How safe is Data Encryption really? Where do you keep the keys to your secrets?

5 Jun

Motorola’s SecureMedia has recently announced another major client to its rosta, EONA the leading French provider of IPTV and video-on-demand software, for over 45 hotels and hospitals in 7 countries. French broadcaster Canal+ is not the only one to demand stringent new security measures: they are a prerequisite for many film studios, TV channels and broadcasters globally.

There is some debate as to the best location to store the encryption key for algorithm-encrypted data files of streamed content. Motorola’s SecureMedia advocates server-based rights control, and keeps decryption keys and user entitlements off client devices where it claims they are more secure from hacking.  It uses a range of data-encryption formats (RSA, AES, 3DES and DVB-CA), to prevent one successful attempt at cracking the crypto algorithm being replicated on multiple devices. The downside of this asymmetric-key, or private-key approach is that if its protected data-processing HQ were hacked, all the devices it controlled could be rendered useless. There was considerable furore around 2007, when cyber-thieves hacked multiple devices and broadcasting providers for the keywords giving access to video-on-demand and rights-protected content, exchanging them freely on web forums. No production company or streaming software was safe. As yet, the new wave of Digital Video Broadcasting (DVB) protocol-compliant content providers have not suffered a major hack in over three years, but technical developments must keep advancing to stay ahead in the game.

Other firms like Irdeto, whose customers include Adobe, Cablevision and Filmflex,  are pioneering techniques like watermarking. Watermarking can be used to identify content by embedding the identity of the content or its owner as a payload, which is the data embedded into the content as a watermark. This identification data cannot be removed without seriously impairing its visual quality. Another feature, of Irdeto’s Cloaked Conditional Access, uses whitebox (as opposed to blackbox) cryptography, which embeds the decryption code as a series of instructions in a series of tables that must be cross-referenced almost ad infinitum to solve.

I propose to contact the major content security providers, including NAGRA and Irdeto who have suites of tailored products for different needs, as well as Motorola and others like cloud-based Helix-Broadcaster, whose claims of ‘secure data encryption’ through a helix structure would also bear examination. I would question them closely to ascertain how they stand apart from their rivals. I would use this and previous research to write an analysis of the pros and cons of the various contenders. Preventing data theft through video-on-demand (hacking to artificially renew or steal subscriptions) and through over-the-top providers like Netflix and Hulu is a continuing concern, and intellectual property protection will become even more important as data is increasingly stored in remote terminals through the cloud, often in different countries.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: