Top Banner
Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer Laboratory
14

Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Sep 14, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Attacks on Pay-TVAccess Control Systems

Markus G. Kuhn

Computer Laboratory

Page 2: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Generations of Pay-TV Access Control Systems

Analog Systems

Hybrid Systems

analog signal scrambled with digital framebuffer using a cryptographically

transmitted control word

fully cryptographic subscription management using smartcards

Digital Systems

examples: VideoCrypt, EuroCrypt (EN 50094), Syster Nagravision

cryptography is not essential part of decoding process

still dominant type for most cable-TV premium channels

broadcasted signal is digitally modulated, encrypted, and multiplexed

cryptographic subscription management using smartcards as with hybrid systems

remove sync information, try to confuse gain-control in receiver, etc.

MPEG-2 audio and video data stream

broadcasted signal conforms to analog TV standard (PAL, D2MAC, NTSC, SECAM)

examples: DVB, DSS/VideoGuard

Page 3: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Scrambler SmartcardFIFO-1

DAC

ADC

FIFO-2

CPU1 CPU2

OSD

SAT-receiver

TV

Example of a Hybrid System: VideoCrypt

Features:

vertical-blank-interval data contains 32-byte messages with blacklist/whitelist data

smartcard calculates 60-bit MAC as control word from 32-byte messages every 2.5 s

CPU1 salts control word with frame counter to generate 60-bit PRNG seed per frame

Scrambler uses 60-bit seed to generate cut-point sequence per frame

EPA 0428252 A2

scrambling by active-line rotation, requires only memory for one single image line

Page 4: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

An Image Processing Attack on VideoCrypt

broadcasted scrambled signalunscrambled source signal

result of cross-correlation with edge detector avoids horizontal final b/w descrambling result obtainedcutpoints marked penalty zones around cut points without knowledge of card secret

Page 5: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

The VideoCrypt Smartcard Protocol

Flow control

ISO 7816 T=0 protocol: sent by decoder /smartcard

CLA INS P1 P2 P3 INS SW1 SW2DATA[1] . . . DATA[P3]

78h

7ah

7ch

7eh

80h

82h

Instructions

INS length (P3)

70h

72h

74h

6

16

32

1

8

25

16

76h

64

1

64

card

decoder

sent by

decoder

decoder

card

card

card

card

decoder

card

purpose

card serial number

message from previous card

message from broadcaster

authorize button pressed

control word (MAC of 74h)

onscreen display message

message to next card

Fiat-Shamir response

Fiat-Shamir squared random number

Fiat-Shamir challenge bit

Page 6: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

VideoCrypt or How not to use the Fiat-Shamir ZKT

Protocol

Decoder SmartcardINS 70h:

INS 7eh:

INS 80h:

INS 82h:

X = R² mod N

Q

Y = RY = R · S mod N

if Q = 0if Q = 1

(512 bits)

(1 bit)

Decoder receives Q periodically from broadcaster and forwards it to the smartcard

Decoder is supposed to reject smartcard if the following test fails (first generation did not):

if Q = 0Y² = X mod N if Q = 1

Attack

Decoder has no memory to verify that X is different each time, so pirate card just observes

Y² = X · V mod N

V, R, R² mod N, and R · S mod N from any card and replays those values each time.

card number V (48 bits)

(knows secret S

with S² = V mod N,

where N = p · q)

Page 7: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Replay attacks against VideoCryptVulnerabilities

Real-time card sharing

1) all VideoCrypt smartcards working on the same channel reply identically

Offline Internet card sharing

One owner of a genuine card records control words and synchronization

information for a specific show (say Star Trek on Sunday, 18:00) in a

Potential risk

2) the scrambled VideoCrypt signal can be replayed with a normal home VCR

One owner of a genuine card provides the control words in real-time via wire

or radio to owners of decoders without a card (60 bits every 2.5 s).

download VCL file and put decoder between VCR and TV. A PC then emulates

card and replays control words from VCL file. VideoCrypt Broadcast Logfiles (VBL)

allow a posteriori VCL file generation.

Covert channel might identify card owner in public VCL files, therefore use VCL voter

(common practice!)

VideoCrypt Logfile (VCL) and publishes this on her Web page.

Decoder owners without card record the scrambled programme, then

(old proposal, not implemented)

Page 8: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Secret Hash/MAC Algorithms in VideoCrypt Smartcards

all variables are 8-bit unsigned

Hash and Signature Check Structure:

answ[0..7] := 0;

b := 0;

round(b);

round(msg[i]);

j = 0;

for i:=0 to 26 do

for i:=27 to 30 do

Round Function in BSkyB P07:

answ[j] := answ[j] xor p;

c := rotate_right(rotate_left(not c, 1) + p, 3);

j := (j + 1) mod 8;

answ[j] := answ[j] xor c;

parameter p

Output:

round(b);

b := msg[i];

round(msg[31]);

for i:=1 to 64 do

if answ[j] != msg[i] then

only in P07

in P09 handle nanocommands here

j := (j + 1) mod 8;

P09 card used completely different

round function

Input: msg[0..31]

answ[0..7]

signature wrong

c := sbox[answ[j] / 16] +

sbox[answ[j] mod 16 + 16];

Page 9: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

e8 43 0a 88 82 61 0c 29 e4 03 f6 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 fb 54 ac 02 510 1 2 3 4 5 6 7 8 9 10 11 26 27 28 29 30 31

channeladdress suffixes or

ECM nanocommands

signature

checksumsince 1989

months

BSkyB P09 Structure of 32-byte Message in Instruction 74h

XOR Scrambling: Subcommands: Nanocommands:

00

01

. . .

20

21

. . .

40

80

deactivate card

deactivate Sky Movies

activate card

activate Sky Movies

PPV management

ECM nanocommands

. . .

cause calculated jumps into

highly obscure machine code,

many add additional rounds,

some read or write RAM or

EEPROM locations, the

nanocommand interpreter

is designed to be extremely

non-portable and difficult to

understand

a := msg[1] xor msg[2];

swap_nibbles(a);

b := msg[2];

for i:=0 to 3 do

b := rotate_left(b, 1);

b := b + a;

x[i] := b;

subcommand

code xor x[0]

address prefix

xor x[0..3]

random byte

Page 10: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

ROM

ASIC µC

I/O

VCC RST CLK

VCC RST CLK

to ASICGND

VCC RST

GND to µCI/O CLK

5754

ISD

F

2 D

2 M

3

M6007E

001B

ICM

OS

18

VPP pad (free)GND padfree pad GND

side with sharp knifeside with 1 mm drill andfill holes with conductive

Conductive Silver Ink Attack on the BSkyB P10 Card

M. Kuhn

Drill two holes from pad Cut line from pad

silver ink to establish

view from non-pad side

contact with free pads

Page 11: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Some Pay-TV Pirate Devices

"Battery-powered smartcard", Megasat Bochum

Conductive silver ink attackon BSkyB P10 card (top),

with card CPU replaced byexternal DS5002FP (right)

ISO 7816 to RS-232 adapter (Season7)BSkyB P9 deactivation blocker

Page 12: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Access Control for Digital Video Broadcasting (DVB)

interfacecommon

MPEG streamdemultiplexer

correctionerror conditional

access moduledemodulatorreceiver

TV PC

data interface

MPEG audiodecoder

MPEG videodecoder

Access control issues:

Standardization of Common Scrambling Algorithm will at least allow SimulCrypt,

where different access control systems can decrypt the same control words in

order to descramble the same programme

Standardization of Common Interface (PCMCIA slot) to allow plug-in access control

Standardization of complete access control system was politically not possible

Page 13: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

K1,1 K K K K1,2 1,3 1,4 1,5

K2,1 K K K K2,2 2,3 2,4 2,5

K3,1 K K K K3,2 3,3 3,4 3,5

K4,1 K K K K4,2 4,3 4,4 4,5

K5,1 K K K K5,2 5,3 5,4 5,5

K6,1 K K K K6,2 6,3 6,4 6,5

Idea

Every card contains a subset of L=10 keys out of a pool of K·L=300 keys K i,j which are

used for session key uploads

replaced to recover confidentiality of session key updates

Example

L=6, K=5, C=2

Compromised Key

Robust Key Management Scheme for Pay-TV Smart Cards

card

Key in an uncompromised

Cards that know only compromised

keys have to be replaced

If pirates open C=20 cards, only (1-(1-1/K) ) = 0.08% of the genuine cards have to beC L

Each card knows one key per row

Single rows or all uncompromised

keys are used for session key uploads

Page 14: Attacks on Pay-TV Access Control Systemsmgk25/vc-slides.pdf · Generations of Pay-TV Access Control Systems Analog Systems Hybrid Systems analog signal scrambled with digital framebuffer

Lessons Learned from Pay-TV Piracy

Every security microcontroller and ASIC will be reverse engineered within weeks

Continuous pirate market observation and analysis of pirate devices becomes

Obfuscated programming, customized processors, and other portability surprises

by more flexible key management (Kerckhoffs’ principle)

if pirates see a chance to make a million dollars profit from doing it

in security module software are successful for only a few days and should be replaced

Analog and hybrid pay-TV systems do not provide signal confidentiality and will

Routine recovery from attacks by ECMs, key updates, exchange of security modules, etc.

must already be planned for in the design phase of a large scale cryptographic application

Today’s EEPROM processor smart card technology is unsuitable for holding global secrets

routine activity for any consumer multimedia access control system operator

eventually be broken by real-time image processing attacks