EuroCypher (BSB)
EuroCypher was a variant of VideoCipher II which was designed for the ill-fated BSB (British Satellite Broadcasting) satellite service. The system was only used for a year and is now absolutely and completely obsolete, but it is interesting to look at from a historical perspective. This section is my attempt to explain a little about Eurocypher and its implementation, for the historical record.
Features
Eurocypher is a cardless, tier-based system, which is based around an ACM (access control module). It includes some 'value added' features which were relatively novel in the European satellite industry at the time.
Tiered access control system.
Channel access control is done with 256 tier bits.
The ACM performs a logical AND
of its tier bits and those transmitted in the channel ECMs. If the result is nonzero (the ACM and channel share at least one tier bit), then access is allowed.
Messages, both 'personal' and 'tiered' (ref: Bennett and Moroney, 1990 via 2014 EWHC 1559 (Pat)).
Personal messages are addressed to a specific ACM.
Tiered messages are addressed to a programme tier.
Display of the message can be forced, or the message can be stored for later viewing. Stored messages cause a 'message indicator' to appear on screen.
Message display can be for a fixed period of time, or indefinite.
Programme information – now-and-next and time remaining
Parental control data is included with the programme data
By default, BSB receivers have broadcaster-provided L
(language), V
(violence), and S
(sexual situations) flags (ref: 2014 EWHC 828 (Pat)).
The ratings configuration (a map from the ratings ID numbers to textual messages) was downloaded from over-the-air messages, allowing this to be reconfigured as needed by the broadcaster (ref: 2014 EWHC 828 (Pat)).
Circular regional blackouts.
The ACM's physical location is set when it is activated.
The CA data for a given programme includes regional blackout data: a location and radius.
The ACM calculates the distance from its programmed location and the regional blackout's location, to produce a distance. If the distance exceeds the radius (distance) set in the CA data, access is either allowed or disallowed depending on the policy set in the ECM message.
Integrated on-screen text display controller
General function
The CA function, in general, is a 'key ladder' system. This description is based on the Videocipher patent (US4613901A). Eurocypher is assumed to behave similarly.
Each ACM starts out with a Unit ID and a set of four Subscriber Key Seeds (seed keys). These are unique to each ACM.
The programme provider has a Category Address and a Category Key.
These are transmitted to each box individually when it is activated, or when the Category Key has been compromised.
Category Key is encrypted with one of the unique seed keys, and addressed to a specific ACM.
The channel transmits a Channel Key, which is encrypted using the Category Key.
Every ten seconds, a new Working Key (control word) is generated.
The final control word is sent to the DMAC descrambler IC, and used to descramble the audio and video.
Security
This scheme is secure, provided that the seed keys and monthly keys remain secure. The main risks to the system are:
“Three Musketeers” (3M). The ACM firmware is modified to remove the tier-bit checks.
Because all channels under one Category share the same root key, a basic subscription can be made to unlock all channels under that provider (except pay-per-view events).
The name comes from the Three Musketeers' motto: All for one, and one for all!. In this context, that means all (channels) for (the price of) one channel.
Cloning. If the seed keys and unit ID can be cloned from one ACM to another, then multiple ACMs can share a single subscription.
This of course relies on the original box remaining subscribed and undetected: an “unsubscribe” message sent to one ACM will cause all of the clones to unsubscribe too.
If the original box is unsubscribed, it will no longer receive key updates – so even if the subscription check is bypassed too, the boxes will lose access when the key is changed.
Channel or Category key cloning. The ACM firmware is modified. Channel or Category keys are dumped from a modified, subscribed ACM, and are distributed to others.
Owners of pirate receivers would enter the leaked keys using a keypad.
This is similar to attacks on D2MAC Eurocrypt: monthly keys were posted on BBSes and websites, for pirates to enter into their pirated smartcards using a keypad.
The ACM is responsible for generating the following menus:
The content of these screens is found in the ACM ROM.
DMAC/Packet packet IDs
Eurocypher was assigned Packet Index 0x88
, CAID 0x30
in the DMAC/Packet SI data.
ECMs, EMMs and programme information are likely sent via this data path, and forwarded to the ACM by the receiver.
Technical details
Technical information on the various parts of Eurocypher has been split out into separate sections for convenience:
References
I'm looking for copies of the following articles or papers – please email me at philpem@philpem.me.uk if you have a copy:
EBU Tech 3258-E: “Specification of the systems of the MAC/packet family”
Proposal For New Part 6 Of The EBU Specification For The MAC/Packet Family, published Oct. 1988.
BSB
DMAC/D2MAC (general)
Eurocypher
-
-
-
Bennett, C. J., Moroney, P., and Cutts, D. J. (1990), The Architecture and Security Design Goals of the Eurocypher System. In: Proceedings of ACSA 1990 “Conditional access for audiovisual services : 1st International seminar” (a.k.a.: Accès conditionnel aux services audiovisuels ACSA '90 ; actes des premières journées internationales). Rennes, France: CCETT.
Citations and quotes
Industry news
Digicipher
Per Chris Gerlinsky's 33c3 talk, there may be some similarity between Digicipher's data table format and SCTE-65. If Digicipher is based on Videocipher II, there may also be some data format similarity between them.
VideoCipher