Going cardless for CAS with a hardware root-of-trust

This entry was posted on Wednesday, August 31st, 2016.

The majority of set-top boxes (STBs) on the market in the 1990s were secured by Conditional Access System (CAS) smart cards that stored STB identities along with their respective service rights. While these early smart cards offered operators basic levels of content protection against unauthorized viewers, they were ultimately incapable of guarding against increasingly sophisticated methods of attack by criminal hackers and pirate collectives.

By 2010, smart cards had achieved a high level of robust security against attacks. Nevertheless, hackers – often employed by organized crime rings – had already placed themselves at least one step ahead by exploiting critical vulnerabilities between the card and set-top box. Current vectors of attack against the payTV sector are numerous and include set-top box/card cloning, control word sharing, modchips and free-to-air emulators.


This is precisely why it is critical for PayTV operators to deploy cardless set-top boxes secured by a hardware root-of-trust CAS. This paradigm offers operators robust security with embedded, integrated hardware that stores and protects cryptographic keys against unauthorized access. A cardless hardware root-of-trust CAS can also be effectively equipped with DPA countermeasures, making it resistant to a variety of sophisticated side-channel attacks, including simple power analysis (SPA) and differential power analysis (DPA).

In addition, eliminating the need for a smart card in set-top boxes significantly reduces cost – for both short-term BOM and long-term liability in the form of frequent card swaps. To be sure, a robust hardware root-of-trust CAS significantly extends the overall lifetime of a set-top box as it allows remote operators to securely implement in-field subscriptions and service upgrades. Of course, it is also important for any hardware-based root-of-trust solution to be compatible with multiple leading CAS and DRM systems. Simply put, this ensures that operators are not locked into a single vendor for the entire lifetime of a set-top box.


Perhaps not surprisingly, cardless CAS set-top boxes equipped with a hardware-based root-of-trust are increasing in popularity amongst major operators. A hardware root-of-trust, provided by platforms such as Rambus’ CryptoMedia, offers operators like DishTV India a cost-effective, future-proof method of securing the broadcast and streaming of next-gen, premium digital content, including 4K and UHD.

As we’ve previously discussed on Rambus Press, CryptoMedia, which fully complies with MovieLabs’ Enhanced Content Protection Specification, supports numerous ecosystem configurations, such as CAS, broadcast, OTT and DRM. CryptoMedia also integrates a variety of DPA countermeasures, making it resistant to numerous side-channel attacks, including simple power analysis and differential power analysis. Last, but certainly not least, CryptoMedia helps operators accelerate time-to-market with pre-validated IP by simplifying the certification process.

Interested in learning more about how Rambus CryptoMedia is helping payTV operators go cardless? You can check out our
ebook on the subject here and our CryptoMedia product page here.