The first is content redistribution, where a pirate makes a high-quality copy of content after it has been legally decrypted and then redistributes it over the Internet. Second comes control-word sharing, where a pirate discovers a common key used to decrypt the content and distributes it via the Internet or other means. Third comes cloning, where a pirate replicates part of a device’s software or hardware such that control words can then be extracted and used to decrypt content. This replicated part can then be distributed, although the severity of this threat depends on exactly what part of the CA system has been hacked.
As Farncombe pointed out, cloning was the most common and serious of the three threat categories in the era of pure broadcast before the availability of mass broadband services. As Farncombe’s survey has revealed, the balance of risk has now shifted away from cloning towards control-word sharing. But, more significantly, the situation is about to change again as content redistribution becomes the biggest threat. This, in turn, reduces the advantage of hardware based security, for even if it does offer stronger protection against cloning, it does not help prevent redistribution.
This means that other forms of protection and detection become more valuable or even essential, with Farncombe identifying content watermarking, content fingerprinting and Internet monitoring as being three that will increasingly be deployed.
Watermarking embeds indelible and imperceptible data within the audio or video, and can be applied at any stage of content distribution, from creation to consumption on a device, designed mainly to identify the source of the content piracy.
Fingerprinting is different in that it allows the video itself to be identified by comparing some unique signature generated from a video segment and stored in a database before distribution with the one calculated on receiving the video. This process allows for automated and rapid comparison of multiple video streams on a single server. Then, monitoring involves various processes to identify and locate pirate activity, including behavioral analysis to seek anomalous network activity that might indicate piracy has occurred.