Pay-TV operators have used CA since the 1990s to encrypt digital content. Over the years, CA has evolved, with Irdeto launching the first software based card-less CA in 2011. But does the CA technology still have a role to play going forward?
CA started life in the analogue broadcast world. Its role was to scramble the video signal. With the evolution to digital broadcast, CA transformed to what you can call “true” conditional access with encryption.
Some say that we are living in a new era of Television, I think that is true. Consumers have an ever expanding choice of content to view. And in today’s connected world, they have a wide array of channels, devices and apps at their disposal to watch their favorite program at any time and on any device. But how do incumbent pay-TV operators keep up?
No choice but to deliver
If the consumer can’t get what they want, they look elsewhere, and elsewhere is quite often the illegal alternatives.
We live in a very different world today than we did 10-20 years ago. We’ve never been more connected. So, it’s surprising that software security practices remain in the realm of “We’ve always done it this way before”. Can they really expect to solve today’s security problems with an old way of thinking?
Traditional thinking typically starts with the premise that honest parties control the computer devices and any cryptographic operations are performed free from interference from would-be attackers. Given this, it’s probably understandable
Cryptography is no longer limited to the military and spies. This ancient art underpins modern life. It’s about encoding intelligible data, e.g. numbers, text and transforming them into something unreadable to anyone other than who the information is meant for. The question is, does it need an upgrade for today’s always connected world?
How secure is your house?
Hundreds of times a day we use cryptography in our everyday life. From the lock on the website that you’re browsing, remotely unlocking your car with the key fob to using all kinds of devices.
Statistically every person in the world between 15 to 64 years old has a smartphone or tablet today. In the next 5 years for every baby born 10 smartphones will be sold1. Smartphones have literally changed our lives, from playing, working to everyday living. But what can we learn from app developers, who’ve made mobile devices so powerful?
Learning from app developers
With 102 billion mobile app downloads to date – averaging 22 apps per device2 – it’s clear that software developers know what they are doing.
As Richard Branson said “Business opportunities are like buses. There’s always another coming along.” Looking at the online piracy world, the latest bus is exploiting software media centers. And unfortunately, many consumers are being taken for a ride.
I’ve mentioned it before, online pirates are undoubtedly criminals. Yet they’re also entrepreneurs. The pirates are continually adapting. To effectively fight online piracy means keeping up to date with their latest activities.
APIs are everywhere in modern day life. We rely on them to access services on mobiles, tablets and laptops. Without them our day-to-day life wouldn’t be the same. Yet they are also increasing the attack surface. Are they really a friend to e-commerce or to cybercrime?
APIs are not new. They’ve been around a long time. APIs are key to building scalable web-based applications as they allow and manage the interaction between 2 online connected services.
True, a botanical metaphor about OTT piracy is unusual. But similarities can be drawn. In the housing market, the presence of Japanese knotweed can have a detrimental effect. If unchecked, online piracy is on track to do the same in the pay-media industry. What can be done to fight the weed?
What is Japanese knotweed?
Put simply, it’s a relentless plant that can grow 30cm a week. Its invasion can knock thousands off the value
In today’s OTT world, pay-media operators continually modify their business models to find the sweet spot; what resonates best with their consumers. Unfortunately, the same is true with cybercriminals. For them, the introduction of account generator sites is at the heart of this evolution.
No longer limited to the DarkNet
In an earlier blog, I explained how compromised account details are regularly being sold on the DarkNet. However, in the last few months the Irdeto cyber-services team has witnessed a change.
On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?
Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then