Set-top boxes go cardless with hardware security cores

This entry was posted on Tuesday, November 15th, 2016.

Embedded security cores are becoming an increasingly popular option for set-top box chipsets. To be sure, set-top boxes that eschew smart cards in favor of hardware security cores offer operators robust protection with embedded, integrated hardware that is capable of performing a range of functions, including the secure storage and protection of cryptographic keys against unauthorized access.


Hardware security cores do not replace CAS or DRM, but are added to a set-top box as an extra layer of security to strengthen the hardware that protects the most important keys and business logic. Hardware security cores can also be effectively equipped with strong protection against many sophisticated attacks, including power and clock glitching, emulation and side-channel attacks such as simple power analysis (SPA) and differential power analysis (DPA).

Put simply, embedded cores bring security inside the set-top box chipset. This paradigm eliminates the smart card and significantly reduces cost – in both the near and long term – via decreases in BOM, card deployment and support, as well as liability of possible card swaps.

It is important to note that all hardware security cores are not created equal. Indeed, operators should ensure that a hardware security core is compatible with multiple leading CAS and DRM systems. If it is, operators will not be locked into a single vendor for the entire lifetime of a set-top box.

Moreover, the ability to function alongside numerous CAS and DRM systems can potentially enable new ways of securely distributing pay content, offering tangible benefits to both DTH operators and OTT distributors. For example, operators can provide their subscribers OTT content alongside broadcast content on a single set-top box using the same robust hardware security, all while maintaining cryptographic isolation between the different systems.

Last, but certainly not least, embedded hardware security cores should be capable of renewing security in the event of a successful breach, while allowing for in-field provisioning of new keys and security algorithms to adapt to new threats. This offers pay TV operators and OTT media providers a cost-effective, future-proof method of securing the broadcast and streaming of next-gen, premium digital content, including 4K and UHD, throughout the lifecycle of a set-top box.

Interested in learning more about implementing a cardless set-top box with embedded security cores? You can check out our eBook on the subject here and our CryptoMedia page here.