Securing the Goal: Strategies for Live Sports Streaming Protection

Piracy is more than just a headache in the sports industry today – it has become a major source of revenue loss, especially during the past year when spectatorship was cancelled and live streams became more valuable than ever before. According to SportsPro, piracy costs the industry over $20B in lost media rights. To add insult to injury, polls show that 51% of sports fans use pirated services on a monthly basis, despite the fact that 89% of them already have a Pay-TV subscription. The bright side? Rightsholders and content distributors have access to powerful tools that can prevent and deter piracy at all stages of the workflow. Here are three techniques to implement if you want to safeguard the revenue generated by premium live sports content:

Multi-DRM: Your First Line Defense

Multi DRM is your first line of defense for protecting live and on demand streaming video. This content protection technique provides:

• Encryption of content
• Authentication of users and devices
• Certificate, session and key delivery

How It Works

During a live video stream, keys change on a regular basis (typically between every 30 seconds to one minute) in order to help create a moving target and make it more difficult for pirates to steal content. Your DRM system is what manages all of these different keys on the backend. In addition to managing keys, your Multi DRM system will also need to support the native DRMs of all the different devices your fans are using to consume your content, such as:

• Google Widevine
• Microsoft PlayReady
• Apple FairPlay

Supporting all of these different devices and keys can create fragmentation issues, which end up manifesting as black screens and long buffering times during the user experience. For these reasons, it is critical to choose a Multi-DRM solution that offers capabilities to meet the moment. A cloud-based DRM, which provides flexibility and scalability: The difference between IPTV and OTT live steaming sports is that with OTT, the broadcaster doesn’t necessarily know how many viewers will be tuning in. For example, if you’re trying to broadcast the Superbowl, you don’t know whether there will be 1 million people, 5 million people or 10 million people showing up within five minutes of the game. A cloud solution will be able to handle burst capacity of unpredictable demand. Monitoring and global availability: This is especially important if your live sports events are going to be broadcast out of multiple regions (such as the Olympics).

Watermarking: Keep Pirates from Stealing the Game (Literally)

While Multi-DRM is meant to authenticate users and devices, even those that are authenticated and authorized can still take part in piracy. Without the proper anti-piracy tools in place, a paying subscriber can dump a video out to YouTube or a torrent, or they can set up their own broadcasting solution and undermine your revenue by restreaming your content. There are three primary places where piracy happens in the video delivery workflow:

• Post-production to operator: This window is from the time the event is captured to when it is broadcast to an operator
• Operator to end user: This is where most piracy takes place, and it occurs when an authorized, authenticated user receives stream and pirates it out
• End user to unauthorized redistribution: It is not uncommon for entire networks to be set up by pirates with applications that look and feel just as legitimate as Netflix or ESPN. They collect money from viewers, insert their own ads into pirated streams and collect an enormous profit stealing your intellectual property and hard work.

Forensic watermarking helps operators identify where in their workflows the piracy has occurred. Depending on an operator’s needs, there are a few different types of watermarking technology that may be useful.

Watermarking for Different Use Cases:

Server-side watermarking: An example of this would be a highly visible message inserted into the stream of a game. This is injected on the distribution side and can be disruptive to the user experience. (Take, for instance, the example of watching an in-flight movie when a message pops up on the screen that says, “Property of Delta Airlines”). Though disruptive, this method does help identify exactly where in your workflow a particular watermark was applied. Invisible server-side watermarking:  This type of watermark is applied at the start of a unicast stream. As the video is being broadcast out from the CDN, you can apply a unique watermark to each stream that occurs. This means that even if two people are watching the same video content, each stream will have a unique watermark attached to the video content at the head end side. Device level watermarking: This applies either a hardware or software-based mark on the device itself. Device level watermarking is ideal for hospitality use cases, such as a user in a hotel room. The idea is that if you can identify the location of the device, the cannel and the time the piracy occurred, you can identify the culprit. Regardless of which kind of watermarking you use, the most important part of any anti-piracy program is ensuring that you can identify exactly where the leak happened in your workflow – down to the user, device, channel and time. When it comes to live sports, time is of the essence. Take, for instance, a soccer game. Broadcasters have about90 minutes to identify the information and decide how to act on it to prevent pirated streams from being spread too far.

Application Shielding: Guard a Vulnerable Risk Surface

Watermarking and Multi-DRM solutions protect the video itself, but application shielding protects the code and technology that provides it to your users. If an unprotected app is published in an app store, hackers can easily revert it back to source code, which allows a criminal to deconstruct and reverse-engineer your entire operation. Safeguarding this endpoint is critical to keep hackers from:

• Gaining access to valuable user data
• Disrupting payments and transactions
• Removing or replacing ads and undercutting your revenue

Application shielding solutions will encrypt and protect your app from being reverse engineered, and they will safeguard any private keys that you may have within your application that are talking to your back-end network. To put this risk surface into perspective, mobile app attacks increased 148% in 2019. We can only imagine that figure is even higher as a result of the pandemic in 2020. In Verimatrix’s recent analysis of popular Android media apps, we found that just within the sector of video streaming, only 14% had even applied the most basic of security techniques. All of that adds up to a profitable, easy target for hackers.

Protect Your Live Sports Workflow All the Way to the End-Point

As piracy techniques become more sophisticated and criminals learn advanced methods for attack, premium live sports content is at risk. Piracy has morphed along-side digital delivery of live sports content. As new streaming services enter the market and consumers view content on an increasing number of devices, protecting your hard-won customer revenue is essential. Pirates are more than happy to take advantage of security holes found in sports media properties to find the much needed content to run their businesses. Developing a solid, comprehensive security strategy is the only way to end piracy’s free ride on your business. Book a consultation with one of our security specialists to discuss your needs and develop an end-to-end approach to protect your live sports content.