September 23, 2019

Achieving a High Level of Security in CPE Devices

Security has always been a priority for CPE vendors, service providers and consumers. Broadcasted content, personal data privacy and access to home network devices will always need to be protected against piracy and network attacks.

As the industry progresses to make CPE devices the epicenter of service delivery – from broadband to wireless connectivity, to entertainment and IoT services – these devices must implement a high-level of security to protect a complex ecosystem.

Securing the home gateway

Technicolor home gateways embed a bootloader that verifies all data read from flash into RAM before it allows it to execute or before it is used in trusted operations. This verify-in-RAM process is our current “maximum security” solution, but our security process is much broader.

Indeed, our home gateways are built with an overall software architecture that includes an end-to-end security mechanism by design: from bootup, firmware upgrade, and gateway configuration to the installation of applications via lifecycle management.

Securing gateway applications

The gateway can run several applications that enable new customer services in the areas of data analytics, home automation, roaming and others. These applications can be provided by 3rd party companies or by the operator and they typically require regular updates, independent of the firmware itself. That’s why a high level of security must be implemented to protect the core firmware from the applications, making sure the core functionality of the gateway is not affected, in order to ensure service continuity.

Securing the home network

The firmware on the gateway has a complete configurable firewall, protecting the home network, the devices and their content from unauthorized remote access.

Also, another layer of security is brought by our HERO partner CUJO AI, that is available as part of Technicolor’s software offer. It is a multi-solution AI-driven software that analyzes vast amounts of network data and uses proprietary machine learning algorithms to detect and block:

  • attempts to access undesirable or illegal content
  • malicious actors and threats to all devices connected to the network
  • attempts to track online activity
  • malicious activity invisible to customers but representing operational threat or service abuse

A security-focused development process

Technicolor embraces a rigorous three-step security check during its development to reduce the risk of vulnerabilities:

  • During development every code contribution is verified overnight for security breaches; developers are automatically notified.
  • During validation before customer acceptance, the complete code is validated by a dedicated security team in both open box via code review and closed box with penetration testing.
  • Even when products are delivered, a dedicated team tracks software components and technologies used in the products and continuously checks for security vulnerabilities.

At regular intervals, the products are validated by independent 3rd party security labs.

 

Securing the Set-Top-Box

We have developed a unique expertise in securing the STB, working for years with all market leaders in this field – such as Nagra, ViaccessOrca, Irdeto, Verimatrix, Playready, Widevine, Synamedia, etc. – reinforcing our leadership among the very few STB vendors who have qualified CAS implementations.

One of our key success factors is the integration of our DVB stack with the highest level of security required by all these major CAS makers and Google. Combined with our generic Android TV platforms, this standardization effort allows us to detect and solve security issues well in advance and to be more agile.

And to make sure we deliver the best security possible, our STBs regularly pass the tests of an independent security lab.

We use cookies on our website to support technical features that enhance your user experience.

We also use analytics & advertising services. To opt-out click for more information.