– Tor-Helge-Kristiansen, EVP-Principle-Architect, Conax
Piracy is about more than just content stealing, it is a threat that has the potential to bring down whole networks. Niall Hunt talks to Conax EVP and Principal Architect Tor Helge Kristiansen about the right approach to ensuring network security.
“The piracy problem is not specific for a region, it is a global problem,” says content security and conditional access pioneer Tor Helge Kristiansen. “There are different kinds of piracy in different regions – usually related to the availability of high-speed internet.”
In Africa, Kristiansen, who works for Kudelski-owned content security specialist Conax, the “biggest threat is around card sharing and content key sharing”, because of general limited internet capabilities on the continent?
Kristiansen explains: “The region is predominantly covered by satellite and satellite has a higher security exposure than other networks because the beam reaches the entire continent, which means the market potential for the pirates becomes very large. So you can hack an operation in a different country and use that hack throughout the continent.”
Finding the pirates
One of the challenges in beating piracy is raising awareness of the problem. “The issue with hacking is sometimes more widespread than most operators like to think,” he says.
Kristiansen suggests that while content piracy through card cloning, card sharing, content key sharing and illegal streaming is “usually the first thing you think about when it comes to hacking and piracy”, the problem often goes beyond this.
“There are other types of attack that can be equally devastating for the operator, which is going to be the main topic of my talk at TV Connect Africa,” he adds. “These include distributed denial of service attacks in which hackers use the operators’ platforms, the hybrid set-top boxes of the operator to launch an attack on other institutions and companies.”
“Other types of attacks include ransom attacks, in which you can take control of the PVR of the set-top box and demand a ransom to re-open it. There are types of blackout and blackmail attempts, for instance, where you see a shutdown of the service, where attackers demand a huge payment to reopen it,” he adds. “These types of attack can be devastating to an operator”, Kristiansen says, citing the cyber attacks on the back-end systems of French TV channel, TV5Monde, in April 2015.
Yves Bigot, the director-general of TV5Monde, told the BBC of the attacks: “It’s the worst thing that can happen to you in television.”
Increasing demands on operators to deliver content to a multitude of devices increases the complexity of the ecosystem that needs securing. “Unfortunately this also introduces more attack points for the hacker as the more complex the solution becomes the more potential weaknesses there are in the system,” Kristiansen says.
For Conax and Kristiansen, to make operator’s systems as safe as possible “it is really important to have a holistic view of security”. “Always look for security in all elements, because security is no stronger than the weakest link,” he says.
Kristiansen explains: “We work in various ways with operators to make sure they can be as secure as they can be, ranging from providing the best possible CAS and DRM solutions, but we also work a lot with operators, device vendors and with system vendors on security guidance and security evaluations making sure that they are making things as secure as they can be.”
“Finally, we need a lot of anti-piracy services, so if there is an attack on your operation, you are able to identify it, that you are able to track it down and stop it,” he says.
One thing that compounds security issues is the rapid changes in technology used to deliver content. Kristiansen says: “This is a big part of the problem, because one of the biggest trends that we see is content being consumed on more devices that are out of the operator’s control”.
These include smartphones, tablets, PCs, gaming consoles, smart TVs and beyond. “These are all built by companies in which the operator has no control over the security. But still, the operator is expected to bring the content to these devices,” he says.
He adds: “Vendors providing the tablets and smartphones often deploy vertical integrations with their own standards, so reaching an Apple ecosystem is very different to reaching a Google ecosystem and definitely very different from the ecosystem that the operator themselves use.”
Another trend is the rapid release of new products and services. “The TV industry has been used to long release cycles, releases every two years and so on. If you look at operators like Netflix, these guys make changes on a daily basis,” Kristiansen points out.
“This is also a challenge for the operator, because as things change quickly, you have less time to evaluate the security impact of what you are doing. And, you need to ensure that the underlying platform is built with an architecture that can sufficiently protect the really sensitive stuff from all these experiments.”
Kristiansen explains that “secure separation” is an approach that Conax has put a lot of effort into. “We can clearly separate the really sensitive security components handling the CA and content protection, for instance, from the application environment in Android in which you want to be as flexible as possible,” he says.
Shallow vs deep integration
If operators were to do one thing tomorrow to improve their security, Kristiansen advises: “Build a very strong security architecture into the solution. Make sure the focus is high on securing the devices as much as you can. You need to utilise new security mechanisms that are available in each and every platform.”
He explains that it is a matter of shallow security integration vs deep integrations. Shallow integration he says is a “one-size-fits-all” approach that “means you are putting your software on top of generic hardware, generic functions and you try to use the same software on all devices”. However, this approach means that “you cannot use security mechanisms that are available on particular devices because they aren’t available on other devices”.
“The better way is a deep integration,” Kristiansen says, “where you are utilising the security capabilities of the various devices. So you will end up with slightly different implementation and integration into the various chipsets, various set-top boxes, various TVs and so on. But you will end up with a security solution that is much better.”
He cites the approach taken by Apple in its devices that have media pipelines protected by hardware. Other STB and chipset vendors also do the same. “So you can do a lot more by going in and asking what the chipset provides in terms of security and what you can do to improve this security,” Kristiansen says.
“It is all about the weakest link. You need to think about this everywhere, so if there is a link that is really weak, you need to consider whether it makes business sense to actually introduce this device as you might compromise the security of the rest of the ecosystem (that you have spent a lot of money building),” he points out.
Kristiansen will be covering some of the topics above at TV Connect Africa in his presentation: Beyond piracy – why content protection is not enough. His session will cover the damage that can be inflicted on pay-TV operators by STB hacking and how operators can prevent such attacks.
He says events such as TV Connect Africa are a really important place to “learn, get inspiration, and to discuss with others on what they are doing to find the newest technology trends”.
He concludes: “This is one of the things that really drive us forward as an industry – the fact that we are all in the same boat that we are trying to get to the same goal and we can get inspiration from each other. On a more personal level, it is a good arena to meet up with friends among customers, partners, and so on. It is a rather small industry, we meet the same people year after year and that’s always nice.”