Slashdot Mirror
Open Cable Standard Not So Open
Mike Hicks writes "A few days ago, I heard about the FCC approving new rules for standardizing digital cable in the US. This involved using a set top box or tuner integrated into a TV along with a smart card (much like digital satellite services). Unfortunately, it looks like the standard (believed to be OpenCable) is meant to tightly control the hardware and software that can be used, probably making any open-source implementation very difficult if not impossible. I seem to be having a case of deja vu"
Look, here's the deal. In the United States, the Set-Top Box (STB) market is dominated by Motorola and Scientific Atlanta. Between the 2 of them, they have about 90% of the total STB sales here. This is for mostly historical reasons, but the way they hold onto it now is that they have monopolies on the conditional access (content protection) systems, which are hardwired into the boxes.
The cable companies (Comcast, Time Warner, et al) want to open up the standards provided to set top box manufacturers so that consumer electronics companies (Sony, Samsung, et al) can compete with Moto and SA for the business, driving the prices for STBs down. STBs are one of the largest capital costs/subscriber acquisition costs for a cable company. The secondary goal (beyond lower STB prices) is moving the STB purchase into the retail chain, so that cable companies don't have to carry that burden unless they want to). The way they plan to do that is a conditional access module in the form of a PCMCIA card (more or less), which the user purchases or leases from their cable company, and repurchases or leases if they move with the STB they own.
So "Open" is only "Open compared to the current system, which is completely closed." It doesn't mean what the typical slashdot reader would think it does.
Now, if you had full control over the box's hardware, how difficult could it be to rig something up that grabs any channel you want it to?
Very difficult if the system is setup correctly and you have two-way communication plus neighborhood segmentation.
Step 1. Encrypt each block of channels on a neighborhood by neighborhood basis.
Step 2. Distribute smart cards with unique private keys signed by the cable company.
Step 3. Change channel block keys once per hour.
Step 4. Setup key distribution system whereby the cable box requests a new channel block decryption key once per hour using its private key to sign a request.
This system makes it fairly difficult to steal cable. If you try to clone someone else's cable box private key, the cable company will see a duplicate channel block key request.
You can't modify your cable box to ask for say, the HBO channel block key because your private key itself won't be authorized by the key distribution servers at your cable company.
You could setup an online key distribute system to dup your key out to other people in your neighborhood, but it would be limited to people in your neighborhood (since other neighborhoods have different keys).
Hell, this is how the wireless encryption/authentication WPA/802.1x EAP-TLS works come to think of it (minus the smart card itself since technically it isn't needed for anything but a handy storage device).
Of course I could be missing something obvious.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
No, you've missed the point! I wrote the email that was quoted in this article, so I have a vested interest in clearing this up.
OpenCable has gone through great lengths to decouple the decoding/display/application stuff from decryption and access control mechanism. Encryption and Access Control is handled by the cable company's POD (Point Of Deployment) module which will take the form of a removable PCMCIA card or similar. Each cable company could implement different encryption and access control systems by using different POD modules, so even if one system is hacked there would be others.
The main point here, though, is that you're not handing the "hackers" the "keys" to the decryption system any more than you are by giving them a modern digital cable box. It's just a shame to build a system that would otherwise be so perfect for an open-source implementation and then lock it down due to DRM (instead of technological) concerns.
Chris