Open in app

Sign in

Write

Sign in

Video Content Protection: AES-128 Encryption & DRM Solution

Kavirajan ST
AV Transcode
Published in
6 min readJul 24, 2019

--

In this fast-growing video streaming market, protecting video content is a major challenge.

Before going deep into video content protection, I’ll explain in detail about the VOD market, VOD providers, their business models and then finally where this video encryption is needed, how important it is and how it is implemented, etc.

The VOD market estimated as US$ 43.9 Bn in 2017 is expected to reach US$ 87.1 by 2025 end with CAGR of 9%.

The video-on-demand services have completely transformed the traditional TV through its unique features which allow the users to experience exclusively on-demand video content, high-quality video content through broadband or mobile networks.

VOD Content Categories:

Video on demand allows to you watch movies, TV programs, web series, live concerts or shows, music, live video feed from the satellite, etc. VOD provides a wide range of video content that falls under entertainment, films, sports, and educational programs, etc.

VOD Services & Business Model:

Services like Netflix, Amazon Prime, Hulu, Hotstar, Spotify, Apple Music, etc provides access to digital media on computers, televisions and mobile devices, irrespective of time, and place to their end-users.

Any VOD provider must ensure the safety of their video streams. Because the more secure the stream is protected, the more guaranteed the revenue growth can happen.

Video Monetization

When we talk about generating revenue through video streams, there are various monetization models like

  • Transactional Video on Demand (TVOD)
  • Subscription Video on Demand (SVOD)
  • Advertising Video on Demand (AVOD)

Importance of Securing Video Content:

When you have a VOD site and your business model is to generate revenue through the video content, then protecting your videos should be the primary focus. If the video content is easily accessible to steal and copy, anyone can take ownership of the video content without your knowledge.

As a result of this here are a few things that might make your business go down.

  • Drastic reduction in the premium subscribers due to the new pirated source which is available for free of cost
  • Less audience visiting your VOD platform because when they already have a copy of your source to watch the video
  • You’ll be responsible for the infrastructure cost of the video stream contents because of the traffic from someone else’s site where your video content is embedded
  • On the internet there are free online tools available, using which the video content can be easily downloaded and redistributed in various forms like uploading on other sites, seeding in torrents, sharing via external storages, etc.

Let’s discuss in detail about the ways to protect the video stream and how it can be achieved.

Some of the basic security measures that are followed traditionally.

  • CORS (Cross-origin resource sharing) — It’s a security mechanism which restricts the sharing of data to another domain but can permit particular domains if needed.
  • Tokenization — Token authorization ensures that your data stream is accessible only by a particular audience who has the token. With token authorization, you can make the playback URL unavailable after a particular period of time in order to limit the access to the approved IP address. It can also prevent the URL from being shared by unauthorized links.
  • Paywall — Paywall is a system which is designed for monetizing the digital content. It controls access to the content by pay based limitations to prevent the web page from being viewed by everyone.

AES Encryption:

AES (Advanced Encryption Standard) is a cryptographic cipher algorithm using a block size of 128 bits (abbreviated as AES-128) encrypts and protects the premium content.

AES-128 is the only publicly available encryption algorithm that is recommended by the NSA (National Security Agency) uses a known, external piece of information, called a key, to uniquely change the source data.

This algorithm supports on-demand, live or DVR streaming. The encryption key which is needed to encrypt the videos is created using OpenSSL.

To decode the encrypted data, key files requires an initialization vector (IV). For security purpose IVs can be changed periodically. The recommended standard for encrypting media source is to change the key every 3 to 4 hours and as well as the IV after every 50 Mb of internet data usage.

This AES encryption enforces all the users to go through the main playlist to decrypt the data using the key. This security logic allows the users to access the content only those who have the key. Without this key, the content is not accessible by any third party delivery service.

Why AES-128 alone is not enough to protect the data even if it is considered highly secure?

Even though AES-128 is one of the most secure methods to encrypt information, for video streaming, just the AES-128 alone cannot guarantee the complete security of the media content. This security level can’t protect the premium content.

Complete protection can be guaranteed only when the key cannot be accessed by unauthorized elements. When the content keys are exchanged without a secure way, AES-128 is insufficient for content protection because the key itself is disclosed to the hacker.

AES Encryption with Authentication Tokens & Signed URLs:

By adding this extra layer of security, the content keys are hidden and made accessible only to the authorized users. The authentication tokens and signed URLs relies on token-based authentication mechanism by rotating the key every n minutes.

Once the authorized user receives the key it can be easily shared to an unauthorized user. Even if the key is rotated every 15 minutes for data security, there are chances of breaching the security within that key rotation period.

Digital Rights Management Systems (DRM) Level Security:

DRM is one of the most secure ways to deliver content. It separates the decryption key from the content and the entire decryption flow is managed in a secure black box which is not directly exposed to the authorized user instead the header file accompanying the video file contains metadata about the encryption mechanism used.

The metadata from the video file is received by the Content Decryption Module. The CDM creates a license request using the header metadata and is sent to the remote license server. Once the request is received, it returns a detailed license with the content keys. Then the CDM decrypts the content using the content keys. Once the decryption is done the video content is available to the user for playback. Encryption Media Extensions API securely handles these license request and the license information which are not accessible to the user.

Some of the commonly used DRM providers:

  • Widevine (Google) — Chrome, Firefox, Android
  • PlayReady (Microsoft) — Edge, IE, Windows Phone
  • FairPlay (Apple) — Safari, iOS

Some of the drawbacks of DRM solution is, it is expensive and complex to implement the process.

Conclusion:

To protect the video content we have seen in detail about various types of security measures like AES encryption, AES with tokenization & signed URLs then finally the higher level of security DRM. Even though there are multiple options to protect the content, still they are ways to steal the content. In such cases protecting the video content is a tough challenge.

In order to overcome all these scenarios, a unique code must be embedded in the video. So that if the video content is taken and uploaded on some other channel it can be tracked easily from which use the video is taken.

Security
Aes Encryption
Drm
Video Encryption
Vod

--

--

Kavirajan ST
AV Transcode

Written by Kavirajan ST

97 Followers

Infrastructure Solutions Architect | FOSS Enthusiast. Practical Knowledge in AWS, Azure, Kubernetes. Connect with me here https://www.linkedin.com/in/kavirajan/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams