Monthly Archives: October 2009

Farncombe Consulting proposes replacement for DVB Common Scrambling Algorithm

Farncombe Consulting Group, which hosts this blog, has published a second White Paper on TV Conditional Access (CA), which proposes a possible replacement for the DVB Common Scrambling Algorithm (CSA).

This is the hardware-based digital TV encryption technology mandated under European Law and which underpins today’s DVB-based pay-TV sector.

Farncombe’s in-house video security experts think it’s overdue for a replacement, arguing that – although it was introduced for the best possible motives in the early 1990s – the technology now raises serious commercial, regulatory and technical concerns for the digital pay-TV industry.

For instance, they point out, the CSA was designed for an era when operators were keen to avoid their content being distributed to PCs, and where broadband did not exist as a distribution medium. But neither of these factors apply today. This means operators are saddled with a technology which makes content distribution more difficult, and is not only already vulnerable to piracy but poised to become increasingly so.

In the White Paper, Farncombe accordingly proposes a next-generation replacement for the CSA, based on a ‘toolkit’ approach which mixes both hardware and software elements.

This will take time to implement, however. In the meantime, operators who upgrade their installed receiver base without addressing the security flaws in the CSA approach risk wasting their investment. Farncombe notes that the nature of this weakness is such that it only takes one hacked receiver to allow control words to be fed over broadband to any legacy DVB STB and enable pay-TV content to be pirated.

This implies that the industry needs to introduce a replacement as soon as possible.

A PDF of the new White Paper can be obtained from Farncombe by clicking here (or by pasting the following URL into your browser: and filling in a simple registration form. Farncombe will then personally send you a copy.

Sky Player extends to Fetch TV and Windows 7, but restricts premium content rights

With Sky Player in the news over its deal with FetchTV, as well as with the Windows 7 Media Center, I thought I’d take another look at the platform. I had installed it on my PC when the product was originally launched, but was rather worried at the instability it seemed to introduce, and subsequently removed it.

I was particularly interested in how my rights to view Sky content via DTH would be replicated online. For background, I am a Sky HD subscriber, with my old Sky+ PVR consigned to the bedroom as part of Sky’s Multiroom deal. In other words, the entirety of my Sky package can be viewed and recorded on either my living-room or my bedroom TV (barring HD programmes, of course), with the same content potentially viewable simultaneously on both.

Just as with the BBC’s iPlayer, you don’t need to download software to watch programming – you can watch it through your browser. However, the download experience, which uses secure peer-to-peer software from Kontiki, should offer better quality playback, depending on the quality of your broadband connection.

Anyway, this is how it works. When you first install the software, Sky registers that PC by default as your main one. You are in fact allowed to install the software on up to four different devices (although Sky is somewhat ambiguous on this point: both in the licence and at one place in the Sky Player website, it says you can only install the software on one device, which is clearly wrong).

‘Device’ includes ‘X Box Player’, but let’s assume here we are talking about PCs. Defining one PC as your main one means that PC has more rights than the others: for instance, you can only watch Sky Movies and Sky One programmes on that computer. Moreover, you can only change the range of registered devices (and that includes changing which one is designated as the main one) once every 30 days.

This is the first major way in which rights are more restricted in an online environment than the satellite TV one, since Sky Multiroom in principle allows you to watch exactly the same content on one STB as another – viz. that content you’ve paid your subscription you to watch.

The second way in which rights are more restricted is that Sky Player does not allow you to view the same content simultaneously on two devices – even if we’re talking about non-Sky Movies and non-Sky One programming. Multiroom doesn’t stop this happening.

The third way is that it restricts the storage time of the programme. For instance, I can, say, keep a copy of Stargate Universe on my two Sky+ PVRs (HD and SD) for as long as I wish to. On Sky Player, it’s currently restricted to six days.

These features underline a general trend in digital media: once you move out of a traditional broadcast or physical media environment, you’re usually allowed to do less with the content you’ve paid for than you were before.

This is particularly relevant in the Sky Player example, since the platform also allows non-Sky subscribers to sign up and pay to watch Sky programming – without a satellite subscription, for roughly similar costs. Presumably, this is the model about to be extended to Windows 7 Media Center and Fetch TV boxes.

So although users have the extra benefits of being able to watch catch-up and on-demand TV, in terms of what you can do with the content, it’s an inferior experience. Such restrictions could be viewed, perhaps, as a way of encouraging consumers to trial the service online before upgrading to satellite. It’s also worth pointing out you can’t get HD quality online.

What’s really interesting about Sky Player, though, is that all these sophisticated controls are being applied to premium content using software-based security protection, without the need for a smartcard. Those with long memories will recall that Sky’s online service had to be temporarily suspended back in 2006 after the Microsoft DRM system it uses was compromised – something which has never happened to the smartcard-based NDS VideoGuard system used on Sky’s satellite platform.

But in a way, the fact that the online service bounced back so quickly proves the point: a two-way always-on environment in which content security software can be dynamically upgraded (or even completely replaced) over broadband in the event of a breach doesn’t require a hardware-based conditional access solution.

Indeed, as Farncombe – the company which hosts this blog – argued in a recent White Paper, hybridisation of broadcast platforms and the Internet suggests the traditional pay-TV industry will gradually move towards software-based solutions for this reason. These can offer a higher level of security than hardware-based ones if properly configured.

More on this topic on Monday, when Farncombe will release a second White Paper on Conditional Access.