Is CMAF the Holy Grail for Secure Streaming?
CMAF (Common Media Application Format) has recently emerged as a common format to unify the streaming world, eliminating multiple encodes and encryptions during content delivery. This also means it may enable the complete, secured delivery of content from the studio to the consumer device since no more edge conversion and sensitive re-encryption would be required.
But isn’t that something that DASH has been trying to enable for some time now? DASH emerged as standard as the OTT video industry was fully embracing adaptive bit rate streaming (ABRS), to unify the approaches of Microsoft’s Smooth Streaming and Adobe’s HTTP Dynamic Streaming (HDS). However, Apple has persisted with its HLS format. Given the huge population of MAC OS and iOS devices, content providers have had to maintain and deliver two separate silos of content. HLS requires video to be packaged in TS (transport stream) file containers, while DASH, although supporting TS, in practice normally uses ISO Base Media File Format (ISOBMFF) with a variant known as fragmented fMP4.
CMAF now has the backing of some of the major DASH players as well as Apple. It actually represents more of a jump for the Apple community than everyone else since the CMAF is almost identical to the DASH file container but involves a new type of container for Apple.
It still cannot unify online streaming at a single stroke but does take a huge stride forward.
CMAF, like DASH includes common encryption, a MPEG standard that seeks to unify the way content is encrypted while leaving the management of the keys to the DRM systems. At least in theory - in practice, there is a technical detail in the encryption that allows different variants. The detail is called the block cipher mode and adds data to the encryption to make sure the same content - when encrypted with the same key - looks differently. This is useful, as it adds security to the encryption; it’s just that there are different ways of achieving it. They are called CBC (Cipher Block Chaining) and CTR (Counter) and while there are technical differences between the two, they are not really relevant in the bigger scheme of things. The main difference however, is the existing support in deployed hard and software. To support these, different encrypted versions may have to be provided until the legacy fades in significance and the industry unlocks the full efficiency of a single, unified format.
When do you think we’ll have a single, generally accepted file format?