Simulcrypt: May They Live Happily Ever After
Peaceful Coexistence of Multiple CA SystemsContent security and conditional access systems (CAS) have been traditionally, at least in part, proprietary systems. While many CAS use standardized encryption algorithms, the key management and distribution techniques as well as entitlement messaging of each system have usually been kept”under wraps”. This presents a roadblock of sorts to the deployment of receiving devices from multiple vendors within a cable or IPTV system. Simulcrypt, which supports coexistence of two or more different CAS operating simultaneously in one system, is a technology that can enable existing CableCARD options and the evolving Downloadable CAS (DCAS) scenario when legacy receiving devices are already in place. The Simulcrypt specifications resulted from a DVB project and can be downloaded for no cost at the ETSI web site. While Simulcrypt has not traditionally generated a great deal of interest with the North American MSOs, there have been international CATV deployments of Simulcrypt and there is evidence of interest in the IPTV world.What has piqued the interest of the IPTV providers? In two words: vendor competition. For IPTV systems, single sourcing for headends, other equipment, and set-tops has a limiting effect on the purchasing options for set-tops; options that can benefit IPTV operators’ bottom line. The sticking point is that second source products must be able to operate in legacy systems with whatever CAS already exists in the system. One solution that could facilitate vendor competition in IPTV networks at this time appears to be Simulcrypt.The clock is ticking for about 120 telecom and cable operators who received an FCC waiver to continue to use”low-end” set-tops with embedded security until December 31, 2009 in exchange for a promise to operate all-digital networks by February 17, 2009. As a result, when we arrive at the end of 2009, everyone will need to be operating a separable security-enabled system. While deploying CableCards or the ATIS-defined APOD (essentially an IPTV-friendly CableCard –see my January 2008 post) will be likely scenarios after the waivers expire, operators can derive more leverage by introducing a second CAS to their networks, thus spurring competition not only for receiving devices but also for the separable security modules themselves. To achieve this, a method is needed to allow CableCards/APODs from different CAS to work in harmony on the same content streams. Simulcrypt provides an answer in this area.Simulcrypt works by employing a common encryption algorithm for the content streams and further uses a common set of keys (sometimes called control words) for each stream. Each of the two or more CAS must therefore share the control words for each service but can package the control words in a proprietary way for transmission to receiving devices that use that CAS. Control words are typically sent in-band (i.e., in packets that are intermixed with the content stream packets) in Entitlement Control Messages (ECMs). Since one set of ECMs needs to be sent to accommodate each CAS, there is a slight additional overhead that is imposed by Simulcrypt. However, because Simulcrypt requires only one copy of the content to be sent, the total overhead is quite minimal (usually on the order of 15-20 kbps per CAS for the ECMs).Many expect the FCC regulatory environment to shift substantially after November 2008, regardless of who wins the US presidential election. With new leadership, the FCC could go in a very different direction on any or all of the CableCARD, Simulcrypt, or DCAS approaches. So, stay tuned, because the separable security issue only promises to get more interesting over time.