This paper describes the market and technology trends that are influencing set-top box designs and explains how advanced features are creating new content security challenges for set-top box manufacturers.
Position paper download
Security impacts of next-generation set-top boxes
> Download full paper on Security Impacts of Next-Generation Set-Top Boxes
This paper is intended for product and business managers, security architects, development managers and other technical staff who are directly involved in the specification, design and development of advanced set-top boxes. This paper describes the market and technology trends that are influencing set-top box designs and explains how advanced features are creating new content security challenges for set-top box manufacturers.
Next-generation set-top boxes
Consumer demand for media-rich home entertainment services is driving innovation and new revenue opportunities in the set-top box (STB) industry. Next-generation STBs will integrate video content from multiple signal sources such as broadcast television, premium video-on-demand and Internet-based services, provide value-added capabilities like time-shifting, and allow content to be distributed to a variety of viewing devices including multi-room TV networks, personal computers, portable media players and other mobile devices.
However, this level of source variety and content portability
is inherently more susceptible to piracy, and increases the complexity of security requirements. Set-top boxes and their associated conditional access (CA) systems and digital rights management (DRM) technologies are under constant threat from device tampering, software security breaches and hacker attacks that can significantly impact the reputation and bottom line for both STB manufacturers and operators.
OEMs can overcome these security challenges by designing in protection mechanism that address the entire STB security lifecycle, including strong initial attack resistance, protection against automated attacks, easy in-field security updating and cost-effective breach response capability. STB OEMs who fully understand their security vulnerabilities, develop a sound security strategy and build in effective protection mechanisms will significantly lower the risks to their products and to their overall business.
Digital television increases devices and services
Digital television is undergoing a major transition. For consumers, the passive consumption of real-time premium video has evolved to include time-shifted and on-demand services accessible from personal/digital video recorders (PVRs/DVRs), personal computers, and portable media players. The penetration of these devices and services demonstrates the value consumers see in having a high level of freedom and control over their content viewing experience.
The “genie is out of the bottle” and consumers are demanding content from multiple signal sources viewed on a broader range of devices. Advances in networking and compression technologies are enabling an exploding number of alternative content providers to target such consumers with advanced “over the top” services and products to compete with traditional cable and satellite operators.
Incumbent operators are not standing still against the threat from OTT service providers and are deploying new services in response. The traditional digital set-top box that receives digital television broadcasts via cable and satellite sources is evolving to become a hybrid set-top box, supporting alternative sources of premium content including OTT video services.
Set-top boxes are also becoming content servers themselves, acting as a video source for other devices in the digital home including other set-top boxes, digital televisions, personal computers and other consumer electronics devices.
The operators and set-top box OEMs are heavily influenced by standards groups and regulatory bodies. For example, to promote retail set-top box competition and consumer electronics interoperability, standards such as CableLabs CableCARD in North America and DVB-CI+ in Europe are enabling third-party set-top boxes and digital-ready televisions to become part of the operator ecosystem.
It is well understood that premium television and video services are popular targets for piracy. For a set-top box manufacturer seeking to innovate in this environment, protecting their devices
and the content that passes through them is critical. The technologies and trends described above introduce a number of new and unique security challenges for device manufacturers. This paper provides further detail on STB trends and technologies,
describes the corresponding security challenges placed on device manufacturers and finally describes the choices available to STB OEMs in addressing these challenges.
Set-top box security drivers
Content distribution requirements
Content owners, including movie and television studios, demand protection against the piracy of their intellectual property and require that content licensees (such as cable or satellite TV operators) take steps to prevent security breaches and to mitigate against damage should a breach occur. Studios often mandate the preventative steps that must be taken to secure content as part of their distribution agreements. These security requirements include steps to ensure the protection of cryptographic operations and the prevention of application and service hacking. The operator or service provider, in turn, translates these into security requirements that must be met by their set-top box suppliers.
Input and output types
Many operators are offering advanced content services to increase their subscriber revenues. These services often require the ability to receive content from multiple signal sources and send the content to a range of devices in the digital home. The set-top box architecture is becoming more sophisticated through the integration of functions and content protection systems which are required to support these service models. It is imperative that these content protection systems securely work together without exposing content or sensitive assets.
As an example, most digital STBs today support a conditional access system which secures the content as it is delivered from the operator to the set-top box. It ensures that consumers can only play content to which they are entitled. Many STBs today include integrated PVR capabilities that enable the consumer to time-shift their viewing by storing the content locally for later consumption, but not for further dissemination. If the system is expected to receive OTT video content, it will incorporate DRM protection systems to securely receive and store that content. If the STB is expected to share the content with other devices, it will need additional DRM or link protection technologies. Many of the advanced use-cases will require content to pass between two or more of these content protection systems, creating a security challenge for the STB manufacturer...
> Download full paper on Security Impacts of Next-Generation Set-Top Boxes