kooltek@iol.ie (Hack Watch News) writes:
The DSS smart card has been reverse-engineered for at least six months now and pirate devices are in the market. The encryption used on those systems is good but it does not stand up to a well financed attack.
This is indeed good news. I haven't followed the satellite wars for a while, and although I was aware that the earlier European system had been broken, I didn't know that the one used by the DSS folks had by now also met a similar fate. This is interesting, since the technology to do unbreakable encryption and authorization certainly exists. Perhaps the DSS folks should have brought in a few Cypherpunks as quality control consultants. :)
Using DES to encrypt the audio on the fly is an old technique and was used in the VideoCipher II system. Most of the more recent systems use a PRNBSG EXORed with the digital audio data stream.
Again, it's been a while since I looked at the industry, but I was under the impression that the VideoCipher II was still used by Satellite dish owners to receive CNN, HBO, SHO, TMC, and the rest of the ordinary analog pay cable channels. Has everyone now been forced to upgrade to something "new and improved?"
The problem of piracy will still exist on digital systems. The DSS system is a completely digital system and it too is hacked.
Digital systems eliminate the main drawback of analog ones for using cryptography, namely that there is no way to strongly encrypt the video and ship it out using the same modulation technique which originally encoded it. Once you have both audio and video streams in digital form, having ones encryption "hacked" is more a function of cluelessness on the part of those engineering the encryption and authentication mechanism than some latent vulnerability on the part of the technology. I'm really surprised that DSS got hacked, given that the hacking of the European digital system was well known while DSS was being constructed. Sounds like a very slow learning curve somewhere in the engineering process.
Admittedly some of the elements of security in the DSS are good, most can be rendered void by hackers. The problem for DSS is that the smart card they used is not secure enough. It was a Motorola 6805 type. What appears to be the pattern with the hacks on more recent smart card systems is an inversion of the original pattern on the simple analogue systems. The original pattern was that some hobbyists would figure out how to hack the system and then the hack would be commercialised. With the smart card hacks - the pattern is inverted so that it becomes a trickle down pattern. The professional hackers reverse and emulate the smart card and then the code is sometimes hacked from the emulator card and then distributed among hobbyists.
In a well engineered smart card system for authorizing individual viewers of a digital audio/video stream, each card contains a unique serial number and a random cryptographic key stored during the manufacturing process in a manner which cannot be obtained even by destructive reverse engineering of a particular card. The originating system then uses this information to embed messages in the transmitted data stream permitting individual cards to decrypt and recover the random and frequently changing session key with which the channel bitstream has been strongly encrypted. If such a system has been properly implemented, all the specifications for it should be able to be published without compromising it. Emulators for the software used in the cards shouldn't be a problem as long as serial#/key pairs for specific cards are not disclosed.
The most dangerous thing in all this is that the smart cards that have been hacked in Pay TV systems throughout the world are also used in other applications. The expertise and the knowledge of reversing smart cards is now more common in the Pay TV piracy business. There is always the possibility that these skills could be applied elsewhere.
Perhaps in the private sector, where snake oil abounds. I suspect military types do things a bit more cleverly than the prior scenario implies. BTW - what is the legal status of hacking DSS? It's not like cable, where you are tapping into a municipal service illegally. You own the dish, the decoder, and the photons with which the satellite is irradiating your back yard. Can the government really regulate how you choose to process photons found on your own private property with equipment you own? Have there been any test cases? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $