The Broadcast Knowledge

Video: Broadcast Content Protection

Posted on 12th February 2020 by Russell Trafford-Jones

With video piracy estimated to cost the US economy $29M a year and programming rights costing 100s of millions of dollars or more, there’s plenty of reason to look to technology to protect your content. There is a long history of copy protection for broadcast/linear content which is continually changing.

Graham Turner, who has worked extensively in copy protection for many years, gives us an overview of how pay TV works, a look at the different types of protection and a look back at the history to see what we can learn from the mistakes made since the late 1980s.

After explaining the many reasons different types of channels have to protect their content, Graham explains the fundamentals of content protection, encryption and decryption being central to protection discussing symmetric and asymmetric cryptography. He then discusses key length which is something we hear a lot of, but can be non-trivial to understand. After all, AES talks of 128 and 256-bit keys, whereas in other areas we hear 1024, 2048 and more. Graham shows how these relate to the different keys in symmetric and asymmetric cryptography.

Pay TV is the area of focus for this video whereby live decryption keys need to be available at the set top box (STB) in the home. For DVD copy protection, the key is already in the DVD player and revocation of the rights of that DVD player are difficult. For TV there is a path from the broadcaster to the receiver which allows for more reactive rights management. ECM, Entitlement Checking Messages and EMM, Entitlement Management Messages, are the ways in which these permissions are spread so we look at how these work.

The architecture of the STB comes in focus next as Graham explains how the decryption and describing fit together along with hardware security and software security. Naturally after the STB has decoded the video, there’s interest in making sure the delivery to the TV is also secure which is where HDMI’s HDCP comes in with HDCP 2.2 protecting UHD content. HDCP is a method of ensuring that recording devices don’t get to record protected video whereas TVs or display devices can. Fingerprinting and watermarking are two technologies which are also examined showing how they are useful, to an extent, in identification of footage though not directly useful in preventing piracy itself.

The video ends with a very interesting look at the various high profile hacks from the last 30 or so years examining what was broken and how – in particular whether the cryptography itself was broken or whether the attack succeeded due to a weak link in the chain of another part of the system.

Watch now!
Speakers

Graham Turner
Television Technologist,
Former Chair, IET Media

Video: Hacking ATSC 3.0

Posted on 11th February 2020 by Russell Trafford-Jones

ATSC’s effort to bring IP into over-the-air broadcast has been long in the making and its deployment in South Korea along with the ITU’s inclusion of it in it’s list of recommended digital broadcast standards is a testament to it gaining acceptance. But as US broadcasters continue with test broadcasts and roll-outs in 2020, what security problems arise when IP’s included in the mix?

Acting is a great network security primer, this talk from Texas A&M’s Wayne Pecena, explains the premise and implications of creating and maintaining security in your broadcast plant. Starting by documenting the high profile attacks on broadcasters over the years, Wayne hones in on the reasons they should care from the obvious, omnipresent threat of ‘dead air’ to ‘loss of trust’ which is particularly motivating in recent years as we have seen state actors move to influence, not disrupt the normal course of life, in low-key, long-burn persistent attacks.

The talk hinges around the ‘AIC’ triad, comprising confidentiality, integrity and availability which are the three core aspects of data to protect. Integrity involves ensuring that the data are not altered either in transit or, indeed, in storage. Confidentiality revolves around ensuring that access control is maintained at all levels including physical, network-level and application live. Finally availability encompasses the fact that if the data isn’t available to the people who need it, the whole thing is pointless. Therefore supporting the availability side of the triangle includes thinking about redundancy and disaster recovery procedures.

Wayne, who is also the president of the Society of Broadcast Engineers, explains some of the attributes of a secure system which starts with security policies. These are the outer layer of any secure environment detailing how the many other layers of security will be managed and applied. Other aspects of a secure environment are appropriately layered and segmented network design, to limit what is available to anyone who does penetrate part of a system, access controls and logging.

After looking at the IETF and IEEE standards bodies, we see how the standard network models overlay neatly on the ATSC layered model with networking in the centre of them all. This leads in to a brief introduction to ‘IP’ in the sense of the the IP protocol on which are based TCP/IP and UDP/IP, between them central to most network communications around the world.

As we see how a small hole in defences can be slowly changed and enlarged allowing the attacker to move forward and create another hole in the next layer, Wayne talks about the types of security threats such malware, denial of service attacks and, of course, inside threats such as your employees themselves being complicit.

As the talk draws to a close we look at how this plays out in the real world talking through diagrams of broadcasters’ systems and how mitigations might play out on premise before talking cloud security. As the threat model in the cloud is different, Wayne explains the best practices to ensure safety and how these and the other security technologies used on the internet keep ATSC 3.0 secure including TLS secure certificate and the use of DNSSEC

The talk finishes with a look at security in the home whether that be with the myriad of consumer media consumption devices or items from the ‘internet of things’.

Watch now!
Speaker

Wayne Pecena
Director of Engineering, KAMU TV/FM at Texas A&M University
President, Society of Broadcast Engineers AKA SBE

Video: Things Developers Believe About Video Files (Proven Wrong by User Uploads)

Posted on 10th February 2020 by Russell Trafford-Jones

For many transcoding workflows, efficiency or quality are the primary factors defining how they are created. But when ingesting user-generated videos like those uploaded to the online video platform, Vimeo, life gets difficult. Dealing with the wide variety of formats uploaded and the many edge cases in the way that otherwise normal AVC videos are delivered means throwing out any assumptions you ever had and analysing every aspect of the file.

Senior video encoding engineer, Derek Buitenhuis takes us through the many lessons he and his colleagues have learnt over the years. Don’t, he says, assume that properties don’t change between frames – sometimes they change in every single frame. Assuming that you have a single frame rate throughout the video is another ‘no no’ as there are many variable-frame rate videos.

Derek also looks at dealing with samples stamped with negative timestamps, the need for sample durations, the myriad of issues seeking through a file, the fun of having some frames that aren’t displayed and multiple-track videos.

Colour spaces, no surprise to anyone, cause handling difficulties for example if the bitstream colour properties are different to those in the container. As the talk finishes, we’re left considering old MPEG2 files that can have unavoidable banding, replicating looping MOV files, and dealing with QuickTime special effects channels that animate a fire on the screen.

Watch now!
Speakers

Derek Buitenhuis
Senior Video Encoding Engineer,
Vimeo

Video: Using AMWA IS-06 for Flow Control on Professional Media Networks

Posted on 7th February 2020 by Adam K

In IP networks multicast flow subscription is usually based on a combination of IGMP (Internet Group Management Protocol) and PIM (Protocol Independent Multicast) protocols. While PIM allows for very efficient delivery of IP multicast data, it doesn’t provide bandwidth control or device authorisation.

To solve these issues on SMPTE ST 2110 professional media networks the NMOS IS-06 specification has been developed. It relies on a Software-Defined Networking, where traffic management application embedded in each single switch or router is replaced by a centralised Network Controller. This controller manages and monitors the whole network environment, making it bandwidth aware.

NMOS IS-06 specification provides a vendor agnostic Northbound interface from Network Controller to Broadcast Controller. IS-06 in conjunction with IS-04 (Discovery and Registration) and IS-05 (NMOS Device Connection Management) allows Broadcast Controller to automatically set up media flows between endpoints on the network, reserve bandwidth for flows and enforce network security. Broadcast Controller is also able to request network topology information from Network Controller, which can be used to create a user friendly graphic representation of the flows in the network.

In this presentation Rob Porter from Sony Europe explains the basics of NMOS IS-06, showing in details how setting up media flows with this specification fits into the IS-04 / IS-05 workflow. Rob emphasise that all AMWA NMOS specifications are completely open and available to anyone, allowing for interoperability between broadcast and network devices from different manufacturers.

The next speaker, Sachin Vishwarupe from Cisco Systems, focuses on the future works on IS-06, including provisioning feedback (such as insufficient bandwidth, no route available from sender to receiver or no management connectivity), flow statistics, security and grouping (similar to ”salvo” in SDI world).

There is also a discussion on extension of IS-06 specification for Network Address Translation (NAT), which would help to resolve problems caused by address conflicts e.g. when sharing resources between facilities.

You can find the slides here.

Watch now!

Speakers