den to the cable MSO and ultimately theconsumer.

Conditional Access in DCASAs a result, the FCC issued new require-ments to migrate to an open system thatwill support flexible, downloadable securi-ty services. The industry response has beenthe development of a new architecturecalled Downloadable Conditional AccessSystem (DCAS). PolyCipher is the cableindustry joint venture owned by Comcast,Time Warner Cable and Cox Communica-tions that has been funded to define thefirst incarnation of DCAS and is buildingan initial system using the architectureshown in Figure 1. Subscriber premisesequipment that is DCAS-enabled isreferred to as a “DCAS host.” DCAS isdesigned to be low cost to implement, andwill be suitable for eventual inclusion inthe cable-ready high-definition televisions(HDTVs), for example.

The downloadable aspect of DCAS is quitecompelling, as it provides an adaptablesecurity architecture that can be updated

he United States Federal Communica-tions Commission (FCC) has mandated amore open cable television system thatwould free the consumer from having topurchase or lease a set-top box (STB) froma single manufacturer or cable systemoperator. One of the problems that neededto be addressed was the number of propri-etary, incompatible conditional access(CA) systems that different operators haddeployed. The first attempt to meet thismandate led to the development of theOpenCable standard by CableLabs andthe creation of CableCARD slots in con-sumer electronics such as television setsand some digital video recorders (DVRs). ACableCARD provides subscriber and serv-ice authentication and encryption func-tions for the device it is plugged into,allowing the possibility to use a variety ofequipment from different manufacturerswith a given cable operator’s services. Thevolume of CableCARDs deployed has beenmodest to date, relative to the total num-ber of digital cable STBs, with over fourmillion CableCARDs sold. Factors such asthe choice of the expensive PCMCIA for-mat and highlicense fees to imple-ment the CA specifi-cations, as well asthe lengthy stan-dardization processto defineCableCARD, havebeen blamed for thissituation. Other fac-tors that have limit-ed adoption ofCableCARDs includea deployment modelthat included a visitto the subscriber’ssite by the cablecompany, to config-ure the CableCARDwith the necessaryuser credentials,which represented asignificant cost bur-

T H E A R M - E N A B L E D H O M E

The Future of Open Cable Systems:Conditional Access Migrates to DCAS

TAuthor:Mike Borza, Chief Technology Office,Al Hawtin, VP Business Development,Elliptic Semiconductor

Synopsis:The United States Federal CommunicationsCommission (FCC) has mandated a more open cable television system that would free the consumer from having to purchase or lease a set-top box (STB) from a single manufacturer or cable system operator. One of the problems that needed to be addressed was the number of proprietary, incompatible conditional access systems that different operators had deployed.

Recently, the FCC issued new requirements to migrate to an open system that will support flexible, downloadable security services. The industry response has been the development of a new architecture called DownloadableConditional Access System (DCAS). This article outlines one DCAS implementation that employs ARM TrustZone technology as its security foundation.

Volume 7, Number 2, 2008Information Quarterly [60]

Figure 1: Network architecture for DCAS systems

T H E A R M - E N A B L E D H O M E

Volume 7, Number 2, 2008Information Quarterly [61]

should the system be compromised. DCAShas the highly desirable property that sub-scriber authentication and key manage-ment and distribution services are separat-ed from the CA functions that secureaccess to content. A limited-capabilitySecurity Microprocessor (SM) optimized forthe first set of functions provides a highlysecure environment to store secret identifi-cation and authentication credentials. TheTransport Processor (TP) provides tradition-al decoding functions, including the CAdescrambling (decryption) capabilities.DCAS requires that both the SM and TPsecurity functions be upgradeable viasecure software downloads, eliminatingthe need for a subscriber site visit or hard-ware replacement to modify the securitydesign should it be breached by hackers.

The DCAS architecture slices the securitydesign into three distinct and largely sever-able pieces. There is a security designwhich encompasses the authenticationand validation between the DCAS hostand the Authentication Proxy, a securitydesign for the Transport Processor whichenforces confidentiality between contentdistributors and the DCAS host and finallya digital rights management (DRM) designto support authentication and encryptionbetween the DCAS Host and HDTV, DVRand other rendering and media processingdevices. These pieces of functionality willlikely be phased in over time. For example,the DRM element may be later deployed,after successful tests and consumer trials ofthe basic DCAS concept.

Evolution to Modern HDTV Set-topBox ArchitectureTraditionally, proprietary conditionalaccess functions were integrated into theSTB. With CableCARD came the possibility

to augment these proprietary CA systemswith portable security modules, liberatingconsumers from hardware lock-in. Now asdigital video, both standard-definition(SD) and HDTV, enter the market and areaggregated with other data services suchas Internet access and Voice Over InternetProtocol (VOIP) provided on the cable net-work, the architecture of the STB is matur-

ing significantly. Two-way cable andenhanced user interfaces allow moresophisticated service offerings, includingnetwork Personal Video Recorder (nPVR),Video on Demand (VOD), Movies onDemand (MOD) and others. Cable cus-

tomers are nowable to enjoyenhanced videoand audio pro-gramming, avail-able more readilythrough a varietyof subscription andpay-per-use pur-chase models andon a flexible sched-ule to suit con-sumers’ needs.Moving away fromprovider-based CAmodules to a modelin which the CA

system can be provisioned and managedflexibly over the network is one attributethat distinguishes DCAS. The flexibilityengendered in DCAS makes it possible formultiple CA systems, whether Mediacipheror PowerKey, to be simultaneously anddynamically supported, providing manydifferent services purchased by consumersfrom a multitude of sources.

A number of vendors offer SoC products forthe set-top box market. Architecture for amodern CableCARD-ready STB is similarto that shown in Figure 2. The securitymodel in STBs has become much more rig-orous and complex over the years, involv-ing several hardware security elements.These designs may be greatly enhancedthrough the use of the ARM® TrustZone®

security technology.

A number of security features are presentin this system. Security block number 1 inthe architecture is used to provide propri-etary CA decryption of media transportstreams. The transport stream source maybe a digital signal feed delivered over anetwork, e.g., QAM-modulated RF input orEthernet on an Internet Protocol (IP) input,delivered to a digital STB. The STB’s TPdemultiplexes and decodes the transportstream for the selected video/audio service.This medium speed encryption core

Figure 2: Existing CableCARD-enabled STB SoC block diagram

T H E A R M - E N A B L E D H O M E

Volume 7, Number 2, 2008Information Quarterly [62]

decrypts (or descrambles) the mediastream with the required cipher, typicallyDES or 3DES, depending on the countryand/or service operator the set-top box willbe used in. Bit rates for the cipher cores areapproximately 200 Mbps as multiple,encrypted HDTV streams are required inhigh-definition architectures.

Security block number 2 is more generalpurpose in nature and is usually tailoredto fit the specifics of the peripheralsattached to the set-top box. Decryptedmedia content derived from transportstreams may be sent out to a peripheral orhard disk on USB, Ethernet or through theSATA interface. This resource relies prima-rily on the AES cipher in modes such ascipher-block-chaining (CBC) or XTS (XEX-based Tweaked Code Book). AES mode,which is the new standard for storage secu-rity, is specified by the IEEE p1619 stan-dard. Peak rates through this part of thesystem security design can be very highbut are usually configured for a 400 Mbpsrate to meet the needs of USB 2.0 storagesolutions.

Security block 3 supports the HighDefinition Multimedia Interface (HDMI),and increasingly Digital TransmissionContent Protection (DTCP), links for securedistribution of media streams to devicessuch as HDTV monitors, surround soundreceivers and DVD recorders. These linkscan require very high-performance cipherscapable of supporting uncompressed HDvideo rates of up to 5 Gbps. The HighBandwidth Digital Content Protection(HDCP) cipher required for HDMI is capa-ble of supporting this bit rate and is oper-ated in encrypt only mode in the set-topbox.

Last but not least, security block 4 is thekey derivation and secure key storage facil-ity for the device. This block offers a publickey acceleration engine which speedsasymmetric cryptography used in keynegotiation and subscriber authenticationalgorithms. A hardware true randomnumber generator (TRNG) offers a contin-uous stream of random numbers, whichare required in many asymmetric algo-rithms. An Elliptic Key-wrap Module (EKM)is combined with on-chip non-volatile

memory to create a secure key repository,which greatly enhances the overall securi-ty of the SoC.

Designers can augment the security archi-tecture in software through the ARMTrustZone technology. TrustZone is aprocessor virtualization technology thatallows the segregation of processorresources into secure and un-securedinstances. Figure 3 illustrates the TrustZonemodel.

TrustZone technology offers designers theability to segregate sensitive information,such as keys and other security credentials,into a security partition that greatlyenhances the robustness of the securitydesign without adding significant num-bers of gates or memory. Before the arrivalof TrustZone technology, designers oftenimplemented dual CPU systems with oneprocessor designated as a general purposemedia processor for codecs, communica-tions and user interface, while the secondprocessor was configured as a secureprocessor, which ensured that keys andother secrets were only accessed by knownprocesses running on the main processor.This architecture is extremely secure butFigure 3: ARM TrustZone processor model

Figure 4: Secure bootstrap using TrustZone technology

T H E A R M - E N A B L E D H O M E

Volume 7, Number 2, 2008Information Quarterly [63]

has significant cost, software complexity,area and power overheads.

The obvious advantage to a TrustZone sys-tem is that there is only one processor, oneinstance of the cache and other overhead.ARM has implemented TrustZone througharchitectural extensions that include:• Secure Monitor Mode to provide a

“gate keeper” for access to secure state• Controlled entry points to the Secure

Monitor through a dedicated new instruction and exception trapping

• Secure bit in the core to control access to specified resources only when the processor is running in the secured state;

• Additions to the page tables in the securestate to limit access to secure memory only by processes running inside the TrustZone execution environment

• Cache that tags lines with security information to enforce security domain separation

• Security state exposed on the SoC bus topermit implementation of security-aware memory and peripherals

• Ability to carefully restrict and control debug access to secure software

With TrustZone technology, it is now possi-

ble to assign security resources and secretsbetween the unsecured partition and thesecured partition to enhance the security

design. Figures 4 and 5 illustrate the twodifferent views of the set-top box SoC archi-tecture that are available when TrustZonetechnology is used.

As is illustrated in the block diagram,when the processor is operating in securemode (Figure 4), the core may have visibil-ity to all the key contexts in each of thecores, the NVM keys and the phase 0secure boot loader which does the initialcryptographic verification of the bootloader and operating system stored inexternal Flash. Algorithms for mutualauthentication and key derivation are allrun in the TrustZone secure mode, and keystore memories are accessible only whilethe system is operating in this mode.

As shown in Figure 5, after the boot processis complete, the processor runs in missionmode and the NVM key store resourcesand boot ROM are no longer visible to theprocessor. TrustZone technology provides amailbox mechanism through which appli-cations access security resources, for exam-ple, to pass network data to the PKA blockto implement subscriber authenticationprotocols. The processor switches betweenits TrustZone-enabled mode and user spaceto provide access to protected cores.

continued on page 70

Figure 5: Mission mode processing using TrustZone technology

Figure 6: Block diagram of a DCAS implementation