NAGRA - Unifying Content Security on Connected Devices by IABM

UNIFYING CONTENT SECURITY ON CONNECTED DEVICES Freeing Pay-TV Service Providers to Pursue Next-Generation TV While Reducing the Cost and Complexity of Running Multiple CAS & DRM Systems

WHITE PAPER - SEPTEMBER 2015

SECURE – ENGAGING – EVERYWHERE

DTV.NAGRA.COM

EXECUTIVE SUMMARY This paper looks at the evolving needs of pay-TV service providers as their growing multi-screen distribution strategies create increasing complexity in their content protection systems. It highlights the four key drivers that are causing pay-TV companies to reconsider their existing CAS/DRM architectures, and explains the reasons for moving toward a more unified approach that streamlines the implementation and operation of content security across multiple networks and devices. Those key drivers are : +

Rationalize Legacy

– Rationalizing multiple security clients drives efficiency & consistency across all services

Ensure Adaptive Security

– The ability to support the best possible end-to-end security on every device is key to driving service growth

Be Ready for 4K

– “Enhanced Content” (Ultra HD, HDR) Is coming and it’s driving increased security requirements

Reach Every Device

– Efficiently supporting open CE devices is critical to success

INTRODUCTION While the word “hybrid” was only a great new idea for delivering video a decade ago, today it is a solid reality for most pay-TV service providers. The modern pay-TV operator is becoming almost universally “multi-network”, driven by strong broadband penetration, mass consumer adoption of open CE devices, and the business need to create “stickier” services that increase customer loyalty and that prevent churn. The popularity of pure OverThe-Top (OTT) services from companies like Netflix and Amazon as well as directly from the content providers themselves (e.g. HBO, Sony and CBS), only increases the urgency for pay-TV service providers to provide their premium content over multiple networks to any device. Depending on the type of service provider, becoming a

The evolution of these multi-network services has

multi-network operator has meant different things. For

often happened organically, with new ways of delivering

satellite and terrestrial service providers, it has meant

content being implemented in parallel to legacy systems.

complementing their existing platforms with OTT-

This has often resulted in multiple service delivery and

delivered services like catch-up TV, SVOD and premium

content protection systems being used, with two or

VOD services. Meanwhile, cable operators are beginning

more security schemes being implemented on many

the transition to all-IP with DOCSIS3.x and Fiber to the

set-top boxes and other connected devices to support

Home (FTTH), creating a single network for distribution

the different services. This amalgamation of systems

of ABR Multicast and Unicast services. Even Telco’s –

and vendors is now pushing the operational capabilities

who have always delivered video over IP – are evolving

of some service provider organizations to the limit and

to fully integrate multi-cast and on-demand OTT content

making the overall management of multi-network video

into single, multi-device service delivery platforms.

delivery platform unnecessarily complex.

DTH

CABLE

TELCO

OTT

The pace of transformation in the pay TV industry has reached a point where the flexibility service providers require to pursue new opportunities can only be achieved through a far more unified approach to service delivery. In addition to rationalizing video and metadata workflows, the other critical element to unify is content protection, which requires an all-new, streamlined approach to ensuring secure delivery of content not only to operatorcontrolled set-top boxes (STBs), but also to all other connected CE devices like PC/Mac, smartphones, tablets and Connected TVs. And this must be done across broadcast, multi-cast, OTT and throughout the connected home in order to ensure that the consumer has a consistent experience across all devices while still ensuring that content licensing agreements are fully respected. Adding to these challenges is the increasing complexity of content suppliers’ security requirements. These requirements vary widely depending on:

Type of Delivery Network

Business Models (Subscription, Transaction, EST...)

Live Streaming vs. On-Demand Content

Content Exclusivity

Types of Viewing Devices (Operator Controlled vs. Open CE)

Enhanced Content (Quality, Window)

Multi-network service providers therefore need a unified security client that allows them to implement whatever levels of protection are required to satisfy consumers’ demand on any device, anywhere “on the go” and in the home, and access to any type of content – whether it be live or on demand, from the service provider themselves or from third-party pure OTT players like Netflix or YouTube.

THE FOUR KEY DRIVERS TOWARD A UNIFIED SECURITY CLIENT As pay-TV service providers formulate strategies to tap the many new opportunities emerging at this industrywide inflection point in the evolution of pay TV, they must take a new approach to security management as a first step toward freeing themselves from the restrictions of the past. In the discussion that follows we explore the four key security-related challenges and opportunities that pay-TV service providers should consider while planning next-generation multi-network/multi-device service delivery and content security architectures in order to ensure their systems are streamlined, future-proof, and provide the business functionality required to innovate new consumer services. RATIONALIZING MULTIPLE SECURITY CLIENTS

The lack of a single, responsible party for resolving

DRIVES EFFICIENCY & CONSISTENCY ACROSS ALL

all security-related issues with the device therefore

SERVICES

leads to inefficiency and risk that is undesirable to

Increasingly, oper ator-controlled STBs are IP-

most businesses.

connected, whether as a sole method of content delivery (e.g. OTT or IPTV STBs) or as a complement to

The introduction of a single security client to support

broadcast content delivery (hybrid STBs). But until now,

DVB, IPT V, OT T and in-home distribution would

STBs have had to incorporate two or more completely

therefore resolve all these problems and provide

parallel content protection systems: a conditional

additional capabilities and operational improvements

access system to secure broadcast and multicast

to the business, as long as they are driven by a common

content, and one or more digital rights management

headend.

(DRM) systems to secure OT T content and local content protection within the home. This has required multiple integration efforts, multiple sets of security requirements and certifications, and multiple headend servers, which has not assisted service providers in quickly and efficiently delivering an optimized, unified service to their subscribers. This has lead to a situation where hybrid set-top boxes require twice the work to implement both broadcast/IPTV and OTT/home networking security:

CAS Client Testing & Certification Content Provider Security Requirements Vendors Relationships Headend Servers & Interfaces Licensing & Maintenance Fees Service Level Agreements Change Request Processes Breach Response Processes

DRM Client Testing & Certification Content Provider Security Requirements Vendors Relationships Headend Servers & Interfaces Licensing & Maintenance Fees Service Level Agreements Change Request Processes Breach Response Processes

THE ABILITY TO SUPPORT THE BEST POSSIBLE

Through a specified integration and cer tification

END-TO-END SECURITY ON EVERY DEVICE IS KEY

process, the service provider’s chosen security partner

TO DRIVING SERVICE GROWTH

integrates their CAS or DRM-based security into

Though this is now rapidly changing, the STB has

devices with the associated warranties and guarantees.

traditionally been an operator-controlled device and

This comprehensive protection usually includes the

the primary channel for delivering pay-TV services.

following components:

CONTENT

DEVICE

CAS

CONTENT

DRM

Network Protection = Securing the transmission

Device Protection = Securing the security system

ECO SYSTEM

CYBER SECURITY

debug port lockdown, trusted applications, etc. +

A CAS vendor-controlled boot loader process to

from attack on the device

protect the service provider’s investment in the STB

Content Protection = Securing the programming itself

hardware against unauthorized tampering our usage

Ecosystem Security = Fighting piracy outside

outside of the intended geography or purpose.

the traditional broadcast paradigm - including content sharing and streaming - as well as

Though this process continues to provide the benefits

securing the service provider’s IT infrastructure

outlined above, in an increasingly open and OTT-driven

(OTT backend, billing, payments, etc.

world, it is beginning to be seen by many ser vice providers as restrictive for several reasons:

This combination of technologies and services has given pay-TV providers excellent revenue assurance since

They want to support new application

the launch of the first DVB services in the mid 1990’s.

environments like Android TV or other HTML5-

The current-generation STB security integration

based application environments like RDK.

best practices ensure this high level of protection by

implementing the following:

They increasingly require support for 3rd-party apps like Netflix and YouTube which bring with them their own streaming formats, DRM and

A propriety hardware root of trust (HWRoT) including countermeasures that can be seamlessly

They desire a CAS vendor-independent HWRoT

applied across different System on a Chip (SoC)

and boot loader in order to be able to support

vendors and for which the CAS vendor takes full

multiple security systems in the box

responsibility independent from the SoC vendor. +

security requirements.

They are looking to improve the speed of

Device-level hardware and software security

traditional STB integration processes, which

guidelines and requirements backed up by a

sometimes take months instead of weeks.

rigorous certification process, creating the equivalent of a Trusted Execution Environment (TEE) in the STB with typical requirements like

They wish to extend a similar process to other devices like Connected TVs and open CE devices

The emerging requirements of service providers will

3. Legac y S T Bs that contain no H W RoT or an

therefore require next-generation content security

inaccessible HWRoT, which can still be secured

vendors to offer a flexible range of adaptive security

using a software-only security client, but this is

solutions that provide the highest level of security

inherently less secure than the prior two solutions

possible on each device according to the infrastructure

and is reserved for situations where the benefit

that device provides. The range of device environments

outweighs the risk. This allows for, for instance, the

requiring a flexible adaptive security approach include:

replacement of legacy conditional access or DRM systems that the service provider no longer wishes

1. Devices with proprietar y HWRoTs, which will continue to offer the highest levels of security (with the associated warranties and guaranties).

to use. 4. Open CE devices, which must implement secure player technologies that include security features

2. More open STBs like Android STBs that use

like individualization, obfuscation, anti-tampering

standardized HWRoTs and offer a Trusted Execution

and device revocation, as well as leveraging a

Environment (TEE) will offer a high but lesser

HWRoT and TEE if this is available.

degree of security because they source elements of the overall security solution from different parties,

It is therefore critical that service providers choose

making it impossible for any one party to take full

flexible, capable technology partners that can provide

liability for the overall security solution.

the highest level of security available on any device in order to protect their revenues and ensure content provider requirements are met.

“ ENHANCED CONTENT ” (ULTRA HD, HDR) IS COMING AND IT’S DRIVING INCREASED SECURITY REQUIREMENTS New levels of security tied to licensing of high-value content for new types of services have been under discussion for some time and have a major impact on future pay-TV service provider technology choices. Hollywood studios began to consider increased security requirements to support high-priced home theater services that would make new movies available day and date or soon after theatrical release. While pushback from theater chains opposed to this policy sidetracked the effort, it’s now clear these higher security requirements will come back into play with the licensing of “Enhanced Content” movies, meaning those delivered in Ultra HD, HD HDR and/or very early release windows.

MovieLabs, the research and development joint venture started by the six major motion picture studios, has published new content security ECP requirements1 that include:

Binding to Device

Secure Media Pipeline

Software Diversity

Secure Computation Environment

Integrity & Robustness

Hardware Root of Trust

Revocation & Renewal

Forensic & Playback Control Watermarking

Outputs & Link Protection

Breach Response

Encryption

Certification

and other measures that have not been part of the typical multiscreen pay TV paradigm. T he ne ed to accommo date the ECP s e c ur it y

Incorporating these requirements along with the other

requirements is imminent, as evidenced by the pace of

MovieLabs-recommended measures into the next-

preparations for expanded Ultra HD services across the

generation content protection systems has now become

pay TV and OTT sectors.

a top priority for multi-network service providers, and

While considerable uncertainty remains as to what the

must be considered for both broadcast, multicast and

standards will be for ECP services, including the extent

OTT content. Having to ensure that multiple content

to which High Dynamic Range (HDR) technologies will

protection schemes comply to new requirements can

become part of the equation, a higher-than-anticipated

represent a significant overhead to new ECP-related

pace of penetration of Ultra HD TV sets has triggered

projects. On the other hand, having a Hollywood-trusted

Ultra HD service rollouts on the part of Netflix, Amazon

strategic security partner and a unified security client

and other OTT suppliers as well as a handful of pay-TV

that addresses all of these requirements at once can

service providers .

provide a major reduction in complexity, cost and time to

market for service providers.

MovieLabs Specification for Enhanced Content Protection Version 1.1

ScreenPlays, “Holding Back on UHD Serivces Not a Good Option for MVPDs”, February 2015

It is however worth noting that content owner security priorities might not always be the same as service provider security priorities. While studios’ primary interest is to ensure that their premium content is protected (especially in early release windows like first-run VOD), service providers have a much broader interest to ensure that the overall service is protected – especially premium live services in which the studios take little interest. It is therefore key when deciding on new content protection technologies and services to look at them from both these points of view. 8

EFFICIENTLY SUPPORTING OPEN CE DEVICES IS

solution that provides a unified security client that

CRITICAL TO SUCCESS

supports as many different use cases across as

As consumers increasingly expect to be able to use their

many different networks as possible.

own devices to consume pay TV services, operators

To achieve maximum device reach, service

are faced with both a great opportunity as well as a

providers may try to leverage the built-in

dilemma regarding security. They are forced to either

streaming technologies, native file formats and

support the built-in DRM schemes available in some

security provided by many browsers and devices.

devices, or must deploy software application-based

â&#x20AC;&#x153;Platform DRMsâ&#x20AC;? like Apple Fairplay on iOS

security in the form of secure players. Regardless of

and Safari, Microsoft PlayReady on Xbox and

the approach chosen, there are still several challenges

Internet Explorer, Google Widevine on Chrome

to face:

and Android, etc. require that the service provider leverage and rely on 3rd-party implementations

While Connected TVs represent a tremendous

over which they have no control or say, making it

opportunity for pay-TV service providers to

unclear who will actually develop new features

reach existing consumers more cost-effectively

required and provide the necessary counter

without additional equipment like STBs and

measures in case of security breaches. Use of a

CI+ modules, they have traditionally lacked the

pay-TV operator-centric content security solution

necessary security infrastructure to meet studio

is therefore preferable whenever possible in

requirements for premium content protection.

order to ensure that the operator stays in charge

Finding a strategic content security partner

of their own technology destiny and has maximum

who is able to provide a secure Connected TV

control and vendor support.

solution would therefore mean new subscriptions

delivered at a lower acquisition cost, as well

Service providers therefore need a strategic, pay-TV-

as enabling new business models and joint

centric security partner who will help them achieve

promotion opportunities with TV manufacturers.

maximum device reach, maximum control over their

CE devices/browsers only support OTT but not

own technology roadmap, maximum responsiveness in

broadcast services, with the notable exception of

case of breach, and maximum efficiency in operating their

Connected TVs. And despite the quick progression

content security infrastructure so they can be freed up

of OTT in the marketplace, broadcast still plays

to market new and innovative services to their customers.

an essential role for delivering pay-TV services. It is therefore critical to find a content security

CONCLUSION Developments disrupting the traditional pay TV business have generated much confusion among pay-TV service providers over how best to adjust to the new trends. As first-generation solutions have become increasingly complex to manage, a new and more unified approach is called for to drive business efficiency and take maximum advantage of emerging business opportunities. Gaining the ability to efficiently provide ironclad security

Through utilization of a single client that seamlessly

in connected device environments has thus become the

manages content security and business rules in accord

linchpin to service providerâ&#x20AC;&#x2122;s opportunity to turn new

with the requirements of each device, service providers

video consumption behavior to their advantage. Now, for

will have the flexibility to execute whatever business

the first time, NAGRAâ&#x20AC;&#x2122;s anyCAST CONNECT platform

models they deem appropriate to enhancing their

is providing operators the security management tools

opportunities to satisfy consumers and improve ARPU.

they need to satisfy these requirements. anyCAST CONNECT represents the next generation of Through anyCAST CONNECT, operators have the ability

content security for connected devices. With its flexible

to dynamically provision the highest levels of security

design and the long-standing security expertise of

matched to whatever devices consumers use to access

NAGRA, service providers get a unique solution that

content at any point in time, whether the devices run

optimizes cost, makes operations more efficient, and

on the widely deployed chipsets embedded with

allows for the faster and more consistent provisioning

the NAGRA On-Chip Security root of trust, chipsets

of new services across multiple devices.

employing TEE roots of trust or open CE devices that provide no hardware-based security infrastructure.

UNIFY CAS AND DRM FEATURES FOR CONNECTED DEVICES

Brings CAS and DRM together as single security client with a single integration, testing and certification effort and a single headend.

SUPPORT A WIDE RANGE OF DEVICES

For use with STBs and gateways, Connected TV’s, PC/Mac and iOS/Android.

ENSURE MAXIMUM SECURITY ON EACH DEVICE

+ + + +

Supports the NAGRA proprietary and advanced HWRoT, “ NOCS3 ” Supports NOCS for TV, now being directly integrated into major TV chipsets Supports 3rd party HWRoT and TEEs in order to address open CE devices Can be implemented as a secure player for application-based security for Android, iOS, browsers plug-ins

UNIFY PRODUCT MANAGEMENT ACROSS NETWORKS

Use a single Security Services Platform to define business rules and across define use cases for DVB, IPTV, OTT and in-home content distribution

MEET KEY STUDIO LICESING REQUIREMENTS

Meets MovieLabs requirements for Enhanced Content like Ultra HD

Brings pre-integrated support for services like Netflix which considers anyCAST CONNECT a Netflix-approved DRM scheme

3RD PARTY PURE OTT SERVICE SUPPORT

NAGRA anyCAST CONNECT is part of a full range of broadcast and connected security solutions offered by NAGRA in order to meet the needs of service providers delivering any content over any network to any device.

BGA, SC or SIM

For more information on this White Paper, please contact the authors: Sebastien Kramer SVP Business Development and PLM sebastian.kramer@nagra.com Christopher Schouten Senior Director Product Marketing christopher.schouten@nagra.com

KUDELSKI, NAGRA, OPENTV, SMARDTV and their respective logos are trademarks, registered trademarks or service marks of Kudelski SA and/or its affiliates. All other trademarks are the property of their respective owners. All product and application features and specifications are subject to change at the sole discretion of Nagravision SA at any time and without notice.

design: diabolo.com

SECURE – ENGAGING – EVERYWHERE 12

DTV.NAGRA.COM