SECURE – ENGAGING – EVERYWHERE
DTV.NAGRA.COM
UNIFYING CONTENT SECURITY ON CONNECTED DEVICES
WHITE PAPER - SEPTEMBER 2015
Freeing Pay-TV Service Providers to Pursue Next-Generation TV While Reducing the Cost and Complexity of Running Multiple CAS & DRM Systems
2
+ Rationalize Legacy
– Rationalizing multiple security clients drives efficiency & consistency across all services
+ Ensure Adaptive Security
– The ability to support the best possible end-to-end security on every device is key to driving service growth
+ Be Ready for 4K
– “Enhanced Content” (Ultra HD, HDR) Is coming and it’s driving increased security requirements
+ Reach Every Device
– Efficiently supporting open CE devices is critical to success
This paper looks at the evolving needs of pay-TV service providers as their growing multi-screen distribution strategies create increasing complexity in their content protection systems. It highlights the four key drivers that are causing pay-TV companies to reconsider their existing CAS/DRM architectures, and explains the reasons for moving toward a more unified approach that streamlines the implementation and operation of content security across multiple networks and devices. Those key drivers are :
EXECUTIVE SUMMARY
3
Depending on the type of service provider, becoming a
multi-network operator has meant different things. For
satellite and terrestrial service providers, it has meant
complementing their existing platforms with OTT-
delivered services like catch-up TV, SVOD and premium
VOD services. Meanwhile, cable operators are beginning
the transition to all-IP with DOCSIS3.x and Fiber to the
Home (FTTH), creating a single network for distribution
of ABR Multicast and Unicast services. Even Telco’s –
who have always delivered video over IP – are evolving
to fully integrate multi-cast and on-demand OTT content
into single, multi-device service delivery platforms.
The evolution of these multi-network services has
often happened organically, with new ways of delivering
content being implemented in parallel to legacy systems.
This has often resulted in multiple service delivery and
content protection systems being used, with two or
more security schemes being implemented on many
set-top boxes and other connected devices to support
the different services. This amalgamation of systems
and vendors is now pushing the operational capabilities
of some service provider organizations to the limit and
making the overall management of multi-network video
delivery platform unnecessarily complex.
While the word “hybrid” was only a great new idea for delivering video a decade ago, today it is a solid reality for most pay-TV service providers. The modern pay-TV operator is becoming almost universally “multi-network”, driven by strong broadband penetration, mass consumer adoption of open CE devices, and the business need to create “stickier” services that increase customer loyalty and that prevent churn. The popularity of pure Over-The-Top (OTT) services from companies like Netflix and Amazon as well as directly from the content providers themselves (e.g. HBO, Sony and CBS), only increases the urgency for pay-TV service providers to provide their premium content over multiple networks to any device.
INTRODUCTION
OTT
DTH
CABLE TELCO
4
The pace of transformation in the pay TV industry has reached a point where the flexibility service providers require to pursue new opportunities can only be achieved through a far more unified approach to service delivery. In addition to rationalizing video and metadata workflows, the other critical element to unify is content protection,
which requires an all-new, streamlined approach to ensuring secure delivery of content not only to operator-
controlled set-top boxes (STBs), but also to all other connected CE devices like PC/Mac, smartphones, tablets and
Connected TVs. And this must be done across broadcast, multi-cast, OTT and throughout the connected home in
order to ensure that the consumer has a consistent experience across all devices while still ensuring that content
licensing agreements are fully respected.
Adding to these challenges is the increasing complexity of content suppliers’ security requirements. These
requirements vary widely depending on:
Type of Delivery Network
Live Streaming vs.On-Demand Content
Types of Viewing Devices(Operator Controlled vs. Open CE)
Business Models(Subscription, Transaction, EST...)
Content Exclusivity
Enhanced Content(Quality, Window)
Multi-network service providers therefore need a unified security client that allows them to implement whatever levels of protection are required to satisfy consumers’ demand on any device, anywhere “on the go” and in the
home, and access to any type of content – whether it be live or on demand, from the service provider themselves or
from third-party pure OTT players like Netflix or YouTube.
5
RATIONALIZING MULTIPLE SECURITY CLIENTS DRIVES EFFICIENCY & CONSISTENCY ACROSS ALL SERVICES Increasingly, operator-controlled STBs are IP-
connected, whether as a sole method of content
delivery (e.g. OTT or IPTV STBs) or as a complement to
broadcast content delivery (hybrid STBs). But until now,
STBs have had to incorporate two or more completely
parallel content protection systems: a conditional
access system to secure broadcast and multicast
content, and one or more digital rights management
(DRM) systems to secure OTT content and local
content protection within the home. This has required
multiple integration efforts, multiple sets of security
requirements and certifications, and multiple head-
end servers, which has not assisted service providers
in quickly and efficiently delivering an optimized,
unified service to their subscribers. This has lead to a
situation where hybrid set-top boxes require twice the
work to implement both broadcast/IPTV and OTT/home
networking security:
The lack of a single, responsible party for resolving all security-related issues with the device therefore leads to inefficiency and risk that is undesirable to most businesses.
The introduction of a single security client to support
DVB, IPT V, OTT and in-home distribution would
therefore resolve all these problems and provide
additional capabilities and operational improvements
to the business, as long as they are driven by a common
headend.
As pay-TV service providers formulate strategies to tap the many new opportunities emerging at this industry-wide inflection point in the evolution of pay TV, they must take a new approach to security management as a first step toward freeing themselves from the restrictions of the past. In the discussion that follows we explore the four key security-related challenges and opportunities that pay-TV service providers should consider while planning next-generation multi-network/multi-device service delivery and content security architectures in order to ensure their systems are streamlined, future-proof, and provide the business functionality required to innovate new consumer services.
THE FOUR KEY DRIVERS TOWARD A UNIFIED SECURITY CLIENT
CAS Client DRM Client
Testing & CertificationContent Provider Security RequirementsVendors RelationshipsHeadend Servers & InterfacesLicensing & Maintenance FeesService Level AgreementsChange Request ProcessesBreach Response Processes
Testing & CertificationContent Provider Security RequirementsVendors RelationshipsHeadend Servers & InterfacesLicensing & Maintenance FeesService Level AgreementsChange Request ProcessesBreach Response Processes
6
+ Network Protection = Securing the transmission
+ Device Protection = Securing the security system
from attack on the device
+ Content Protection = Securing the programming itself
+ Ecosystem Security = Fighting piracy outside
the traditional broadcast paradigm - including
content sharing and streaming - as well as
securing the service provider’s IT infrastructure
(OTT backend, billing, payments, etc.
This combination of technologies and services has given
pay-TV providers excellent revenue assurance since
the launch of the first DVB services in the mid 1990’s.
The current-generation STB security integration
best practices ensure this high level of protection by
implementing the following:
+ A propriety hardware root of trust (HWRoT)
including countermeasures that can be seamlessly
applied across different System on a Chip (SoC)
vendors and for which the CAS vendor takes full
responsibility independent from the SoC vendor.
+ Device-level hardware and software security
guidelines and requirements backed up by a
rigorous certification process, creating the
equivalent of a Trusted Execution Environment
(TEE) in the STB with typical requirements like
debug port lockdown, trusted applications, etc.
+ A CAS vendor-controlled boot loader process to
protect the service provider’s investment in the STB
hardware against unauthorized tampering our usage
outside of the intended geography or purpose.
Though this process continues to provide the benefits
outlined above, in an increasingly open and OTT-driven
world, it is beginning to be seen by many service
providers as restrictive for several reasons:
+ They want to support new application
environments like Android TV or other HTML5-
based application environments like RDK.
+ They increasingly require support for 3rd-party
apps like Netflix and YouTube which bring with
them their own streaming formats, DRM and
security requirements.
+ They desire a CAS vendor-independent HWRoT
and boot loader in order to be able to support
multiple security systems in the box
+ They are looking to improve the speed of
traditional STB integration processes, which
sometimes take months instead of weeks.
+ They wish to extend a similar process to other
devices like Connected TVs and open CE devices
THE ABILITY TO SUPPORT THE BEST POSSIBLE END-TO-END SECURITY ON EVERY DEVICE IS KEY TO DRIVING SERVICE GROWTHThough this is now rapidly changing, the STB has
traditionally been an operator-controlled device and
the primary channel for delivering pay-TV services.
Through a specified integration and certification
process, the service provider’s chosen security partner
integrates their CAS or DRM-based security into
devices with the associated warranties and guarantees.
This comprehensive protection usually includes the
following components:
CONTENT DEVICE CONTENT ECOSYSTEM
CYBER SECURITYCAS DRM
7
The emerging requirements of service providers will therefore require next-generation content security vendors to offer a flexible range of adaptive security solutions that provide the highest level of security possible on each device according to the infrastructure that device provides. The range of device environments
requiring a flexible adaptive security approach include:
1. Devices with proprietary HWRoTs, which will
continue to offer the highest levels of security (with
the associated warranties and guaranties).
2. More open STBs like Android STBs that use
standardized HWRoTs and offer a Trusted Execution
Environment (TEE) will offer a high but lesser
degree of security because they source elements of
the overall security solution from different parties,
making it impossible for any one party to take full
liability for the overall security solution.
3. Legacy STBs that contain no HWRoT or an
inaccessible HWRoT, which can still be secured
using a software-only security client, but this is
inherently less secure than the prior two solutions
and is reserved for situations where the benefit
outweighs the risk. This allows for, for instance, the
replacement of legacy conditional access or DRM
systems that the service provider no longer wishes
to use.
4. Open CE devices, which must implement secure
player technologies that include security features
like individualization, obfuscation, anti-tampering
and device revocation, as well as leveraging a
HWRoT and TEE if this is available.
It is therefore critical that service providers choose
flexible, capable technology partners that can provide
the highest level of security available on any device
in order to protect their revenues and ensure content
provider requirements are met.
“ ENHANCED CONTENT ” (ULTRA HD, HDR) IS COMING AND IT’S DRIVING INCREASED SECURITY REQUIREMENTSNew levels of security tied to licensing of high-value content for new types of services have been under discussion
for some time and have a major impact on future pay-TV service provider technology choices. Hollywood studios
began to consider increased security requirements to support high-priced home theater services that would
make new movies available day and date or soon after theatrical release. While pushback from theater chains
opposed to this policy sidetracked the effort, it’s now clear these higher security requirements will come back
into play with the licensing of “Enhanced Content” movies, meaning those delivered in Ultra HD, HD HDR and/or
very early release windows.
8
and other measures that have not been part of the typical multiscreen pay TV paradigm.
The need to accommodate the ECP securit y requirements is imminent, as evidenced by the pace of preparations for expanded Ultra HD services across the pay TV and OTT sectors. While considerable uncertainty remains as to what the
standards will be for ECP services, including the extent
to which High Dynamic Range (HDR) technologies will
become part of the equation, a higher-than-anticipated
pace of penetration of Ultra HD TV sets has triggered
Ultra HD service rollouts on the part of Netflix, Amazon
and other OTT suppliers as well as a handful of pay-TV
service providers2.
Incorporating these requirements along with the other MovieLabs-recommended measures into the next-generation content protection systems has now become a top priority for multi-network service providers, and
must be considered for both broadcast, multicast and
OTT content. Having to ensure that multiple content
protection schemes comply to new requirements can
represent a significant overhead to new ECP-related
projects. On the other hand, having a Hollywood-trusted
strategic security partner and a unified security client
that addresses all of these requirements at once can
provide a major reduction in complexity, cost and time to
market for service providers.
1 MovieLabs Specification for Enhanced Content Protection Version 1.12 ScreenPlays, “Holding Back on UHD Serivces Not a Good Option for MVPDs”, February 2015
Binding to Device
Software Diversity
Integrity & Robustness
Revocation & Renewal
Outputs & Link Protection
Encryption
Secure Media Pipeline
Secure Computation Environment
Hardware Root of Trust
Forensic & PlaybackControl Watermarking
Breach Response
Certification
It is however worth noting that content owner security priorities might not always be the same as service provider security priorities. While studios’ primary interest is to ensure that their premium content is protected (especially in early release windows like first-run VOD), service providers have a much broader interest to ensure that the overall service is protected – especially premium live services in which the studios take little interest. It is therefore key when deciding on new content protection technologies and services to look at them from both these points of view.
MovieLabs, the research and development joint venture started by the six major motion picture studios, has
published new content security ECP requirements1 that include:
9
EFFICIENTLY SUPPORTING OPEN CE DEVICES IS CRITICAL TO SUCCESSAs consumers increasingly expect to be able to use their
own devices to consume pay TV services, operators
are faced with both a great opportunity as well as a
dilemma regarding security. They are forced to either
support the built-in DRM schemes available in some
devices, or must deploy software application-based
security in the form of secure players. Regardless of
the approach chosen, there are still several challenges
to face:
+ While Connected TVs represent a tremendous
opportunity for pay-TV service providers to
reach existing consumers more cost-effectively
without additional equipment like STBs and
CI+ modules, they have traditionally lacked the
necessary security infrastructure to meet studio
requirements for premium content protection.
Finding a strategic content security partner
who is able to provide a secure Connected TV
solution would therefore mean new subscriptions
delivered at a lower acquisition cost, as well
as enabling new business models and joint
promotion opportunities with TV manufacturers.
+ CE devices/browsers only support OTT but not
broadcast services, with the notable exception of
Connected TVs. And despite the quick progression
of OTT in the marketplace, broadcast still plays
an essential role for delivering pay-TV services.
It is therefore critical to find a content security
solution that provides a unified security client that
supports as many different use cases across as
many different networks as possible.
+ To achieve maximum device reach, service
providers may try to leverage the built-in
streaming technologies, native file formats and
security provided by many browsers and devices.
“Platform DRMs” like Apple Fairplay on iOS
and Safari, Microsoft PlayReady on Xbox and
Internet Explorer, Google Widevine on Chrome
and Android, etc. require that the service provider
leverage and rely on 3rd-party implementations
over which they have no control or say, making it
unclear who will actually develop new features
required and provide the necessary counter
measures in case of security breaches. Use of a
pay-TV operator-centric content security solution
is therefore preferable whenever possible in
order to ensure that the operator stays in charge
of their own technology destiny and has maximum
control and vendor support.
Service providers therefore need a strategic, pay-TV-centric security partner who will help them achieve maximum device reach, maximum control over their own technology roadmap, maximum responsiveness in case of breach, and maximum efficiency in operating their content security infrastructure so they can be freed up
to market new and innovative services to their customers.
10
Gaining the ability to efficiently provide ironclad security
in connected device environments has thus become the
linchpin to service provider’s opportunity to turn new
video consumption behavior to their advantage. Now, for
the first time, NAGRA’s anyCAST CONNECT platform
is providing operators the security management tools
they need to satisfy these requirements.
Through anyCAST CONNECT, operators have the ability
to dynamically provision the highest levels of security
matched to whatever devices consumers use to access
content at any point in time, whether the devices run
on the widely deployed chipsets embedded with
the NAGRA On-Chip Security root of trust, chipsets
employing TEE roots of trust or open CE devices that
provide no hardware-based security infrastructure.
Through utilization of a single client that seamlessly
manages content security and business rules in accord
with the requirements of each device, service providers
will have the flexibility to execute whatever business
models they deem appropriate to enhancing their
opportunities to satisfy consumers and improve ARPU.
anyCAST CONNECT represents the next generation of
content security for connected devices. With its flexible
design and the long-standing security expertise of
NAGRA, service providers get a unique solution that
optimizes cost, makes operations more efficient, and
allows for the faster and more consistent provisioning
of new services across multiple devices.
Developments disrupting the traditional pay TV business have generated much confusion among pay-TV service providers over how best to adjust to the new trends. As first-generation solutions have become increasingly complex to manage, a new and more unified approach is called for to drive business efficiency and take maximum advantage of emerging business opportunities.
CONCLUSION
11
NAGRA anyCAST CONNECT is part of a full range of broadcast and connected security solutions offered by NAGRA
in order to meet the needs of service providers delivering any content over any network to any device.
UNIFY CAS AND DRM FEATURESFOR CONNECTED DEVICES
SUPPORT A WIDE RANGE OF DEVICES
ENSURE MAXIMUM SECURITYON EACH DEVICE
UNIFY PRODUCT MANAGEMENTACROSS NETWORKS
MEET KEY STUDIOLICESING REQUIREMENTS
3RD PARTY PURE OTTSERVICE SUPPORT
+ Brings CAS and DRM together as single security client with a single integration, testing and certification effort and a single headend.
+ For use with STBs and gateways, Connected TV’s, PC/Mac and iOS/Android.
+ Supports the NAGRA proprietary and advanced HWRoT, “ NOCS3 ”+ Supports NOCS for TV, now being directly integrated into major TV chipsets+ Supports 3rd party HWRoT and TEEs in order to address open CE devices+ Can be implemented as a secure player for application-based security for
Android, iOS, browsers plug-ins
+ Use a single Security Services Platform to define business rules and across define use cases for DVB, IPTV, OTT and in-home content distribution
+ Meets MovieLabs requirements for Enhanced Content like Ultra HD
+ Brings pre-integrated support for services like Netflix which considers anyCAST CONNECT a Netflix-approved DRM scheme
BGA, SC or SIM
12
For more information on this White Paper, please contact the authors:
Sebastien KramerSVP Business Development and PLM
Christopher SchoutenSenior Director Product [email protected]
KUDELSKI, NAGRA, OPENTV, SMARDTV and their respective logos are trademarks, registered trademarks or service marks of Kudelski SA and/or its affiliates.
All other trademarks are the property of their respective owners.
All product and application features and specifications are subject to change at the sole discretion of Nagravision SA at any time and without notice.
© 2015 Nagravision SA - All rights reserved.
SECURE – ENGAGING – EVERYWHERE
DTV.NAGRA.COM
de
sig
n:
dia
bo
lo.c
om