Adopting a comprehensive security framework is key to dealing with today’s security incidents

Security SSP
Let’s face it, news of a hack to part of your content delivery infrastructure is not what you want to hear. But, in today’s hyper-connected global marketplace, the risk is very apparent.

By Tim Pearson, Sr. Director Product Marketing

Even with the best security in place, hacks do happen and when they do, they can have a direct impact on those running video services.  As showed with the Widevine L3 hack back in early 2019, the reality is that certain security technologies or implementations do become compromised over time–and in particular, software based DRM implementations like Widevine L3.  To address this, the use of multiple security layers as part of a comprehensive security framework provides a smart approach to managing security incidents with increased flexibility.

In this context, securing OTT streaming is no longer a single player game.  The ecosystem has become incredibly complex with many contributing actors (content owners and distributors, service providers, business backend providers, security solution providers, DRM technology providers, encoding/ packaging/ CDN technology provides and device application developments) and security needs to be considered across the whole ecosystem. While many providers are becoming increasingly security aware, some still do the minimum and face difficult situations when there is a security incident.

Identifying the right security framework is therefore key and should form the core of a security strategy with enough capability within it to mitigate the risks.  For its part, NAGRA has created Active Streaming Protection (ASP), a framework that continues to evolve as the threat landscape develops – more recent additions include anti-piracy and anti-fraud features.  The ASP framework allows service providers to select the relevant security elements from a comprehensive list according to their business need–for example, this could include better compliance with content owner streaming protection requirements (content protection) or improved protection against issues such as account credential sharing (service protection).

At the heart of the ASP framework is NAGRA’s advanced multi-DRM module tightly integrated with Secure Session Management with DRM heartbeat. Allied with other core modules such as multi-platform Device Authentication Service (DAS), Account Sharing Detection and Prevention and CDN Streaming Protection these modules interact to provide a multi-dimensional approach to content security.  This means that, in situations where there is an issue outside of the operator’s control, such as the Widevine L3 hack, a range of mitigation measures can be taken, such as:

  • Enhanced device authentication across all device types
  • An alternative DRM or implementation level of existing DRM for devices where this is possible
  • Revoking of devices, device models or DRM versions based on blacklisting
  • Activation of a key change (mainly for live streaming)
  • Activation of a key per track to separate content keys for SD, HD and UHD tracks
  • Overriding of existing usage roles

The adoption of such a framework means that service providers not only have a broader range of tools through which to manage their businesses on a daily basis, but also have the necessary arsenal to counter any threat to their service that is beyond their reasonable control.  Thus, when any third-party breach or hack occurs, operational teams can react, mitigate and ensure that the most valuable asset, the content, remains protected at all times.

For more information on NAGRA’s Active Streaming Protection framework, click here or contact us at