Cisco Blogs

Downloadable Security : Both Sides of the Fence

November 26, 2007 - 0 Comments

Security.jpg A lot has been written about a downloadable conditional access system (DCAS) in the cable industry (including a post I wrote a few weeks ago), but what’s going on over on the telecom side of the video marketplace? In the IPTV arena, we’re working through the issues relevant to secure download within the IPTV Interoperability Forum (IIF). Our approach will use some similar technologies to what DCAS is delivering for cable, but it is not the same technical solution. The target of the IIF (which is one of the committees of ATIS, the Alliance for Telecommunications Industry Solutions), is to deliver what is called”initial closure” of our first version of this secure, open-specification download stack by the end of 2007. The work is taking place within the Digital Rights Management Task Force which is one of 4 active IIF Task Forces. Some current IPTV set-tops have a proprietary download mechanism that is not secured by hardware. This makes these set-tops less secure than the DCAS approach over on the cable side since DCAS calls for downloading into very secure hardware. The ATIS IIF downloadable solution under development will allow use of secure hardware but not mandate it.Some IPTV providers take the approach of reloading new”software-only” conditional access (CA) once the previous version gets broken and use this reloading scheme as a way to fix the breach. But, even with re-loads, you still have the requirement to provide long-term key storage protection to safeguard the keys that provide device identity or allow you to do content decryption. This is a significant vulnerability in the software-only scenario. Since the deployment of IPTV devices is still relatively small, it’s not yet possible to know what level of piracy will exist against software-only IPTV CAS. Once the footprint of IPTV devices increases, there’s a bigger target and piracy activity will likely heat up. From a regulatory point of view, the ‘TelCos’ must also meet FCC requirements for the ban on embedded security in navigation devices. Thus, similar to the CATV case, the IIF Secure Download solution will be an alternative to meet the separable security requirement. In addition to all of the secure download specification work described above, the IPTV Separable Security Incubator (ISSI) at ATIS is working on a fast-track effort to standardize an”IPTV-friendly CableCARD” which can be deployed if downloadable security is not ready in a given network. Telecoms are basing this solution on the MCard standard that the cable industry is using and currently call it the”APOD”. The first draft of this specification is also expected at the end of 2007.The parallel development efforts of IIF Secure Download and the APOD provide great options for IPTV security solutions and will continue to create an environment that is full of new challenges and opportunities as we move along in the standardization process.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.