMs so frequently is too high. Thus impractical!
  • 8. End-to-end Key Handling (Headend) CW Kser1 CWenc CWenc ECM Kusr1 K-ser1enc K-ser1enc EMM KserN K-serNenc K-serNenc Kusr1 Khw from SoC/smartcard db K-usr1enc K-usr1enc AUTH Common to all User-specific or group-specific, common PID User-specific, common PID … … Free-to-air service Scrambled serviceScrambler Common to all CW
  • 9. K-usr1 End-to-end Key Handling (STB Client) K-usr1enc AUTH K-ser1enc EMM K-serNenc … CWenc ECM Khw from SoC or smartcard K-usr1K-usr1enc K-ser1enc K-ser1 CWenc CW Free-to-air serviceScrambled service Descrambler CW K-serNenc K-serN …
  • 10. Simulcrypt MUX Scrambler CW- generator & Simulcrypt Synchronizer (SCG) PID/Tables generator & multiplexer Free-to-air service Scrambled service CAS-1 EMM g ECMg CAS-2 EMM g ECMg ECM-1 EMM-1 ECM-2 EMM-2 CW CAT CA descriptors EMM-1 PID (CAS- 1) EMM-2 PID (CAS- 2) PMT CA descriptors ECM-1 PID (CAS- 1) ECM-2 PID (CAS- 2) EMM-1 EMM-2 ECM-1 ECM-2 Enables coexistence of multiple CA systems operating simultaneously in the same network.