Video content protection – Secure streaming

22
May/110

When publishing multimedia materials to targeted audiences on the web content owners need to have a degree of controls on their digital property.  There are several aspects to content protection and some of the main points are:

  • Protection from unauthorized access – which means to prevent people that do not have the right to view the content from doing so.
  • Authenticity validation – which means to prevent tampering with content and ensuring it’s “quality”
  • Protection of content from redistribution – which means to prevent people owning a copy from redistributing the content.

First I’d like to say that preventing a screen capture of video content is impossible and while there are techniques to make the capturing harder it is not possible to prevent it. Thus any  content shown on a user screen can be copied, often with a bit lower quality. Note that “a bit lower quality” is a lot less of a problem with HD video input.

Digital Mights Management () is a cumulative name of technologies(and other measures) that are intended to solve these issues, mainly the part of the control that cares about ownership i.e. purchasing or leasing of video file or access to a video stream. solutions most often are encryption based solutions. For websites it is also very important to prevent access to the content from other websites(hotlink protection) and many point of access control techniques are employed.

There are many different approaches to the problem of video content protection.  The most popular approaches are:

  1. DRM Encryption – in this case the content is encrypted and in order to access it you need to decrypt it. That’s all.
  2. Dynamic session token/key – the content is unencrypted, but you need a valid session key(like password) to access it.

The main security principle(for general content) is to raise the cost of stealing way above the cost of buying :) thus just encrypting video content is probably the worst approach as they can be decrypted and the cost to do that lowers with time.

Video files DRM

In the case with video files, these files are usually encrypted and you need to purchase, a digital key to decrypt the files. These digital keys are sold like tickets and you get access by using these tickets. There is a popular solution  by Microsoft Windows Media Rights Manager, which allows digital signing of Windows media Files. These however are practically unusable in a website because of the extra steps required and this technology works properly only offline.

Video stream DRM

Protecting a video stream is a bit different from protecting a video file.  There are several types of “streaming”. The so called “progressive streaming” is basically a file download which is performed while you watch the video in a web page containing a player. There is also the “true streaming” that streams video data in real time. For instance a video file(or progressive download) may be sent by one user to another by any means(email,p2p etc.) while a true stream cannot be sent that way.

The most popular way of video streaming – flash progressive downloads generally are not possible to be actually secured, only obfuscated to make layman copying harder.

Some basic obfuscation techniques are an easy solution to bandwidth theft also known as hotlinking. For example your content may be free but you don’t want other websites to show your content into their website while using your traffic. So making the download URL dynamic solves that problem. Stealing a whole player can be prevented by making a check if the domain of the page, in which is loaded the player, is allowed.

For live video stream(RTMP) security the above mentioned “DRM Encryption” and “Dynamic session key” are both used. In the case with flash there is a DRM solution by Adobe, which few websites use as it’s way too expensive. Most of the video streaming sites currently on the web use key/token/session/password type of protection to secure the access to their content. This generally works well for common theft, however there are solutions for dumping rtmp streams readily available for free on the internet. These stream dump tools even recognize the structure of the stream so using them to capture “protected” flash streams is trivial.

Shameless advert: We as a video hosting providers employ more flexible content protection scheme which provides higher level of protection by mixing encryption and making the access points more “dynamic”, that is not true bullet proof security, but you will not have problems with RTMPDump and other similar “tools”.

YouTube also does have an obfuscation scheme with some of the copyrighted content which is based on changing the file structure for their progressive downloads. It actually works pretty well, but is not easily achievable. Someone with enough knowledge in flash could revert that quite quickly(for a specific case), but those people are kind of scarce which raises the cost a lot :-)

There is also the iPad/ iPhone HTTP streaming. The iPhone streaming does provide a basic SSL certificate based security scheme. The problem is it’s useless for live streams and for on-demand streams it’s unsecure anyway. So with iPad/iPhone it is only plausibly possible to provide point of access security at this time. In short Apple has got all the buzz words, but little beyond words.

Video content security conclusions

  1. There is no total security solution. It is a balance between security, usability and cost efficiency.
  2. If you see it you can capture it. That’s it. No exceptions. Even technologies that change stuff in each video frame to make it harder to copy are useless after a few digital filters. Quality may be lower, but not necessarily much lower.
  3. Progressive downloads are saved to your browser’s temporary files cache and are plain files anyway. These cannot be really protected once access is given to play the file.
  4. True RTMP streaming is relatively easier to protect. There are DRM(really expensive), token based(easy to overcome but cheapest) and combined ways to protect a video stream.
  5. Anyone selling pay-per-view video content online should use some form of video content protection.

 

I have left many technologies and specific cases, that I’m familiar with, out of this article as I see them unimportant at this time and there probably are technologies and cases I don’t know of. Of course any comments are welcome as always. I will not discuss ways to steal video content publicly though.

0saves
Save
If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , , ,
Tagged as: , , ,
No Comments
Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.

Translator

Recent Posts

Sponsors

Tag Cloud

automated upload CDN codec content delivery network DIY video hosting Flash video flash video format free video hosting Google hd-lite hd streaming hd video Http streaming live video near hd on-demand video online video pay per view php streaming progressive download progressive streaming streaming streaming cost streaming format streaming hosting streaming network streaming prices streaming server streaming software streaming video true streaming upload large videos upload multiple videos video business video delivery network Video files Video Hosting video hosting plan video hosting prices video rentals video self hosting Video Sharing video upload VP8 web video

Categories