Protecting Your Assets: How Studios Secure Their Premium Video
A secure player helps to ensure that the keys for decrypting the content are protected. “There are ways that DRM can keep the video secure, but it requires more security in the actual chipset. There’s something called a ‘secure video path’ that some DRM and players can implement. This keeps the video safe all the way from delivery to decryption and playback,” says Nakano.
“Software tamper resistance is used to protect media players from hacking as the endpoint, which turns out to be a classic place that pirates will go to grab content,” says Shamoon. Not all players will use this “hardening,” because it takes extra resources to implement, but this makes content protection that much stronger.
“Security typically includes a multilayer approach. You start with the hardware root of trust and hardware key ladders when you have them available (e.g., on set-top box or TV systems on chips), then you apply a secure OS or security processor (or what is often called TrustZone or Trusted Execution Environment —TEE),” says Peterka.
“Lastly, you protect the software layer by applying techniques such as software hardening, tamper detection, debug prevention, root/jailbreak detection, memory protection, reverse-engineering prevention (aka obfuscation), etc. The last set of security tools is typically applied on the player or other software that cannot be protected by TEE,” he says.
Going Open Standard
Marlin is an open source DRM that works across multiplatform devices. It was created by Intertrust, Samsung, Sony, Philips, and Panasonic. This open source DRM solution is used more widely outside of the U.S. One customer is Tivù, an Italian digital satellite television platform that uses Marlin with its app, tivùon.
“Tivù secures the content available on tivùon with Marlin DRM. We chose Marlin because it is an open standard and since the beginning it was ready to go with DASH and MHP (multimedia home platform), and now with HbbTV,” says Alberto Sigismondi, CEO, Tivù. HbbTV is Hybrid broadcast broadband TV, which is both an industry standard and promotional initiative for hybrid digital TV to harmonize the broadcast, IPTV, and broadband delivery of entertainment to the end consumer through connected TVs and set-top boxes. “The value and quality of content available on OTT, even for free television, is gradually increasing in value. Video format (4K) and protection is necessary to host content from different sources and players. Moreover, a good DRM helps in the management of rights through different platforms and devices,” he says.
While supporting multiple devices is a big challenge, even if Marlin is the DRM of choice, cloud services are really what’s driving easier adoption by making access to DRM and content protection much more accessible. The cloud brings almost unlimited scalability to many systems, and this includes watermarking and DRM. “For instance, an OTT service may go from a midweek viewing load of a moderate amount of viewers, but Friday evening people want to watch movies so that demand goes up. Then Sunday night is the final match of the World Cup,” says Peterka. “Now you have 10 times or 20 times more subscribers than you have during the week, and the cloud allows you to kind of flexibly scale up and down your operation.”
“It’s all about performance and scalability. If there are 10 million people watching the Super Bowl and they all tune in at the same time, I have to distribute them keys at the same time too,” says Peterka. “The same thing with watermarking. I need to generate a unique payload and that’s something that streams in real time as all of these streams are being consumed. Again, I need scalability and this is where the cloud can help me as well.”
Peterka recently spoke with an OTT customer in the Middle East who is focused on user-generated content, but still decided to look at content protection. “It’s an experiment. They don’t know whether it’s going to succeed or not, so they don’t want to have a huge capital expenditure related to that,” he says. “So they decided to do everything in the cloud. They want to sell the service so they needed content protection. If it’s popular, we’ll keep scaling it up because that’s what the cloud knows how to do, and if it doesn’t work, we’ll shut it down and we made no huge capital investment into it.”
The route this content owner is taking is a good choice and the piracy protection fits within his business model. This OTT provider is using DRM by choice. However, that’s not always the case. There’s a standard questionnaire which is sent to anyone planning on licensing premium content which outlines the specific DRM requirements the provider must follow in order to meet their obligations to license content, says Levy.
The Live Piracy Challenge
Sports and other live content encryption happens in real time. “Individual sports content has a slightly different requirement. It doesn’t really help me if 2 weeks later I figure out who stole my World Cup games. I need to find out while the game is still playing so that I can shut down that stream and disrupt the pirates and the users that paid the pirates to watch TV illegally,” says Peterka.
Most of the watermarking companies do server-side watermarking. Each individual file has a unique watermark embedded in it by just-in-time packaging. “For VOD content, what’s usually done is you preprocess the video so that you can you can deliver a uniquely watermarked video to the end user,” says Nakano.
“The issue with live is that you’re probably going to introduce even more latency than what the service does now. To get around that, what you end up doing is client-side watermarking where the actual client inserts the watermarking,” says Nakano “It could be either integrated in the app or it could be integrated into a player.
“My iPhone and your Android phones are not very secure. I could actually take an app and probably deconstruct it. So that’s the only issue where watermarking makes it a little bit harder to secure,” says Nakano. “The best thing to do, which I think is a pipe dream, is go talk to each of these manufacturers—Apple, Google, and Microsoft—and put watermarking capabilities into the native player.”
Real-time forensic watermarking with DRM encryption for live streaming (click for larger version) (Image: BuyDRM)
Analytics and Analysis
Moving away from Nakano’s pipe dream, there are detailed analytics of who is viewing what captured by each of the companies we spoke to for this article. Security companies monitor the behavior of every single device and know the patterns of a typical digital video user. Through analytics, machine learning, and an automated approach to looking for patterns and anomalies, they can pinpoint users that are very likely stealing content.
“Because IP delivery is connected back to the operator, piracy prevention vendors are collecting all sorts of data about what viewers are watching. This could include, ‘How did I find that channel? How long did it take me to browse to that channel? Do I like that content, or am I going somewhere else? Or at what time of the day do I watch content?’” says Peterka. “So we collect all of that information and give it back to the operator so that they can analyze it.”
That’s a Wrap
“I think if you keep your subscribers happy and you give them all the content that they want at an affordable price, the need for piracy goes way down,” says Peterka. “From what I have seen in the hacking world, the three biggest factors of how much something gets pirated are the end-pirates’ willingness to pay for media in general, and the cost and effort of the legitimate channel vs. the cost and effort of the illegitimate distribution channels.”
DRM is a given now on all high-value content, and watermarking is helping bring another layer of accountability to those who implement it. “Moving forward, DRM and watermarking are going to be lockstep technologies,” says Levy. Watermarking will mean files must be processed just in time.
“I believe the entire CDN business will change dramatically over the next 3 to 5 years. The business of storing big large unpackaged objects on [Amazon Web Services] S3 buckets or Akamai NetStorage and caching them on different servers around the world will entirely go away,” says Levy. “Most customers will start to operate their own origin servers, like a unified server or a Wowza server; they’ll have a watermarking component in it from NAGRA, or [someone else], that’s how they’ll scale it. They’ll origin the files to the CDN and that’s how they’ll scale it.”
“I wonder about the economics of the costs of encoding (and decoding) each subscriber’s stream in order to individually watermark OTT media on a per-subscriber basis,” says The Remora. “If per-OTT-subscriber watermarking is achieved and combined with fast consequences applied consistently, that would seem to provide a real deterrent for first-world pirates and hackers.”
[This article appears in the September 2018 issue of Streaming Media magazine as "Protecting Your Assets."]
While publishers wait for a single content encryption system that works across all browsers, standards bodies debate the future of EME. Here's what rights management will look like in a post-plugin world.
How it works, the leading technologies, licensing options, business models, and pricing: This guide includes everything content owners need to know to secure their valuable assets.
The move away from plugins like Flash and Silverlight has made video delivery easier, but it's also made DRM more complicated. Here's what DRM looks like today, along with a discussion of the leading DRM technologies and DRM service providers
Looking to monetize your content directly through subscription or pay-per-download? Then you need to find the right DRM solution and figure out the best way to deploy it.
Companies and Suppliers Mentioned