My colleague Olivier Biot recently discussed the risks of just using software security. An OTT service requires multiple layers of security that go beyond DRM. These security layers need to span operator back-ends, security platforms, devices and applications, packagers and CDNs – the key building blocks of an OTT eco-system. Within this ecosystem, there are always key topics that are hotly debated so it was no surprise that in a recent round of conversations, there was one consistent ‘hot topic’ - illicit access to CDN content. Such illegal access is not only creating additional cost for operators but is also putting them in difficult positions with rights owners. The good news is we have solutions to help but before we get to that, let’s look a bit deeper at the topic.
Focus on CDN Security
Since 2020, pirates have identified vulnerabilities with Widevine DRM that have allowed the retrieval of content keys that descramble CDN-hosted content – meaning pirates can illicitly access content. This vulnerability demonstrated a need for stronger CDN access security.
While Google deployed countermeasures against the threat, additional countermeasures were required at an operator level. These can include using keys per track, renewing encryption keys, securing CDN access, controlling stream sessions and forensically watermarking content.
Commercial Impact of Piracy
As a vendor we frequently discuss the commercial impact of piracy; in a research piece NAGRA authored with the Digital Citizen’s Alliance in the U.S. it’s estimated that piracy costs the U.S. market $1Bn per year – and estimations suggest a similar figure for Europe too.
In regards to a pirate’s illicit use of an operator’s CDN, the attacks generate additional CDN costs and as content continues to get syndicated to other pirates, costs can rise dramatically – both in terms of data usage, additionally required infrastructure and take-down costs - unless safeguards are in place.
What’s the Solution to Combat the Threat?
There have been some discussions in the industry through forums such as the CTA-Wave workgroup, of which NAGRA is a member, about the role of access tokens in CDNs to further secure content in conjunction with DRM keys. Conceptually, tokens provide another piece of information that’s required to allow the content to be played. However, they too can be copied, re-used and modified for illicit gain if not created in a secure way. Therefore, it’s critical that an end-to-end view is taken to ensure a full picture can be formed and an integrated security strategy created.
NAGRA’s Active Streaming Protection framework, works by utilizing several tools including comprehensive monitoring, which identify and remediate content and service-based threats. Aligning web monitoring and the operator’s own platform analytics provides the best possible view of the E2E security situation. For example, tokens can be generated and validated by our security platform and pre-integrated with several of our CDN partners for rapid revocation when required – and forensically watermarked content can then reveal the source of the leak. Other tools in the framework also have a role in securing the token and these include app security and session management. With an ever-growing range of devices to suit a variety of budgets, it’s impractical to secure each type – hence the focus on securing the streaming service app against attacks through app tampering, jailbreak and root detection services. Forensic watermarking the content not only helps to identify leaks but by linking the access token with both the watermark and secure session management delivers the necessary protection required to handle the complexities of OTT.
Helping Quantify The Problem via the NAGRA Security Assessment Service
NAGRA works with major video operators across the pay-TV and streaming industry to ensure both services and revenues remain secure. This continual dialogue means we understand the challenges facing the market today and are ready to help! Perhaps you are mid-migration to OTT or are launching an OTT service for the first time.
Contact us here to learn more, have a chat with one of our security experts or request our security assessment service that will identify any weaknesses in your current defenses; we’d love to continue the conversation.