Access authorization system

Various possible realizations

The term access authorization systems ( ZBS ), also encryption standards or encryption systems or English conditional access system (CAS), designates the systems used in pay TV to encrypt and decrypt program content.

General

The process used in digital television to encrypt and decrypt content is called the Common Scrambling Algorithm (CSA for short). In order for a receiver to be able to decrypt the signal using CSA, it needs a constantly changing eight-byte-wide so-called control word. The task of the CA systems is to send this control word to the recipient and to only address certain recipients.

Technical procedure and details

CA systems form the interface between the encrypted DVB data stream and the smart card of the user (or subscriber). The provider sends separate data packets called ECMs (ECM = Entitlement Control Message) parallel to the user data. Using this ECM, an appropriately authorized recipient can calculate the control word valid at this time and transmit it to the CSA decoder. This then undertakes the final decryption of the data stream. On the recipient side, a CA system is usually mapped by a smart card tied to the customer and a customer-anonymous conditional access module . The module filters the ECM packets from the data stream and uses the information provided in conjunction with the smart card to calculate the corresponding control word. The logic of the CA system is distributed on the one hand to the module and on the other hand to the smart card. It is common here to keep customer-specific data on the smart card and not to make it readable by third parties.

Since there must always be a unique control word for decryption regardless of the CA system used, several CA systems can be used in parallel for a single data stream ( Simulcrypt ). The provider must send their own ECMs for each CA system used.

In addition to the information that is already on the customer's card and the ECMs, all of these processes also send control codes over the incoming data stream. These so-called Entitlement Management Messages (EMMs for short) are used to specifically activate or deactivate customer cards. There is also the option of granting the customer more or fewer rights with regard to individual offer packages without the customer having to exchange the smart card.

List of common CA systems

BetaCrypt, BetaCrypt-2

(CA-ID Sat 0x170n Kabel 0x172n) BetaCrypt was used by BetaResearch, a subsidiary of KirchMedia , for the d-box . It is software licensed by Irdeto Access BV with a changed CA-ID , otherwise it is identical to Irdeto. Originally the Kirch broadcasters DF1 (the first digital pay TV broadcaster in Germany), Premiere World (merger of DF1 and Premiere Digital) and later its legal successor Premiere used this encryption system.

BetaCrypt has been further developed over time. With the market launch of the d-box 2 , a new generation of smart cards was introduced whose serial numbers all ended with a Z. These smart cards implemented the so-called CAM-Crypt. In the initialization phase, the smart card and the CA module negotiate a key - the so-called CAM key - which the smart card uses to encrypt all control words sent to the CA module and which the CA module uses to decrypt them again.

After the insolvency of the Kirch Group and the sale of Premiere, the subsidiary BetaResearch, which belongs to another branch of the group, was sold and largely liquidated. It has granted license rights for BetaCrypt 1 and has been renamed TecLic. BetaCrypt 2, which was about to be completed, was no longer used, also for reasons of corporate policy, and was replaced by an encapsulated Nagravision from the Kudelski Group. The CAMs in the receivers could be retained and the cards still communicate like classic Irdeto, but transmit the Nagrapayload within the Irdeto ECMs . Most recently, the procedure was used in the ORF digital program of the Austrian broadcasting company in parallel to Cryptoworks. Due to the expiring license and maintenance that has not been possible for over five years, distribution was stopped on May 20, 2008.

BETACRYPT2

(CA-ID 0x171n) is being further developed by comvenient GmbH & Co. KG and sold internationally, (hitron, artelecom, Nossa-tv Antina) encrypt in the Betacrypt2 system.

VideoGuard

(CA ID 0x0900) VideoGuard from NDS u. a. Has been used by Kabel Deutschland since 2009 in the Simulcrypt process with Nagravision, since 2008 by Kabel BW , by Tele Columbus in the Simulcrypt process with Conax and by Sky Deutschland in the Simulcrypt process with Nagravision. Besides, it use British Sky Broadcasting , DirecTV , D-Smart (Turksat 42 ° East), Sky Italia and OTE TV (Greece) on Euro Bird 9 degrees East. The system is also widespread on the Sirius satellites , especially for Scandinavian broadcasters, for example Viasat. This makes it the world's dominant CA system. It couldn't be bypassed yet.

VideoCrypt can be considered its analogue predecessor . Further variants of Videoguard are mVideoguard for mobile applications and Synamedia / Videoguard for broadband TV (IPTV), as used for example at A1 Telekom Austria for A1 Kabel TV .

Irdeto

(CA-ID 0x06nn) Irdeto was an early digital coding system that found its first use in Dutch pay TV (MultiChoice NL). Only a few providers still use it, as most of them switched to Irdeto-2 or switched to hybrid solutions such as the tunneled Nagra (current sky Germany procedure as of 2009). Contrary to popular opinion, Irdeto was never cracked: it was always only the cards that showed weaknesses and thus made the system compromised again and again.

The name Irdeto is derived from the Dutch manufacturing company Irdeto Access ; it represents a contraction of Ir. Den Toonder - named after the company founder Pieter den Toonder - where Ir. is the Dutch abbreviation for an engineer with a university degree .

Examples of the vulnerability of the cards included:

Return of correct signatures (to "sign" a valid ECM)
Timing of the signature

Irdeto-2

Irdeto-2 is fundamentally different from Irdeto-1. If only the keys required to calculate the control words are transmitted in encrypted form with Irdeto-1, all communication from the program provider to the smart card is encrypted with Irdeto-2. Only the header data, the so-called header, and the checksum at the end of each data block are largely identical to those of Irdeto-1. This means that Irdeto-2 smart cards also work in old CA modules that were once built for Irdeto-1. The control words returned by an Irdeto-2 smart card are also encrypted. This form of encryption of the control words is identical to the so-called CAM-Crypt known from Betacrypt-1.

Cryptoworks

(CA-ID 0x0dnn) Cryptoworks is mainly used on Astra and Hotbird and used by MTV Networks, for example. Cryptoworks was also used as encryption by the premiere competitor Easy.TV.

Cryptoworks was developed by Philips Electronic. Philips has now sold the Cryptoworks division to the Dutch company Irdeto .

Cryptoworks-ORF

Also, the ORF since April 2003 offers customers the ability to decrypt the ORF programs with Cryptoworks. The old BetaCrypt smart cards were supported until the end of April 2008.

Some ORF Cryptoworks receivers (decoders) had / have problems with a code change on the transmitter side. An ORF subsidiary, ORS , commissioned with broadcasting, organized an exchange service for affected hardware in cooperation with Austrian specialist retailers.

Cryptoworks Arena

The former Bundesliga broadcaster Arena used a tightened version of Cryptoworks for distribution via Astra. With arena there was a split in smart card technologies, on the one hand the size (SIM format) and on the other hand the SIM reader. This brought compatibility problems with other smart cards, such as ORF cards.

Negative list:

Humax CR-FOX + (for example ORF)

Other transmitters encoded in Cryptoworks

Digitürk, UPC Direct, CNN, MTV Networks, CzechLink, Wizja TV, Fox Kids Russia, Fox Kids Romania, VH1 Germany, BFBS TV, JSTV.

Nagravision

(CA-ID 0x1800) Nagravision was developed by the Swiss company Kudelski SA. For a long time it was mainly used at Cyfrowy Polsat . Since almost all smart card series in this system showed weaknesses, many pay-TV providers around the world switched to the newer Nagravision-Aladin system. Very few providers still use this system. However, it is still very common in the cable network in Switzerland . UPC Switzerland and Teleclub continue to use it. Under pressure from Teleclub, the UPC had to encrypt their channels differently from 2015 than with Nagravision. The UPC channels are still encrypted with Nagravison.

Nagravision Aladdin

(CA-ID 0x1801 & 0x1810 / 0x17nn [Betacrypt]) Nagravision Aladin was developed by the Swiss company Kudelski SA and is a further development of the older Nagravision system. Some Nagravision Aladin smart card series are known to have security holes that make it possible to bypass the system without a valid subscription.

The German pay TV providers Sky Deutschland , Vodafone Kabel Deutschland and Unitymedia use this and a version of Aladin specially modified by Kudelski in the Simulcrypt method. The modification relates to the data transfer in EMMs (Entitlement Management Message) and ECMs (Entitlement Control Message). The data areas are transmitted in the Betacrypt protocol (CAID 0x17nn), but are encrypted with the Nagravision-Aladin algorithm. This makes it possible to continue using older receivers with built-in Betacrypt CAMs (for example d-box 1 and d-box 2 ). Before the contract between the Sky Deutschland predecessor PREMIERE and Kudelski SA was signed, the map ROM software version 120 intended for PREMIERE had already been completed. However, the former PREMIERE boss Georg Kofler insisted not to exchange the old receivers with built-in Betacrypt for new Aladin receivers. The new Aladin cards had to be able to run in old Betacrypt CAMs. However, since the Betacrypt CAMs only filter ECMs on the CAIDs 0x1702 (Sat), 0x1722 (Cable) or 0x1762 (Austria) from the data stream and send them to the card, the new cards had to be used in the transition phase in which the old Betacrypt cards were countered new Aladin cards were exchanged, fully support Betacrypt. As a result, Kudelski had to intervene again in the ROM-120 firmware in order to incorporate the Betacrypt core. Because of the time pressure, the software is said to be faulty, so that it was possible to bypass the system before the card exchange was completed and Betacrypt was switched off. So far, only one commercial crack of the ROM120 cards is known, which is already working with Nagravision Aladin. Kudelski has been distributing cards with the ROM122 since August 2005, which in turn contain more security updates. Sky Deutschland (PREMIERE) and Kabel Deutschland have been using Aladin in both forms since November 2003. Kabel Deutschland uses the new Betacrypt-CAID 0x1751 in the Simulcrypt process together with the Aladin-CAID 0x1801 for the channels that are encrypted but free to receive. Aladin is also used, for example, by the Spanish provider DIGITAL + (together with Cardmagedon), the Canadian provider Dish and the Polish provider Cyfrowy Polsat.

Unmodified or not tunneled (or "pure") Nagravision Aladin is often incorrectly referred to as Nagravision 2, since Aladin is mistakenly associated with the tunneling used by Sky Deutschland and Kabel Deutschland with Betacrypt. The official brand name of Kudelski SA for this system is "Aladin".

Nagravision Cardmagedon

(CA-ID 0x01nn [Mediaguard]) Nagravision Cardmagedon is a further development of the Aladin system. Nagravision Cardmagedon was specially developed for the Spanish pay-TV provider DIGITAL + and is used for access control on the Astra 19.2 ° E satellite in the Simulcrypt process alongside "pure" Nagravision Aladin (0x1801). Similar to the modified Nagravision Aladin from sky Deutschland and Kabel Deutschland, the data is transmitted in the SECA-Mediaguard protocol (in sky and Kabel Deutschland in the Betacrypt protocol) so that older DIGITAL + receivers with built-in SECA-Mediaguard CAMs can continue to be used . However, in contrast to the modified Aladin, not only a Mediaguard wrapper (packaging) is used, but the entire data payload is encrypted again in Mediaguard (pseudocrypt) in addition to the Nagravision-Aladin encryption. This double encryption makes it much more difficult to attack the system or to write an emulation.

Nagravision Cardmagedon is often incorrectly referred to as SECA Mediaguard 3 and has so far been considered secure.

However, Nagravision Aladin (CAID 0x1801), which is used in addition to Cardmagedon at DIGITAL +, can be bypassed due to security gaps in the ROM110 cards, whereby the security of Cardmagedon has no effect (since the current control data can be accessed with the help of Aladin) .

CONAX

The Conax logo

(CA-ID 0x0bnn) Conax is mainly used by Scandinavian broadcasters. Conax is now also used for Eutelsat's cable kiosk platform, which German cable operators such as EWT, Kabel & Medien Service (Kabelfernsehen München ServiCenter GmbH & Co. KG), WTC, Marienfeld MultiMedia, Deutsche Telekabel (Versatel) and other smaller network operators use. Also Tele Columbus encrypted method Simulcrypt until further notice with Conax, in addition to VideoGuard in. The TechniSat radio bouquet on the Astra 19.2 ° East satellite was encrypted with Conax. From the first quarter of 2008 to April 1, 2009, the package Premiere Family (formerly Thema) was also encrypted in Conax via satellite, in addition to Nagravision Aladin. The Austrian cable operator Liwest and the Swiss cable operator Digital Cable Group also use Conax, as do the "intertainment-tv" offers from "Breitband.ch" in north-western Switzerland. It was developed by the Norwegian company Telenor . Conax is also used in Pixx and Rex receivers. The advantage for the receiver manufacturer is that there are no license fees per device, which is why Conax can be found in many receivers today.

SECA Mediaguard 1

(CA-ID 0x01nn) In the mid-1990s, Societe Europeenne de Controle D'Acces (SECA) developed the MEDIAGUARD Conditional Access System. It was a widely used coding system in the early days of digital TV, and it was used in France, Spain, and Italy, among others. SECA-1 encryption was replaced by SECA 2, as all smart cards of this generation showed bugs and the encryption could thus be bypassed.

SECA Mediaguard 2

(CA-ID 0x01nn) SECA-2 is the successor to SECA and is currently used in France, Belgium, the Netherlands and Spain. SECA-2 went the same way as Irdeto to Irdeto-2 and established a CAM key in the communication between smart card and CAM.

SECA 2 (Spain and formerly Italy) was successfully circumvented using a bug on the SUN V7 smart card. In the meantime, Italy's Pay-TV has changed its encryption to NDS and Spain's to Nagravision "Cardmagedon", as the older SECA 2 cards no longer offered reliable protection against stealthers. On the cards of the SECA 2 packages CA ID 0064 0067 0065, i.e. the cards of Spain (DIGITAL +) and Italy (Sky Italia), the bugs that made it possible to bypass the encryption could be found, on all other cards, such as those of CANAL + (France), TV Vlaanderen (Belgium) or Canal Digitaal (Netherlands) have not (so far) found any serious bugs.

PowerVu, PowerVu +

(CA-ID 0x0e00) This encryption is used by the American Forces Network of the US Army and formerly by Bundeswehr TV and Radio Andernach for the supply on their international bases. PowerVu is also used to broadcast television programs for feeding from cable providers via satellite or to tunnel DVB-C multiplexes. In order to decrypt PowerVU transmitters, special PowerVu receivers are required, as they have so far only been produced by the American manufacturer Scientific Atlanta (now Cisco Systems ). All PowerVU receivers have a built-in smart card chip in the form of an integrated circuit . This means that every PowerVU receiver has a unique serial number and can therefore be individually activated, but also blocked again, by the program provider. Most receiver models also have a slot to accommodate an additional PowerVU smart card.

The system was cracked at the end of 2014. Only a 7-byte management key is required for decryption. Bundeswehr TV and Radio Andernach switched to Conax in 2015.

Verimatrix, VCAS

VCAS (Verimatrix Content Authority System) is a software-based system for the protection of digital video and audio content (Content Protection & Digital Rights Management System) used by companies in the field of IP networks (IPTV, FTTH, VoD) and DVB (DVB -S, DVB-T, DVB-C, DVB-H) is used.

Other CA systems

Abel DRM Systems AS: (CA-ID 0x4AEB)
ACCESSGATE: (CA-ID 0x4800) from Telemann is used with AsiaSat4. Smart cards and embedded CAS are used.
BISS ( Basic Interoperable Scrambling System ): (CA-ID 0x2600) The CA encryption system consists of a 6 byte (12 nibbles) long keyword ("keyword") from which the CWs are then generated. As a result, no cards are used. Often used for feeds and, for example, on Turkish TV stations on 42 ° East during sports broadcasts (e.g. Bundesliga). The keywords for some channels have recently reached the Internet, which means that the encryption of some channels can be bypassed.
CerberCrypt: (CA-ID 0x4ADE)
ChinaCrypt: (CA-ID 0x49xx): This CAS was developed by DTVIA and Philips Electronic for the Chinese market, it is identical to Cryptoworks.
CodiCrypt: (CA-ID 0x22nn) from Scopus Network Technologies . It couldn't be bypassed yet.
Cryptoguard AB: (CA-ID 0x4AEA) no information
CTI (Beijing Compunicate Technology Inc.): (CA-ID 0x4ABn)
Digicipher 2: (CA-ID 0x0700) Motorola 4DTV encryption system , widely used in North America. Not DVB compatible.
Director: no information
DMV: no information
DRE-Crypt (Digi Raum Electronics Co. Ltd.): (CA-IDs 0x4AE0 & 0x4AE1) is used with tricolor-tv
DreamCrypt: (CA-ID 0x4a70) This CA encryption system from Dream Multimedia was used by X-Dream TV . Now INXTC TV and XPlus TV code their programs with it.
Griffin: (CA-ID 0x5501) from Nucleus Systems, Ltd. Bulsatcom and Athina Sat TV use this encryption system with smart cards.
Icecrypt: (CA-ID 0x4a61) no information
KeyFly: (CA-ID 0x4aan) Broadcasters on Hispasat, Hotbird, Nilesat use this encryption system.
Latency: (CA-ID 0x4ACn)
Logiways: (CA-ID 0x4ADC)
MediaCipher: Motorola encryption system, used in UPC cable networks.
Neotion SHL (formerly SkyCrypt or SkyPilot): (CA-ID 0x4a60) Based on the EuroCrypt standard. It is used by the provider FreeX TV .
NetUP Inc. (ip-tv conditional access system): (CA-ID 0x4AEF)
NOVEL_TONGFANG: (CA-IDs 0x4AF6 & 0x4B00 - 0x4B02) Used by Chinasat (for example hdcctv).
OmniKrypt: (CA ID 0x4ad4) Developed by Widevine Technologies, Inc. It is used by some adult TV channels .
Panaccess: (CA-ID 0x4AFC) German encryption system, in use e.g. B. at the Bulgarian provider The W1 (Neterra) at 0.8 ° West. It is also used by the PayTV provider Satelio, which offers German-language programming via Astra 4A 4.8 degrees East in Namibia, South Africa and other parts of Africa.
RAS (Remote Authorization System): (CA-ID 0x1000) Professional system, not intended for end users. Similar to BISS, no cards are used, only passwords.
RusCrypto (РусКрипто): (CA-ID 0xa101) Russian encryption system
Safeview: (CA-ID 0x4B00) Spain CA
ThalesCrypt: modified Viaccess 1
TROhyaccess / TROhyaccess 2.0: A new Russian encryption system that is used on various satellites. In addition to smart cards and CAMs, receivers with a built-in decryption unit are also used. Used by Black Sea Sat.
Viaccess "1" (version 2.3), Viaccess "2" (version 2.4 and 2.5) and Viaccess "3" (version 2.6): (CA-ID 0x05nn) TPS Crypt is used by TPS France, Viaccess 2.6 has been used by Swiss television (SF) since March 2008 .
Wegener Compel: HiFi system
XCrypt Inc.: (CA-IDs 0x4ad1 & 0x4ad0); Used by some providers on Hotbird.
CoreCrypt: no information
Z-Crypt: (CA-ID 0x5500); Russian encryption system
redcrypter: is now used at private tv hd
T-crypt
Bulcrypt: Used at Bulsatcom
Streamguard
Powerkey: (American cardless conditional access system is mainly used in north america, e.g. in cable tv and ip tv)
Wellfly
Viewcrypt
Exset
Novel Super TV

Individual evidence

↑ heise.de
↑ comvenient GmbH & Co. KG
↑ irdeto.com ( Memento of February 14, 2009 in the Internet Archive ).
↑ kundendienst.orf.at ( memento from February 29, 2016 in the Internet Archive ).
↑ DIGITAL +

[1] se.de

[2] venient GmbH & Co. KG

[3] rdeto.com ( Memento of February 14, 2009 in the Internet Archive ).

[4] undendienst.orf.at ( memento from February 29, 2016 in the Internet Archive ).

[5] DIGITAL +