Jun 7, 2018
Ron Keidar

How to keep Key Provisioning cost-effective and enable advanced security

Historical background: DIRECTV to SypherMedia

 

In November of 1999, DIRECTV made it a priority to create an in-house security team that would take ownership of broadcast and content delivery security. SypherMedia International (SMI) was formed by members of the DIRECTV Engineering and Conditional Access Group in August of 2003. Before SMI was created, the now SMI team along with fellow DIRECTV members were responsible for re-engineering the security approach of the Pay TV broadcast. This team eliminated piracy at DIRECTV and it has remained secure for more than 15 years.

 

SMI engineers designed and deployed the first key provisioning solution in 1999 at ST Microelectronics as part of the new DIRECTV security engineering team.  This was done so that DIRECTV could own and maintain control of the Set-Top-Box (STB) keys that secure DIRECTV’s network.

 

Today: Part of leading security IP company, Inside Secure

 

In November 2017, SypherMedia International was acquired by Inside Secure, the world leader in secure intellectual property, both in hardware and software, with worldwide market reach. Inside Secure is dedicated to expanding the dominant position in Broadcast Market to other markets like IoT and Automotive.

 

Thirteen major SoC/module manufacturers have entered into agreements with the company to provide our key provisioning services to their customers.

 

 

In addition, the company has provisioned keys for more than 60 companies.

 

Technical overview of Inside Secure Provisioning System: Clear advantages for customers 

 
Why Key Provisioning

 

Key provisioning is the process of inserting keys and other secure information that protect the different players along the SoC value chain.

 

Silicon vendors, OEMs and SW application vendors have different requirements, such as:

  • Who can open the HW debug systems;
     
  • Who can open the SW debug systems;
     
  • Who owns the SW image;
     
  • How to assure production of chip;
     
  • How PCB and products are all reported and accounted;
     
  • How to control features without complicating the logistics and eventually;
     
  • How to offer a cloud level API, that different OEM and cloud application could leverage for their security needs now and in the future.

 

This all starts with the Provisioning Server, which houses keys and data to be programmed into SoCs and client devices.

 

 

The system provisions keys at different stages of production flow including wafer-sort, silicon packaging, PCB assembly, device final tests, and finally at the on-boarding stage at the customer’s site.

 

A central database tracks the silicon through that process and afterwards, in-field, ownership tracking and end-of-life.

 

Horizontal vs. Vertical Solution

 

Key provisioning systems can provide control over a SoC or a product line. Along the years we have experienced many times how a Key Provision System is crafted into one vertical market, making the solution suitable to one or limited set of ecosystems and lack of freedom for participant to use their own supply chain, or support more horizontal ecosystems.

 

Inside Secure’s provisioning system is designed to be a horizontal Security as a Service (SECaaS) enabling IoT application servers to authenticate their devices, associate them to specific accounts and establish a shared secret for direct communication with the device.

 

Supporting multiple Markets with the same Hardware

 

The provisioning of unique secrets into the SoC at the OEM production line allows the support of any number of OEMs and Cloud vendors using the same SoC with full control of secure silicon features.

 

Each OEM injects its OEM ID and a different set of keys is derived per that ID. The SoC vendor derives a separate database for each OEM without risking exposure of the provisioned key by a competitor OEM.

 

Such OEM identity could be locked into a one-time-programmable (OTP) fuse and used in part to derive keys for that OEM. The key derivation model could be elaborated to resemble the relationships between the stake-holders and the ecosystem.

 

An extreme example of this flexibility is our solution with Smart TV OEMs. In that market a TV can support any broadcast channel and over-the-top (OTT) Internet streaming by deriving a unique key to each content provider. This is achieved by deriving a key for that specific provider and a SECaaS server allowing only that specific provider to get the key, removing the need for upfront provisioning for that specific content provider.

 

Hardware Protection layer

 

In few designs, software can be considered isolated; therefore, it could be sufficient to use software with Secure Boot and use no external memory bus to protect the secrets inside the SoC. However, in many cases software is not enough, and additional hardware is used to protect the secrets in the OTP. Inside Secure offers two IP cores to address that: the Root-of-Trust and the Programmable Root-of-Trust cores. Those IP cores allows operations with the key but not access to the keys. We will not discuss those cores in this document, but please follow up for more information.

 

Key Management System

 

 

The Inside Secure Cloud-based Provisioning Service is a client to Customer-hosted Device Enrollment Service. The Enrollment Service authenticates the device validity and passes the request for device key material to the Inside Secure Provisioning Service. The Inside Secure Provisioning Service responds with key material bound to the requesting device and shares the association with the customer-provided operations service. The key material is uploaded to the Inside Secure Provisioning Service via a Key Management System (KMS). A typical implementation of the key material is an X.509 certificate but the key material generation is flexible and can be tailored to a customer’s requirements.

 

The value of Inside Secure’s experience

 

Inside Secure offers an independent License Authority through its patented Provisioning System and Programming Service. Inside Secure through SMI, is the largest third-party Set-Top-Box key provisioning solution and service worldwide. Deployed in many silicon foundries with simultaneous support of many SoC products and SKUs, we can leverage the economy of scale to offer attractive terms. Our customers are STB makers, integrators, CAS and Broadcast providers, who always set a high security bar, position our provisioning solution with high quality and a high level of maturity, and readies us to take on new markets such as Automotive, Smart Cities, Smart Grid and IoT.

 

Audits

 

Inside Secure has successfully completed multiple security audits. We are proud of a recent security audit of our provisioning architecture by the security firm Farncombe, a Cartesian Company, where they state:

 

 “We regard the Inside Secure Provisioning System to be of a high standard making use of the most secure features of contemporary SoCs.”

 

Summary

 

Inside Secure serves small, medium and large broadcast operators who use our License Authority and Provisioning System to maintain control and flexibility of their content delivery service.  The operator’s security provider works with Inside Secure to use our base security infrastructure.  Many security providers enthusiastically work with Inside Secure and promote Inside Secure as their preferred independent License Authority and provisioning service because they are able to obtain security provider services from operators who desire this independence. 

  • Key Provisioning
  • Automotive
  • SoC
  • OEM
  • Key Management System
  • IoT