Nagravision is a company of the Kudelski Group that develops conditional access systems for cable and satellite television. The name is also used for their main products, the Nagravision encryption systems.
Digital systems
Four versions of Nagravision are in common use for digital satellite television, known as Nagravision, Nagravision Cardmagedon, Nagravision Aladin and Nagravision Merlin. Nagravision Cardmagedon and Aladin are often confused with each other and used under the term "Nagravision 2" which technically does not exist. Nagravision Cardmagedon is, however, a complicated combination of Nagravision Aladin and Mediaguard SECA 2 encryption. Nagravision Merlin is also known as Nagravision 3.
The decryption unit is either integrated into a receiver, available as a conditional access module (CAM), or as one of many encryption schemes supported on a CAM emulator.
Nagravision has been adopted all over the world as a conditional access system, with providers:
* Bell TV (Canada) (Nagravision 3)
* Claro TV (Central America, Dominican Republic) (Nagravision 1 with MPEG-4 Encode)
* Digi TV (Romania Hungary Czech Republic Croatia Serbia Slovakia) (Nagravision 3)
* Digital+ (Spain) (Nagravision 3)
* Dish Network (USA) (Transition to Nagravision 3 was completed on 6/18/09)
* Dream Satellite TV (Philippines) (Nagravision 3)
* Look Communications (Canada)
* Numericable (Belgium, France, Luxembourg) (Nagravision 3 "Merlin")
* Polsat (Poland) (Nagravision 3)
* Sky/Premiere (Germany) (Nagravision 3)
* Reliance BigTV (India)
* StarHub TV (Singapore)
* Telenet (Belgium) (Belgium) (Nagravision 2)
* Tivù Sat, Mediaset Premium and Pangea platform (Nagravision 3)
* TV Cabo (Portugal) (Nagravision 3)
* UPC (Ireland) (Nagravision 3)
* UPC (The Netherlands) (Nagravision 2)
* UPC (Romania) (Nagravision 3)
* Via Embratel (Brazil) (Nagravision 3)
* Virgin Media (United Kingdom) (Nagravision 1 being phased out, currently switching to Nagravision 3)
* Top Up TV (United Kingdom) (NagraVision 3 "Merlin" swapped from SECA2 in 2008)
Initially all International channels including Pakistani channels were moved from N2 to N3, then Indian channels and in the third phase Adult channels have been moved. The rest of the channels were transferred to Nagra 3 on DishNetwork, on June 18, 2009.
Digital+ is the only provider using Nagravision Cardmagedon (and also Nagravision Aladin) after its adoption in March 2005.
The original Nagravision 1 is now almost obsolete after it was originally compromised in 1999, although Dream Satellite maintain relative security by changing keys several times throughout the day, causing great inconvenience to unauthorized viewers.
The Nagravision Aladin providers have been confronting the issue of satellite signal piracy and smart card piracy, since the system was publicly compromised in summer 2005. At first, security of the system was regained, with software revisions, manipulation of the Nagravision encryption algorithm, along with the phasing out of older cards, like the ROM101, ROM102, ROM103 in USA and ROM110,ROM120,ROM130 in Europe, in favour of the newer ROM142/ROM180/ROM182.
Card hackers have, however, continued to compromise the encryption system, with continued software and key releases being made available to the public. Software emulation of the Nagravision system has been implemented in many Free-To-Air Satellite receivers, allowing unauthorised viewing to those who do not own an official card.
Analog system
An older Nagravision system for scrambling analog satellite television programs was used in the 1990s, for example by the German pay-TV broadcaster Premiere and the Spanish pay-TV broadcaster Canal+. In this line-shuffling system, 32 lines of the PAL TV signal are temporarily stored in both the encoder and decoder, and read out in permuted order under the control of a pseudorandom number generator. A smartcard security microcontroller (in a key-shaped package) decrypts data that is transmitted during the blanking intervals of the TV signal and extracts the random seed value needed for controlling the random number generation. The system also permitted the audio signal to be scrambled by inverting its spectrum at 12.5 kHz using a frequency mixer.
Like with most smartcard-based conditional access systems, the smartcards used with the digital Nagravision system were repeatedly reverse engineered by hackers, which allowed the production of clone cards and "patched" receivers. However, the analog Nagravision system was the first widely used cryptographically controlled conditional access system that was broken in a way that bypassed the tamper resistance of its smartcard entirely and from which no recovery was possible by replacing all smartcards. The weakness exploited by this attack is the random seed value that is used to control the descrambling process. It is only 15 bits long and by the late 1990s, even low-cost home computers with frame grabbers were computationally powerful enough to try all 215 = 32768 possible permutations of video lines for each frame in real time. Software decoders were written that selected of this small number of possible permutations the one that maximized the similarity of neighboring image lines in the resulting image and displayed the result. The scrambling of the audio signal was not a cryptographically controlled process and could easily be undone using the same frequency mixer circuit used for scrambling.
