Re-Evaluating OTT/Streaming Security: Part 2 - Security Evolution Under Streaming
Streaming changes the security profile for broadcasters, video service providers and content owners, reducing some long-established threats while bringing new ones. Streaming also brings threats to consumers themselves, some of which in the case of paid services are the responsibility of providers, when privacy is compromised for example.
Other articles in this series:
Old security threats such as smart card cloning may have abated in the streaming era but new ones more than make up for that, extending the risk profile across the whole distribution domain to include consumers themselves. Streaming exposes the video services business to the gamut of cybersecurity threats shared by all internet users, with the additional concerns around revenue theft from unauthorized access to content, or illicit redistribution by pirates who may themselves be legitimate subscribers. Now the threat surface is being expanded further by the advent of 5G Mobile Broadcast/Multicast, which will give broadcasters and content owners access to a plethora of new devices for distribution of popular linear and live services.
There was a lot of buzz around 5G Broadcast at the recent IBC 2023, but little mention of security implications, some of which are positive because in broadcast mode there is no uplink and no access to the internet. Even in multicast mode the uplink can be confined to responses needed to manage access to the video service itself.
At the same time though deployment of 5G Broadcast and Multicast will extend the threat surface by reaching so many more devices. At IBC this year there were discussions about the impact of 5G Broadcast in the context of full convergence between streaming and traditional linear TV distribution ordained by standards such as DVB-I, the latest version of which had just been released.
Under DVB-I, which is being deployed or trialled by a number of European broadcasters, viewers can find and watch TV content transparently, irrespective of the delivery medium. They need not be aware of whether it is delivered over terrestrial, satellite or cable linear broadcast, or any kind of broadband network including fiber, telco DSL, or indeed 5G.
But as the DVB has admitted, it does amplify the risks above those existing within the linear domain alone. It presents more scope for service impersonation, which can enable identity theft if users enter their credentials into a counterfeit offering. Exploiting the broadband arm of the service, an illicit DASH adaptive bit rate streaming (ABRS) service can be created that appears to users as an existing broadcast service. The DVB points out that broadcasters need to upgrade their security procedures to maintain checks on integrity of their offerings, making sure that the linear and OTT arms match, and that includes 5G.
Service providers also face some entirely different threats arising from the ability to reach more diverse viewing devices, and those are exacerbated further by the extended range offered by mobile services. The service provider may not have the rights to deliver to particular device classes that are not reached by linear distribution but only over broadband, so that requires additional checks during distribution. The service provider may also lack rights for certain geographical areas reached by the broadband arm of their service but not linear, imposing yet another additional burden.
Some content owners may also insist on use of DRM for online distribution, or IP based geoblocking to ensure that location-based rights are upheld. Service providers are therefore increasingly subject to security requirements imposed by third parties for content they do not hold rights to.
Distributors may also be at least encouraged by rights holders to employ forensic watermarking to protect against unauthorized redistribution of the latter’s’ assets. This is most relevant for live content, especially premium sporting events. Use of watermarking can allow infringing sources to be identified quickly enough to shut down such streams of valuable live content while the event is still going on, minimizing business impact.
There are several options for watermarking, especially the choice between client and server-side insertion of the marks, as well as a balance between robustness against counter actions, video quality and latency. These issues will be discussed in a future article dedicated to watermarking.
Another threat to revenue with streaming is unauthorized credentials sharing, where subscribers give their login details to friends, or even sell them. This has become a major issue for Subscription VoD providers such as Netflix, which revealed early in 2023 that 100 million households were sharing accounts at the service, "impacting our ability to invest in great new TV and films."
This is a delicate issue for SVoD providers, which will become increasingly relevant for many traditional broadcasters. Since it raises a number of specific issues, both commercial and technical, it will also be covered in a dedicated article. Netflix itself has been, like other SVoD providers, reluctant to impose a draconian crackdown that could prove counterproductive by annoying subscribers who did not indulge in this practice. A variety of products have come along that attempt to help service providers lure their infringing subscribers away from credentials sharing by offering more attractive top up packages that allow legitimate access by friends and family.
For many FTA (Free To Air) broadcasters, online content has until now often been provided free, without requiring entry credentials. Apart from the password sharing issues, introduction of paid streaming services extends various threats such as invasion of privacy and identify theft to customers.
There is therefore a growing onus on video providers to help their subscribers guard against threats such as account takeover, credentials stuffing, and brute force attacks. Account takeover exploits stolen credentials to access a user’s account and then changes passwords so that they are locked out, while being then in a position to launch further attacks as “legitimized” users. Credentials stuffing is a subset of this category where multiple usernames and passwords are tried on a large scale until matches are found. Such attacks can be based on credentials obtained on the dark web, which is now a major repository of stolen identify information.
Brute force attack is a further variant involving continuous trial and error against a given particular log-in page, calculating every possible permutation of a password’s characters.
All these attacks can be countered but require investment and vigilance. Choice of stronger passwords can be applied but that means enforcing such practice on users and imposing regular changes. Multiple factor security can be employed to avoid reliance on passwords alone. Two factor security comes automatically when access is gained from smartphones because the device itself can be verified via the SIM card before the subscriber enters a username and password or PIN.
The third factor then often employed is a biometric one such as face or fingerprint recognition, something the user is as opposed to owns or knows. All three factors together provide much greater insulation against threats to the user.
However, such measures offer much less protection against piracy, which is the biggest and most existential threat to streaming, of concern both to distributors and content owners. This threat has increased with the growing availability of high-resolution content over the internet that is more susceptible to effective capture and transmission.
Educating users about the illegality of piracy has been tried, as has making content more readily available and affordable via legitimate subscriptions. But these can only go so far and have to be reinforced by technical and legal measures.
Encryption is obviously one key measure, countering theft of content during transmission through man in the middle attacks and other methods. Use of HTTPS (HyperText Transfer Protocol Secure) is recommended because this incorporates strong encryption).
Content is often though misappropriated in the clear after it has been decrypted. Several important measures need to be taken to bear down on that, the first being control over domains from which video can be played back or downloaded. This entails maintaining a list of trusted domains and prohibiting video from being accessed via others. The objective here is to combat pirates who embed stolen video on unauthorized web sites from which users can gain access without paying, or just paying the pirate.
Geoblocking also has a role to play by blocking content from countries where rights have not been made available, or where there is less legal jurisdiction over illicit redistribution. Geoblocking can be applied to whole video platforms in more extreme cases by filtering emails or IP addresses, or at the content level where the concern is more to protect individual valuable assets.
These steps can be reinforced by use of dynamic tokens by service providers that have embedded the video in apps or web sites. Then the user’s video player has to obtain a new token from the provider’s server at regular intervals such as every five minutes in order to continue viewing. This helps guard against attacks that bypass those other controls such as domain restriction and geoblocking, by enabling content cross checking, which will usually be automated.
Otherwise good system hygiene can play a role, especially regular updates of client software and careful management of free trials, which themselves have proved a source of abuse. A lot of content misappropriation has occurred within free trials when pirates can gain access temporarily without having to enter any credentials that give them away. Again, combating free trial abuse requires imposing some constraints on users that may deter some future potential paying customers, such as entry of credit card details.
As always then streaming security involves trade-offs, seeking the right degree of protection that minimizes inconvenience or annoyance to legitimate customers, while finding the optimum point in the curve plotting cost of the measures against loss of revenue through abuse. Such loss can result directly from theft of revenue generating content but also through reputational damage in the event of major breaches.
You might also like...
Designing IP Broadcast Systems - The Book
Designing IP Broadcast Systems is another massive body of research driven work - with over 27,000 words in 18 articles, in a free 84 page eBook. It provides extensive insight into the technology and engineering methodology required to create practical IP based broadcast…
Operating Systems Climb Competitive Agenda For TV Makers
TV makers have adopted different approaches to the OS, some developing their own, while others adopt a platform such as Google TV or Amazon Fire TV. But all rely increasingly on the OS for competitive differentiation of the UI, navigation,…
Demands On Production With HDR & WCG
The adoption of HDR requires adjustments in workflow that place different requirements on both people and technology, especially when multiple formats are required simultaneously.
Standards: Part 21 - The MPEG, AES & Other Containers
Here we discuss how raw essence data needs to be serialized so it can be stored in media container files. We also describe the various media container file formats and their evolution.
Broadcasters Seek Deeper Integration Between Streaming And Linear
Many broadcasters have been revising their streaming strategies with some significant differences, especially between Europe with its stronger tilt towards the internet and North America where ATSC 3.0 is designed to sustain hybrid broadcast/broadband delivery.