An embedded hardware RoT
Viaccess-Orca is collaborating with Rambus to bolster its VO Shield Root of Trust (RoT) security solution. According to a recent Viaccess-Orca press release, Rambus’ CryptoMedia Content Protection Core complements the company’s VO Shield by enabling a hardware RoT to be embedded directly in the multimedia chipset of devices, including TVs and set-top boxes (STBs).
“This collaboration will be a cutting-edge response to the compromises that exist in hardware devices used to watch pay-TV services,” said Bret Sewell, Senior Vice President and General Manager of the Rambus Security Division. “By adding our CryptoMedia Content Security Platform and Protection Core to its VO Shield solution, Viaccess-Orca will set a new standard for content security. We look forward to building on this collaboration and reaching new heights in content protection.”
VO Shield is a hardware-based security function embedded inside the VO Sentinel solution that is dedicated to countering control word sharing and chipset breaching. Providing pay-TV operators with a robust content protection solution, Viaccess-Orca enables highly secure and cost-effective delivery of IPTV and OTT services, as well as traditional broadcasts.
With VO Shield, operators can upgrade security by adding hardware-dedicated algorithms inside the chipset, thereby strengthening the fight against chipset piracy. VO Shield can be modified after deployment, facilitating flexibility and seamless implementation. Combined with the company’s security technology Viaccess-Orca Secure Environment (VSE), which leverages the latest chipset technologies such as Trusted Execution Environment (TEE) and security co-processors, Viaccess-Orca Shield allows operators to successfully meet the strict security requirements for delivering premium content, including 4K.
The Rambus CryptoMedia Content Protection Core
Essentially functioning as a smart card within a set-top-box (STB) or multimedia chipset, the Rambus CryptoMedia Content Protection Core is a separate, on-chip security block that protects and stores cryptographic keys and computations from attacks. The core is extremely resistant to a wide range of sophisticated attacks, such as side-channel attacks, while providing the flexibility to integrate with multiple conditional access systems (CAS) or digital rights management (DRM) solutions.
This combination of robust security and broad compatibility provides a trusted security solution for the broadcast and streaming of premium content without the need for a smart card. Put simply, the CryptoMedia Content Protection Core enables a cardless solution that is compatible with existing CAS and DRM implementations.
Side-channel attack resistance
As noted above, the Rambus CryptoMedia Content Protection Core provides side-channel attack resistance for a number of ecosystem configurations, including:
- Broadcast – The core receives the data it needs for operation in standard encrypted messages via infield provisioning from the CAS, including pay-per-view (PPV), subscription updates and security configurations.
- OTT – The core is configured via license files that are updated via infield provisioning to enable feature upgrades.
- CAS – The core is designed to work with a variety of CAS providers – as it can either help derive or directly generate the control word and deliver it into the key ladder or descrambler.
- DRM – As with CAS providers, the core functions with diverse DRM systems. The operation is similar to the CAS, except the derived key is the content encryption key that is delivered to an AES decryption engine. In both cases, generation and derivation of the control word or content encryption key is handled in a secure, protected hardware environment.
The Rambus CryptoMedia solution supports a multi-domain security feature that is based on an advanced hardware root-of-trust. This multi-domain security feature allows premium content to flow securely directly to pay TV devices like STBs, forming a secure foundation for convenient access to all pay TV content on one device. It enables new ways to distribute pay content, providing benefits to both operators and OTT distributors. For example, operators can provide their subscribers with instant individual choice of content on the STB or TV. Moreover, OTT distributors can deliver content directly and securely to operator STBs and TVs.