And if it is possible, why has it been decided to keep using a smart card for this task? I will be grateful if you can provide some practical examples on how to bypass the use of a smart card (if possible).
328k 60 60 gold badges 795 795 silver badges 965 965 bronze badges asked Sep 4, 2013 at 20:14 Israfel_21 Israfel_21 399 1 1 gold badge 3 3 silver badges 3 3 bronze badgesA satellite TV system must face the following challenge: it is one-way. The receivers cannot do anything but receive; they cannot emit anything.
The generic problem is known as broadcast encryption. In practice, things go that way:
Thus, a given decoder will just wait for the blob which contains K encrypted with his card-specific key Ks, and use the card to obtain K and decrypt the stream.
When a subscriber is no longer a subscriber (he ceased to pay), the publisher simply stops sending the blob containing K encrypted with the corresponding Ks. The next time K is updated (it happens several times per day), the ex-subscriber is "kicked out".
In older times, media publishers had the habit of doing everything "their way", which means that they designed their own encryption algorithms, and they were very proud of them, and kept them secret. Of course, such secrets were never maintained for long because reverse engineering works well; and, inevitably, these homemade encryption algorithms almost invariably turned out to be pathetically weak and breakable.
Nowadays, the publishers have begun to learn, and they use proper encryption. In such a situation, the only recourse for attackers is to clone smartcards, i.e. break their way through the shielding of a legally obtained smartcard, to get the Ks of that card. Breaking through a smartcard is expensive, but not infeasible, at least for the kind of smartcard that are commonly used for such things; it requires a high-precision laser and an electronic microscope, and is rumoured to cost "a few thousands of dollars" for each break-in. Attackers do just that.
Publishers react in the following way: with traditional police methods. The cloning method is worth the effort only if thousands of clones can be sold, as part of some underground market. Inspectors just masquerade as buyers, obtain a clone, see what card identity the clone is assuming, and deactivate the corresponding subscriber identity on the publisher side, evicting all clones of that card in one stroke.
From what I have seen, the break-clone-sell-detect-deactivate cycle takes about two weeks. It is more-or-less an equilibrium: the non-subscribers who accept the semi-regular breakage of connectivity are in sufficient numbers to maintain professional pirates, but they are not numerous enough to really endanger the publishers' business model.
We may note that Blu-ray discs are a much more challenging model, because readers can be off-line and must still work; and though each Blu-ray reader embeds its own reader-specific key, there is not enough room on a Blu-ray disc to include "encrypted blobs" for all readers in circulation. They use a much more advanced algorithm called AACS. However, for satellite TV, the simple method described above works well.