conax_conax 19/06/2016 11:51 Page 2
A closer look at Android
security
Android offers reputable security
in general, providing a robust
multi-layered security architecture
that is flexible and open. SELinux
(Security-Enhanced Linux) is
supported for the latest Android
versions, each app contains its
own dedicated user account for its
processes and apps run in a
sandboxed JVM (Java Virtual
Machine) environment. In
addition, apps can access only a
limited range of system resources
and unsigned apps can be
blocked. Full disk encryption is
also supported.
While Android includes
reputable security architecture,
vulnerabilities still exist that
operators need to take into
consideration. Android’s high
popularity makes Android devices
attractive to hackers looking
actively to exploit vulnerabilities.
The more widely used Android is,
the greater the potential gains for
pirates and hackers.
Android’s open, exposed-tothe-Internet, environment in STBs
creates a vulnerability to hacking
that have the potential to shut
down the STB or potentially
hijack an operator’s STB platform
to blackmail the operator.
Hackers will aim to penetrate
open channels within the STB or
by inadvertent downloading of
apps containing malicious
software. If the Android
environment of the STB is
compromised, the broadcast
environment of the STB is also at
risk of attack.
The Android CDD and STB
security
One concern is Google’s
requirements for licensing
Android. The Android CDD
(Compatibility Definition
Document) can create conflict
with the security requirements for
hybrid STBs set forth by content
owners. These are conflicts that
can potentially lead to security
breaches that could pose serious
threats to broadcast operations.
Operators should engage the
expertise of a strong security
partner to guide them through the
necessary requirements of CDD
compliance while ensuring
platform security.
Security considerations in a
hybrid STB
Hybrid STBs enable both DVBbased traditional broadcast TV
and OTT services. The broadcast
environment of the STB and the
OTT environment of the STB
coexist within the STB and the
architecture of the box is such
that they are separated into two
separate environments, with a
protective wall between them.
The broadcast environment:
Pay-TV operations have specific
security needs and often include
premium content with strict
regulations for protection and
DRM compliance set by content
owners. Hybrid STBs
support both DVBbased traditional
broadcast TV and
streamed content
OTT. The traditional
broadcast
environment is
protected by the
operator selected
conditional access
solution preventing control
word sharing and illegal
content streaming.
Android environment: Hybrid
STBs, unless protected by walled
garden networks, are connected to
the open, unmanaged Internet.
This uncontrolled environment
makes it challenging to prevent
security breaches such as
DoS/DDoS attacks and malware
in apps. However, though the
Android environment is open to
the Internet, there are hardening
methods available to increase the
level of security provided by
Android.
Multi-DRM approach: The
DRM market is currently highly
fragmented. To enable a common
set of business rules for both
broadcast and OTT environments,
operators should employ a
flexible, unified security platform
to handle both environments. The
importance of protecting the
broadcast operation should not be
underestimated as it is the main
medium for premium content
delivery such as 4K/UHD movies
and live sports. STBs need to
manage multiple DRMs in one
device. Therefore, it is advisable
that future pay-TV platforms are
based on a flexible security
solution that reduces the
complexity of handling both CAS
and multiple DRMs for the
operator.
Separation –closing the
security gaps
Offering an extensive range of
features and functionality also
creates a large attack surface. So
from a security standpoint,
everything that is not necessary
for a functioning STB should be
locked down to limit potential
modes of attack. Operators should
preferably have full control of
apps used in the
operation. Because
this is not a likely
scenario when
using
Android,
operators
need to look
for other ways
to prevent the
security
breaches that
may come from
exposure to the Internet to ensure
the high overall level of security
required for their operations.
Despite these challenges, it is
possible for operators to offer
secure broadcast-OTT services
based on Android. This is done by
completely separating the
broadcast environment and the
heavily-exposed Android OTT
environment. However,
separation has its challenges. This
is described in the following
section.
Extra hardening of the
separation
The complexities of separation
show that operators cannot
“simply install Android” in hybrid
STBs. Experienced content
security providers can guide
operators in the task of ensuring
that the separation between the
broadcast and Android parts of
the hybrid STB is strong enough
to resist piracy and hacking
attacks.
Although current softwarebased separation technologies are
deemed to be adequate, these can
be compromised. Conax believes
that the separation needs to be
made stronger and offers a unique
hardware-based separation of
environments that is considerably
stronger than standard separation
solutions are available today.
Hybri