Protecting high value media content is a major priority for any broadcaster working with OTT and VOD. In the previous article in this series we looked at the three challenges facing broadcasters and in this article we dig deeper into the remedies and methods for keeping content safe.
Encryption has been a staple part of broadcasting for nearly 30 years. From the primitive analog systems that involved inverting line and field syncs, to the complex smart card systems that facilitate enabling of individual set-top boxes, to the rise of viewer-supplied devices and connected TV. One of the great advantages of encryption is that we can assume anybody can copy the encrypted content but cannot view it without authorization.
Encryption isn’t new to the internet and has now become an established method of operation. To overcome password sniffing in TELNET connections a secure system was developed back in 1995. Later known as SSH, this is a cryptographic network protocol that stops any malicious parties from viewing data by sniffing and copying content between a user terminal and its associated server. This cryptographic method has stood the test of time and similar methods have found their way into modern HLS video streaming and HTTPS web site access.
The fundamental assumption is that anybody can see the data and copy it, however, the data is meaningless as it is encrypted and cannot be de-crypted as keys are needed to provide the necessary authentication.
Public key cryptography requires two keys: the public key, and the private key. The owner of the data creates the key pair, stores the private key and makes the public key readily available to other users. Anybody with the public key can encrypt their data, but only the holder of the private key can decrypt it. Therefore, the security of the system relies on the private key being kept secret.
This is useful if the broadcaster wants to validate the authenticity of the viewer when using insecure transport mechanisms such as the internet. When a viewer attempts to access the broadcaster’s content it uses a well-known public key issued by the broadcaster to encrypt their logon credentials, such as username and password. Only the broadcaster can decrypt the message as they have the private key. If a malicious actor intercepts the message containing the viewers credentials, then they won’t be able to view them. This gives the broadcaster a very high level of certainty that the user is who they say they are.
Maintaining Personal Security
There are some caveats here; firstly, it is assumed that the viewer has not allowed their username and password to be given to somebody else, and secondly, it is assumed that the broadcaster’s private key is secure and has not been compromised in any way.
As part of this exchange, the viewer has their own private key independent of the broadcaster’s key-pair and freely issues the corresponding public key. The viewer will often be oblivious to this process as it is an integral part of the security software running on their device. The broadcaster uses the viewers public key to encrypt messages back to the viewer. Again, as the viewer is the only person with their private key, only their device can decrypt the message from the broadcaster. When the broadcaster is sure the viewer is who they say they are, a token is then issued to the viewers device to prove they have the right to view the specific content. The viewers device then presents this token to the license service when requesting the playback license. The license service then verifies the token’s validity and issues a decryption key together with the playback policy for the content.
Media is encrypted before it leaves the content owner and users liaise directly with the content owner during authentication. This greatly reduces the risk for content owners and affiliates while giving the viewer a consistent and high quality of experience.
As hinted at earlier, the major flaw with this design is the security of the private keys held by the broadcasters. They have a massive responsibility to keep the private keys from being exposed or even being misused by disgruntled employees or anybody else.
Delivering Equitable Benefits
But there is an even better solution that provides a win-win for content owner, affiliate, and viewer. That is, the content owner both encrypts the content at source and manages the viewer authentication.
Giving content owners the power to encrypt their content at source removes much of the risk in the distribution chain. The content is encrypted before it is delivered to the affiliate and with the right design of playout system or streaming service, there is no need for them to decrypt it. It’s possible they may want to view the content for compliance, but this can be achieved with the same method used for the viewers. This method solves a whole load of problems very quickly.
Assuming the content owner now encrypts the content then the viewer will have to contact them directly to receive their decryption license. This can be achieved using the private-public key system and when authenticated the content owner can issue the playback license to enable decryption of the content directly to the viewer. Again, all of this interaction is achieved without the viewers knowledge and provides them with a seamless quality of experience, or QoE. The main difference now is that the content owner is uniquely responsible for the protection of their content, thus providing them with greater control and security.
Encrypting content is a relatively straight forward task and can be automated with very little human intervention, and different encryption keys can be generated for geographical regions and timescales. Furthermore, the content owner knows exactly who is watching their content so they can provide much higher reporting accuracy so charging to affiliates can be better detailed.
Higher Level Visibility
Having this level of viewer visibility helps content owners spot any anomalies in viewing patterns allowing them to identify malicious activity earlier. Because they have global visibility instead of only the more dispersed data available to affiliates, any potentially fraudulent use such as sharing of login credentials can be easily detected.
Another level of security that is better applied centrally is that of watermarking. It can be enforced at a regional level so that any attempts at piracy can be chased through the supply chain. Pirates have many options to steal content these days including recording high-resolution copies on good quality cameras, but the illegal copies will still have undetectable watermarks embedded in the content that can be easily identified by the watermark vendor.
Not only is modern undetectable watermarking applied to the raw video, it can also be applied to the transport stream and encrypted media. This makes watermarking and encryption possible in one pass and reduces the overhead for multiregional delivery.
In the midst of all this, the affiliate is still broadcasting and delivering the media but does not get involved with the encryption process or viewer reporting. Ultimately, the affiliates may need only the smallest of IT audit, if any at all. As the content owner starts with the premise that the encrypted media can be copied but not viewed or changed, the centralization of encryption, viewer authentication and reporting virtually removes responsibility from the affiliate.
From the viewers perspective, their authentication is happening in the backend of their viewing app giving them a consistent viewing experience. The affiliate will need to integrate their viewing software into the content owners’ systems, but well-engineered APIs can make this relatively straight forward.
APIs provide a convenient gateway for the affiliates to be able to exchange information, such as reporting statistics and even QoE measure (quality of experience) to help them build a consistent and reliable business model without the increased risk of the system being compromised with the associated liability. It’s bad enough having a security breach in a network, but then finding you’re liable for the leaking of multiple high-value movies would be unbearable.
Finally, APIs speed up the integration process as the same interfaces will be used by multiple affiliates meaning they are consistent and well-supported. Content owners or their security partners can build monitoring systems into their API gateways to detect security anomalies and further improve detection. For the affiliates this is a fantastic opportunity as they only need to focus on the software integration to facilitate their business model, and not be too concerned about the security of the media.
Maintaining High Technical Quality
From a quality point of view, the content owners increase their control over the quality of the media. Multiple bit rate delivery systems such as DASH and HLS rely on generating many versions of the media with increasing bit rates. Although this implies smaller frame sizes, varying the bit rate has the potential to reduce the video and audio quality to the detriment of the content owner and the viewing experience. Using the centralized encryption model, the content owners use their own compression systems to optimize their content and deliver the multiple bit rates to the affiliate. Again, this removes more responsibility from the affiliate and further reduces their risk as well as maintaining high technical standards.
Protecting highly valuable media assets is critical for content owners and sending their media into the Wild West of the internet is a great concern for them. Using centralized encryption, authentication, and watermarking helps content owners, affiliates and viewers equally. This is truly a win-win outcome for everybody.
You might also like...
As engineers and technologists, it’s easy to become bogged down in the technical solutions that maintain high levels of computer security, but the first port of call in designing any secure system should be to consider the user and t…
Despite Zoom fatigue, one thing that can be said for some of the more recent online industry gatherings is that they are bringing people together in a highly focused and some say more productive way. After nearly two years of…
TAG Video Systems takes advantage of over 70,000 globally deployed probing points to give users the ability to dive deep into streaming content monitoring. The company anticipates more than 100,000 probing point deployments by the end of 2021.
In the last article in this series, we looked at why integrated monitoring is a necessity in modern broadcast IP workflows. In this article, we dig deeper to understand what is new in IP monitoring and how this integrates with…
The basic goal is for consumers of video services to be highly engaged. It is easy to say but hard to do. Yet it is at the core of being a D2C streamer. D2C requires a deep understanding…