Motivation

Studies are currently under way in several countries, on ways to improve the security of conditional access systems used for television subscription, pay-per-view and similar services distributed to the home by cable television. The need for such studies immediately emerges when the security and viability of conditional access systems currently used in Europe, the United States and elsewhere is assessed.

Such an assessment shows the evident need to develop enhanced, better performing, piracy-resistant systems that would enable a cable television system to implement programme distribution to the home (be it a subscription or a pay-per-view service) with a security level adequate to make it commercially viable. Indeed, conditional access systems that were considered to be totally secure when they were developed only a few years ago for television distribution to the home, have been invariably "compromised" by pirates, who extract the conditional access enabling information and sell it at a fraction of the regular subscription fee.

Any conditional access system may eventually be compromised, irrespective of its sophistication, if the compromised enabling information can be sold to a sufficiently large base of customers.

It seems that a conditional access system will be more secure if the conditions below are met:

• the scrambling process is highly secure;
• the cryptographic algorithm is highly secure;
• the key and the entitlement information are changed at sufficiently frequent intervals;
• subscribers are divided into small sub-entities, each with its own key and entitlement.

The concurrence of these conditions makes it expensive to compromise the system, and it reduces the pirate's customer base, to the point where piracy is no longer economically viable.

Another very important aspect dealing with digital rights management that is related to conditional access is the provision of measures to prevent a distributed programme from being copied or redistributed, unless the owner of its intellectual property rights authorizes such copying or redistribution. Several approaches, which are not mutually exclusive, are being investigated to achieve this goal:

• The conditional access system could be designed in such a way as to separate viewing authorization from copying authorization. In other words it would provide a viewable output to those users that are authorized to view the programme, but it would provide a recordable output only to those users that are separately authorized to copy it. The issue is further complicated by the need of intellectual property holders to have various degrees of authorization, namely: no copy, one copy or any number of copies.
• The conditional access system could be designed to signal redistribution authorization with respect to the local environment (e.g., the home) in which the content was received.
• The conditional access system could be designed to signal redistribution authorization with respect to the personal authorized domain of the device that originally received the content (e.g., the devices belonging to a single individual or household).
• The conditional access system could be designed to selectively provide an output to a particular device that meets certain characteristics such as resolution or format of the reconstructed signal through a secure negotiation.
• The programme could be "watermarked" with a hidden coded information, which can neither be removed nor altered, and would identify the holder to the programme intellectual property rights, thus allowing to trace the history of unauthorized copies and take appropriate legal action against pirates.
• The programme could be "watermarked" with a hidden coded information, which can neither be removed nor altered, and would signal the usage rights associated with content.

• the specification of a highly secure scrambling system;
• the specification of a highly secure cryptographic system that can be implemented at a viable cost for programme distribution by cable television to the home, namely, in a mass-produced consumer premises equipment environment;
• the specification and generation of keys and an enabling information distribution system that has adequate protection, capacity and flexibility to serve the diversified requirements of various cable television systems and their various subscribers;
• the development of a set of guidelines on the optimal time interval at which the key and the enabling information should be updated, and on the optimal size of the subscriber population to which the same enabling information is assigned;
• the specifications for an application of the cryptographic system appropriate to implement protection against unauthorized copying at various levels of authorization (no copy, one copy only, any number of copies);
• the specifications for an application of the cryptographic system appropriate to implement “redistribution control” with respect to the local environment (e.g., the home) in which the content was received;
• the specifications for an application of the cryptographic system appropriate to implement “redistribution control” with respect to the personal authorized domain of the device that originally received the content (e.g., the devices belonging to a single individual or household);
• the specifications for an application of the cryptographic system to negotiate authorized transfer of content between devices within the authorized domain meeting signal format or resolution constraints
• the specifications for a highly secure watermarking system that would not affect the perceptual quality of the distributed programme.

Question

• What scrambling approaches can be recommended for digital cable television distribution to the home?
• What is the capacity required of a conditional access system for cable television distribution to the home, in terms of number of individually addressable subscribers or subscriber groups, etc.?
• What are the specifications for a (preferably unique) cryptographic approach appropriate to such conditional access system?
• What are the specifications for an application of the cryptographic system, appropriate to implement protection against unauthorized copying at various levels of authorization (no copy, one copy only, any number of copies)?
• What are the specifications for an application of the cryptographic system, appropriate to implement “redistribution control” with respect to the local environment (e.g., home) in which the content was received?
• What are the specifications for an application of the cryptographic system, appropriate to implement “redistribution control” with respect to the personal authorized domain of the device that originally received the content (e.g., the devices belonging to a single individual or household)?
• What are the specifications for an application of the cryptographic system, appropriate to implement “redistribution control” with respect to the signal output characteristics of the device that originally received the content (e.g., the devices supporting multiple output formats and resolutions)?
• What are the specifications for the (preferably unique) removable (e.g. ISO 7816, PCMCIA, etc.) or renewable (e.g. programmable secure microprocessor based) cryptographic device (e.g. smart card), if one is used in such a conditional access system?
• How often should the conditional access keys be updated?
• Which criteria should be used to time the replacement of the (removable or renewable) cryptographic device or of the enabling information in it?
• What is the optimal size of the subscriber population to which the same key and enabling information may be safely assigned?
• Can conditional access solutions developed for terrestrial and satellite broadcasting be used for cable television also?
• What are the specifications for a highly secure watermarking system that would not affect the perceptual quality of the distributed programme?
• What enhancements to existing Recommendations are required to provide energy savings directly or indirectly in Information and Communication Technologies (ICTs) or in other industries? What enhancements to developing or new Recommendations are required to provide such energy savings?

Tasks

Tasks include, but are not limited to the preparation of some draft new Recommendations providing specifications and recommended operating practices.

Depending on the contributions that will be received, and on progress in the preparatory activity of the Rapporteur, the studies should be completed by 2012.

An up-to-date status of work under this Question is contained in the SG 9 Work Programme.

Relationships

• Exchange of information with ITU-R Study Group 6 would be useful, to take into account possible parallel studies of Study Group 6.
  However, it is not clear at this moment whether it would be desirable, or indeed possible to develop a conditional access system, capable simultaneously and optimally to meet the different requirements of cable television and of broadcast television.
• Exchange of information with ITU-T Study Group 17 would be useful, to take into account possible parallel studies of IPTV security mechanisms that may be commonly utilized independent of the transport method that meet the timing and synchronization requirements needed by elements of the conditional access system.