Card sharing

Card sharing, also known as control word sharing, is a method of allowing multiple clients or digital television receivers to access a subscription television network with only one valid subscription card. This is achieved by electronically sharing a part of the legitimate conditional access smart card's output data, enabling all recipients to gain simultaneous access to scrambled DVB streams, held on the encrypted television network.

Typically, a legitimate smart card is attached to a host digital television receiver, which is equipped with software to share the decrypted 64-bit "control word" key over a computer network, such as the Internet. Once a client receives this key, they can decrypt the encrypted content as though they were using their own subscription card.

The theory of card sharing as a potential attack vector on pay TV encryption was provided in the book European Scrambling Systems by John McCormac in 1996; leading to the term "McCormac Hack" to be used to describe early card-sharing systems.

Basic operation
The security of conditional access smart card technology is limited by the security of the DVB standard in which it operates. The standard practice of a legitimate smart card is to decrypt an ECM (Entitlement Control Message), which then provides the control word, which allows the viewing of scrambled material. With card sharing, however, the smart card and its security features are bypassed; software intercepts the decrypted control word and allows the user to share it across a computer network.

Pirate decryption
Card sharing has established itself as popular method of pirate decryption. Much of the development of card sharing hardware and software has taken place in Europe, where national boundaries mean that home users are able to receive satellite television signals from many countries but are unable to legally subscribe to them due to licensing restrictions on broadcasters.

Because the length of the complete control word is so small (64 bits), delivery of the control words to many different clients is easily possible on a home internet connection. This has sparked the creation of sharing network groups, in which users can access the group by sharing their subscription cards with the group, and in turn, being capable of receiving the channels which all users' cards can decrypt, as though the user owned every single subscription card connected to the network. Other networks have also been created, whereby one server has multiple legitimate subscription cards connected to it. Access to this server is then restricted to those who pay the server's owner their own subscription fee.

Multiple receiver use
An arguably legitimate use for card sharing is the sharing of the control word within a home network, where the subscriber is authorised by the subscription television network to decrypt their signal, using one smart card. Content providers usually provide means for viewing channels on a second smart card, provided at extra cost. An example of this is Sky Multiroom, used in the United Kingdom. However, in some cases the contract between the subscriber and the content provider implicitly or explicitly prohibits this kind of card sharing.

Countermeasures
Card sharing is a particular concern to conditional access providers, and their respective pay-TV companies, as well as the DVB consortium. Card sharing utilises the integral scrambling system of the DVB standard, DVB-CSA, meaning that every provider of scrambled DVB content has potential to be affected by it. In response, several counter measures have been implemented by various parties, with the aim of permanently preventing it.

Technical
One technical method, implemented by providers such as Irdeto and NDS, is to update the software of digital receivers provided by the subscription television service. This software implements a further decryption layer, held within the receiver. Rather than sending a plain text control word from the smart card to the receiver's microprocessor, which can be intercepted, the decrypted ECM will in fact be an encrypted control word, which can only be decrypted by a legitimate, non card sharing capable, receiver. A simpler method, used by several providers, is to simply increase the frequency of control word changes. With changes occurring as frequently as once every few seconds, extra stress is put onto the smart card sharing system, meaning that clients may be frustrated by short, frequent, missed viewing periods. Another method gaining traction is "Card pairing". Effectively linking the card with the connected device (e.g the set-top box, CAM module or TV's decoding chipset) and locking the card to be used only on that device.

Legal
One significant problem for internet card sharing is that the activity can be traced, through tracing of the originating IP address - though this does not identify an individual it can lead to a specific ISP and/or TV service subscription. Cases of criminal charges have been brought against card sharing hosts. In August 2009, a Liverpool man was prosecuted for re-selling the services of a card sharing network to paying customers. It was the first such case of its type in the UK. Two further raids occurred in the UK during early 2011, instigated by UK Cable Operator Virgin Media.

DVB-CSA3
In 2007, the DVB Project approved and began licensing a new scrambling system, CSA3, for protecting DVB content. This new system, upon implementation, will attempt to eradicate many of the flaws with the original DVB-CSA system, including introducing an AES based 128-bit key system. The system will reportedly be "hardware friendly and software unfriendly", indicating that reverse engineering of the system, required for the creation of card sharing applications, will be very difficult.