The Focus on HLS Security, Part I
Just a few weeks ago, our team had the pleasure of attending IP&TV World Forum in London. As always, the conference proved to be an excellent indicator of the trends that are shaping the IP video services industry today. Perhaps the most prominent trend from our perspective (and the topic that came up repeatedly in meeting after meeting) was the proliferation of HTTP Live Streaming (HLS). We actually wrote an article on optimizing HLS security for Digital TV Europe’s IP&TV World Forum Show Daily, which we’ve excerpted below. Optimizing HLS security for Both Consumers and Service Providers The HTTP Live Streaming (HLS) adaptive bitrate protocol is rapidly gaining momentum as the standard streaming format of choice for over-the-top (OTT) video services across the broadest range of device types. However, while the HLS protocol incorporates a baseline security model for service delivery, it does not itself define a complete solution for streaming high-value protected content.
While the protocol as written includes a standardized encryption mechanism for each media chunk that employs industrial strength AES-128 CBC encryption and a framework for fetching the associated keys, this is not sufficient for the protection of premium content in a pay-TV setting as the basic protocol set up for key management is very lightweight and not subject to any kind of robustness regime that might protect valuable media. So what are the solutions available to enable commercial grade service delivery? Protecting key delivery using a basic HTTPS/SSL connection as advocated in the simplistic first generation implementations of delivery systems is a poor match for the expectations of both service providers and content consumers. Despite the encryption of the key while in transit, anybody who can isolate a URL related to the key server will have access to the keys since there is no client authentication, only server authentication. From an architectural standpoint, a simple SSL connection with server-only certificate authentication is a bad match for securing premium content video services as it was designed to secure transactions where the client had to be sure it was communicating with a trusted server before transmitting secret information (ie., passwords and financial data), as opposed to the server being assured that it is being contacted by a trusted client. Imposing ID and password protection on this mechanism denies the consumer the instantaneous gratification of simply turning on and tuning in. The architects of HLS, as defined in the IETF submissions, opened the protocol for security extensions, meaning that HLS can be extended with innovative security techniques to qualify for premium content licensing and to protect pay-TV services to iOS and Android devices, Windows and Mac OS computing platforms, connected TVs/STBs, and so on. The most essential security techniques commonly used in other pay-TV systems are client device authentication and subscriber entitlement management. Specifically, there appears to be a trend toward leveraging device authentication techniques, along with pre-existing authentication information, to help enhance consumer security and ensure a frictionless viewing experience for the consumer. In my next post, I’ll explore emerging security techniques that can be used to augment and enhance HLS. As always, we would love to know your thoughts. Please leave a comment or join our Multi-network Video Solutions discussion group on LinkedIn