Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer - - PowerPoint PPT Presentation

attacks on pay tv access control systems
SMART_READER_LITE
LIVE PREVIEW

Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer - - PowerPoint PPT Presentation

Jun 22, 2023 316 likes •464 views

Attacks on Pay-TV Access Control Systems Markus G. Kuhn Computer Laboratory Generations of Pay-TV Access Control Systems Analog Systems remove sync information, try to confuse gain-control in receiver, etc. cryptography is not essential part

slide-1
SLIDE 1

Attacks on Pay-TV Access Control Systems

Markus G. Kuhn Computer Laboratory

slide-2
SLIDE 2

Generations of Pay-TV Access Control Systems

Analog Systems Hybrid Systems

analog signal scrambled with digital framebuffer using a cryptographically transmitted control word fully cryptographic subscription management using smartcards

Digital Systems

examples: VideoCrypt, EuroCrypt (EN 50094), Syster Nagravision cryptography is not essential part of decoding process still dominant type for most cable-TV premium channels broadcasted signal is digitally modulated, encrypted, and multiplexed cryptographic subscription management using smartcards as with hybrid systems remove sync information, try to confuse gain-control in receiver, etc. MPEG-2 audio and video data stream broadcasted signal conforms to analog TV standard (PAL, D2MAC, NTSC, SECAM) examples: DVB, DSS/VideoGuard

slide-3
SLIDE 3

Scrambler Smartcard FIFO-1 DAC ADC FIFO-2 CPU1 CPU2 OSD SAT- receiver TV

Example of a Hybrid System: VideoCrypt

Features:

vertical-blank-interval data contains 32-byte messages with blacklist/whitelist data smartcard calculates 60-bit MAC as control word from 32-byte messages every 2.5 s CPU1 salts control word with frame counter to generate 60-bit PRNG seed per frame Scrambler uses 60-bit seed to generate cut-point sequence per frame

EPA 0428252 A2

scrambling by active-line rotation, requires only memory for one single image line

slide-4
SLIDE 4

An Image Processing Attack on VideoCrypt

broadcasted scrambled signal unscrambled source signal result of cross-correlation with edge detector avoids horizontal final b/w descrambling result obtained cutpoints marked penalty zones around cut points without knowledge of card secret

slide-5
SLIDE 5

The VideoCrypt Smartcard Protocol

Flow control ISO 7816 T=0 protocol:

sent by decoder /smartcard

CLA INS P1 P2 P3 INS SW1 SW2 DATA[1] . . . DATA[P3] 78h 7ah 7ch 7eh 80h 82h Instructions INS length (P3) 70h 72h 74h 6 16 32 1 8 25 16 76h 64 1 64 card decoder sent by decoder decoder card card card card decoder card purpose card serial number message from previous card message from broadcaster authorize button pressed control word (MAC of 74h)

  • nscreen display message

message to next card Fiat-Shamir response Fiat-Shamir squared random number Fiat-Shamir challenge bit

slide-6
SLIDE 6

VideoCrypt or How not to use the Fiat-Shamir ZKT

Protocol Decoder Smartcard

INS 70h: INS 7eh: INS 80h: INS 82h: X = R² mod N Q Y = R Y = R · S mod N if Q = 0 if Q = 1 (512 bits) (1 bit) Decoder receives Q periodically from broadcaster and forwards it to the smartcard Decoder is supposed to reject smartcard if the following test fails (first generation did not): if Q = 0 Y² = X mod N if Q = 1

Attack

Decoder has no memory to verify that X is different each time, so pirate card just observes Y² = X · V mod N V, R, R² mod N, and R · S mod N from any card and replays those values each time. card number V (48 bits) (knows secret S with S² = V mod N, where N = p · q)

slide-7
SLIDE 7

Replay attacks against VideoCrypt

Vulnerabilities Real-time card sharing 1) all VideoCrypt smartcards working on the same channel reply identically Offline Internet card sharing One owner of a genuine card records control words and synchronization information for a specific show (say Star Trek on Sunday, 18:00) in a Potential risk 2) the scrambled VideoCrypt signal can be replayed with a normal home VCR One owner of a genuine card provides the control words in real-time via wire

  • r radio to owners of decoders without a card (60 bits every 2.5 s).

download VCL file and put decoder between VCR and TV. A PC then emulates card and replays control words from VCL file. VideoCrypt Broadcast Logfiles (VBL) allow a posteriori VCL file generation. Covert channel might identify card owner in public VCL files, therefore use VCL voter (common practice!) VideoCrypt Logfile (VCL) and publishes this on her Web page. Decoder owners without card record the scrambled programme, then (old proposal, not implemented)

slide-8
SLIDE 8

Secret Hash/MAC Algorithms in VideoCrypt Smartcards

all variables are 8-bit unsigned Hash and Signature Check Structure: answ[0..7] := 0; b := 0; round(b); round(msg[i]); j = 0; for i:=0 to 26 do for i:=27 to 30 do Round Function in BSkyB P07: answ[j] := answ[j] xor p; c := rotate_right(rotate_left(not c, 1) + p, 3); j := (j + 1) mod 8; answ[j] := answ[j] xor c; parameter p Output: round(b); b := msg[i]; round(msg[31]); for i:=1 to 64 do if answ[j] != msg[i] then

  • nly in P07

in P09 handle nanocommands here j := (j + 1) mod 8; P09 card used completely different round function Input: msg[0..31] answ[0..7] signature wrong c := sbox[answ[j] / 16] + sbox[answ[j] mod 16 + 16];

slide-9
SLIDE 9

e8 43 0a 88 82 61 0c 29 e4 03 f6 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 fb 54 ac 02 51

1 2 3 4 5 6 7 8 9 10 11 26 27 28 29 30 31

channel address suffixes or ECM nanocommands signature checksum since 1989 months

BSkyB P09 Structure of 32-byte Message in Instruction 74h

XOR Scrambling: Subcommands: Nanocommands: 00 01 . . . 20 21 . . . 40 80 deactivate card deactivate Sky Movies activate card activate Sky Movies PPV management ECM nanocommands . . . cause calculated jumps into highly obscure machine code, many add additional rounds, some read or write RAM or EEPROM locations, the nanocommand interpreter is designed to be extremely non-portable and difficult to understand a := msg[1] xor msg[2]; swap_nibbles(a); b := msg[2]; for i:=0 to 3 do b := rotate_left(b, 1); b := b + a; x[i] := b;

subcommand code xor x[0] address prefix xor x[0..3] random byte

slide-10
SLIDE 10

ROM

ASIC µC

I/O VCC RST CLK

VCC RST CLK to ASIC GND VCC RST GND to µC I/O CLK

5754 ISD F2 D2 M3 M6007E001 BICMOS18

VPP pad (free) GND pad free pad

GND

side with sharp knife side with 1 mm drill and fill holes with conductive

Conductive Silver Ink Attack on the BSkyB P10 Card

  • M. Kuhn

Drill two holes from pad Cut line from pad silver ink to establish view from non-pad side contact with free pads

slide-11
SLIDE 11

Some Pay-TV Pirate Devices

"Battery-powered smartcard", Megasat Bochum Conductive silver ink attack

  • n BSkyB P10 card (top),

with card CPU replaced by external DS5002FP (right) ISO 7816 to RS-232 adapter (Season7) BSkyB P9 deactivation blocker

slide-12
SLIDE 12

Access Control for Digital Video Broadcasting (DVB)

interface common MPEG stream demultiplexer correction error conditional access module demodulator receiver TV PC data interface MPEG audio decoder MPEG video decoder

Access control issues: Standardization of Common Scrambling Algorithm will at least allow SimulCrypt, where different access control systems can decrypt the same control words in

  • rder to descramble the same programme

Standardization of Common Interface (PCMCIA slot) to allow plug-in access control Standardization of complete access control system was politically not possible

slide-13
SLIDE 13

K1,1 K K K K

1,2 1,3 1,4 1,5

K2,1 K K K K

2,2 2,3 2,4 2,5

K3,1 K K K K

3,2 3,3 3,4 3,5

K4,1 K K K K

4,2 4,3 4,4 4,5

K5,1 K K K K

5,2 5,3 5,4 5,5

K6,1 K K K K

6,2 6,3 6,4 6,5

Idea Every card contains a subset of L=10 keys out of a pool of K·L=300 keys K

i,j which are

used for session key uploads replaced to recover confidentiality of session key updates Example L=6, K=5, C=2 Compromised Key

Robust Key Management Scheme for Pay-TV Smart Cards

card Key in an uncompromised Cards that know only compromised keys have to be replaced If pirates open C=20 cards, only (1-(1-1/K) ) = 0.08% of the genuine cards have to be

C L

Each card knows one key per row Single rows or all uncompromised keys are used for session key uploads

slide-14
SLIDE 14

Lessons Learned from Pay-TV Piracy

Every security microcontroller and ASIC will be reverse engineered within weeks Continuous pirate market observation and analysis of pirate devices becomes Obfuscated programming, customized processors, and other portability surprises by more flexible key management (Kerckhoffs’ principle) if pirates see a chance to make a million dollars profit from doing it in security module software are successful for only a few days and should be replaced Analog and hybrid pay-TV systems do not provide signal confidentiality and will Routine recovery from attacks by ECMs, key updates, exchange of security modules, etc. must already be planned for in the design phase of a large scale cryptographic application Today’s EEPROM processor smart card technology is unsuitable for holding global secrets routine activity for any consumer multimedia access control system operator eventually be broken by real-time image processing attacks