Riscure recently published a detailed analysis of the CryptoFirewall™ (CF) security core designed by the Cryptography Research division of Rambus. Essentially, the CryptoFirewall core prevents unauthorized access of content in multimedia decoding chips that are currently used in set-top boxes and coming soon to smart TVs.
“The core serves as a security boundary inside a chip that stores private keys and can maintain security even if the rest of the system is compromised,” explained Cynthia Yu, a director at Rambus’ Cryptography Research division.
As Riscure analysts note, the CryptoFirewall core effectively mitigates a number of critical threats, including scan interface attacks, man-in-the-middle, replay, OTP memory (corruption and tearing), rights key injection, emulation on STB hardware and physical reverse engineering.
“We found [the CryptoFirewall core from the Cryptography division of Rambus] has balanced security mechanisms with the risk of attack in specific areas of the system,” the Riscure report reads. “Examples can be found in the revocation mechanism, canary and unlock mechanisms and EA design.”
Riscure also determined the CryptoFirewall core bolsters both content key and entitlement management (compared to other DVB SoC Key ladder based solutions); offers strong content key derivation security by default and provides as secure – and more cost effective – entitlement management than smart cards.
Lastly, Riscure confirmed the CryptoFirewall core improves the security of a TEE DRM or CA solution by enforcing a robust hardware barrier.
“One additional important conclusion from the Riscure report is that the CryptoFirewall core can function in conjunction with other content protection solutions,” added Yu. “In practical terms, this means the hardware-based CryptoFirewall core works in tandem with other hardware or software security products to serve as the underlying root-of-trust.”