Satellite TV Decoders

A satellite TV system must face the following challenge: it is one-way. The receivers cannot do anything but receive; they cannot emit anything.

• Each subscriber has a smartcard, and that card contains a key Ks specific to that subscriber.
• The media stream is encrypted with a key K. That key is updated regularly.
• Along with the media stream, the publisher sends K encrypted with each Ks in circulation. That is, every minute or so, thousands of small blobs are sent in some "holes" in the data stream (apparently there is sufficiently free bandwidth for that); all these blobs contain K, but encrypted with the key of a subscriber.

Thus, a given decoder will just wait for the blob which contains K encrypted with his card-specific key Ks, and use the card to obtain K and decrypt the stream.

When a subscriber is no longer a subscriber (he ceased to pay), the publisher simply stops sending the blob containing K encrypted with the corresponding Ks. The next time K is updated (it happens several times per day), the ex-subscriber is "kicked out".

In older times, media publishers had the habit of doing everything "their way", which means that they designed their own encryption algorithms, and they were very proud of them, and kept them secret. Of course, such secrets were never maintained for long because reverse engineering works well; and, inevitably, these homemade encryption algorithms almost invariably turned out to be pathetically weak and breakable.

Nowadays, the publishers have begun to learn, and they use proper encryption. In such a situation, the only recourse for attackers is to clone smartcards, i.e. break their way through the shielding of a legally obtained smartcard, to get the Ks of that card. Breaking through a smartcard is expensive, but not infeasible, at least for the kind of smartcard that are commonly used for such things; it requires a high-precision laser and an electronic microscope, and is rumoured to cost "a few thousands of dollars" for each break-in. Attackers do just that.

Publishers react in the following way: with traditional police methods. The cloning method is worth the effort only if thousands of clones can be sold, as part of some underground market. Inspectors just masquerade as buyers, obtain a clone, see what card identity the clone is assuming, and deactivate the corresponding subscriber identity on the publisher side, evicting all clones of that card in one stroke.

From what I have seen, the break-clone-sell-detect-deactivate cycle takes about two weeks. It is more-or-less an equilibrium: the non-subscribers who accept the semi-regular breakage of connectivity are in sufficient numbers to maintain professional pirates, but they are not numerous enough to really endanger the publishers' business model.

We may note that Blu-ray discs are a much more challenging model, because readers can be off-line and must still work; and though each Blu-ray reader embeds its own reader-specific key, there is not enough room on a Blu-ray disc to include "encrypted blobs" for all readers in circulation. They use a much more advanced algorithm called AACS. However, for satellite TV, the simple method described above works well.