Set-top boxes (STBs) were initially secured by Conditional Access System (CAS) smart cards. However, this approach is no longer effective. Smart cards cannot prevent unauthorized access to premium 4K and UHD content, as they are not designed to protect the interface between the card and box, or the STB SoC itself. This is one of the reasons why cardless CAS set-top boxes, equipped with a hardware-based root-of-trust, are increasing in popularity amongst major operators such as Dish TV India. A hardware root-of-trust, provided by platforms such as Rambus’ CryptoMedia, offers operators robust security protection with an integrated security core that acts to effectively decrease potential attack vectors. Moreover, eliminating the smart card significantly reduces cost, for both short-term BOM and long-term liability in the form of frequent card swaps. It should be noted that not all hardware security cores are created equal. One important consideration is that any hardware security core should be compatible with multiple leading CAS and DRM systems. This ensures operators are not locked into a single vendor for the entire lifetime of a set-top box. Moreover, the ability to function alongside numerous CAS and DRM systems can potentially enable new ways of securely distributing pay content, offering tangible benefits to both DTH operators and OTT distributors. For example, operators can provide their subscribers OTT content alongside broadcast content on the same set-top box, using the same robust hardware security, while maintaining cryptographic isolation between the different systems.
Security IP
CryptoMedia Security Platform Solution Overview
Use Cases: Personalization
Related to the inherent complexities and costs associated with building a brand new chip, fabless chip manufacturers are under constant pressure to improve operating efficiencies while, at the same time, satisfying OEM customer requirements. As such, large OEM customers requesting personalization, customer specific data preparation and feature customization of standard parts challenge the chipmakers ability to minimize inventory overhead and improve operating efficiencies.
Customer specific personalization services may be accomplished with a high degree of visibility and audit tracking controls that are secured by the CryptoManager solution for each step in the manufacturing supply chain.
For example (see Figure 1), if three OEM customers of a SoC manufacturer each request different feature configurations and/or data preparations for a standard SoC product, the SoC manufacturer needs to figure out how to support three customerspecific part types without creating three different SKUs.
Device personalization creates complexity in manufacturing and in inventory management. With multiple SKUs for standard products, managing inventory for each step requires accurate forecasts and discrepancies can result in wasted silicon or delays in fulfilling orders (see Figure 2)
In this case, pushing the personalization processing step to the end of the manufacturing flow just prior to or, in some cases after delivery to the customer, mitigates the impact on inventory and operations (See 3).
Use Cases: Secure Key Provisioning
With mobile devices housing more and more sensitive data that is utilized in a wide variety of applications, chip and device companies must meet the complex security requirements for each potential use case or capability. Most security measures require the injection of secret identity data and cryptographic keys. Currently, cryptographic keys are provisioned in the open without encryption on test equipment which is operated by third party contract manufacturers. These current provisioning methods expose chip manufacturers to liability and risks for any security breach that occurs within their supply chain.
Utilizing the CryptoManager Root of Trust hardware IP Core, SoC architects have a built-in design for the secure provisioning of cryptographic keys during chip manufacturing. For OEM device manufacturing, this feature also enables remote secure key provisioning at the ODM (Original Device Manufacturer).
Use Cases: Debug Access Control
When chips are shipped into the field, it is required that test features, needed to test the chip during manufacturing, must be securely disabled (see Figure 1 below). If left enabled in the field, these test and debug ports could provide a back door into the device that could be used maliciously to read sensitive keys and other sensitive data from the device. These test features must be disabled when the part ships into the field, but must also be securely enabled later when defective parts are returned through the RMA (Return Merchandise Authorization) channel for failure analysis.
To prevent misuse of debug modes (e.g. BIST, scan, JTAG), the CryptoManager Root of Trust can be connected to the debug mode enable, which defaults to an off (safe) setting. The Root of Trust can selectively enable debug features as needed, for example:
- At specified manufacturing stages (wafer test, package test), necessary debug capabilities can be temporarily enabled
- In the case of a defective chip or device, debug capability can be re-enabled for Return Merchandise Authorization (RMA) and Failure Analysis (FA)
Once the debug is completed, the Root of Trust will disable the debug mode. The CryptoManager solution provides a method for chip and device companies to authenticate the device and authorize the provisioning of the debug enable/disable operation for each device.
