Video: A 360-degree view on Video Piracy

There will always be piracy, but that’s no reason not to fight against it. And the entertainment industry always has, sometimes effectively, and sometimes farcically (such as the DeCSS debacle at the turn of the century). One of the traditional cat and mouse games, this set of short talks gives a rounded view of the types of protection, types of piracy and methods of detection.

Recorded at the Milan Video Tech meetup, Senior Consultant at, Andrea Fassina, introduces the first speaker who is Ilker Ürgenc from Akamai with a rounded overview of the threat service for programme producers, broadcasters and streaming providers who starts by looking at piracy rates around the world and its impacts.

When people talk about anti-piracy measures, their mind typically goes straight to DRM. DRM is the most ‘tangible’ aspect of content protection as most people have had to deal with it, or rather the consequences of not being able to watch something both at home and at work. But Ilker’s point is that the protection has to go much further than DRM. It needs to be about protecting against screen recording, against phishing and hacking the production systems or contribution streams. The whole chain needs protections which Ilker details as a protective ecosystem. His solutions, apart from IT best practices are fingerprinting, content watermarking and stream monitoring.

Next up is Matteo Freddi from CHILI who talks about protecting streams whether they be HLS, DASH or other protocols. He starts with outlining the DRMs compatible with the different Microsoft Smoothstreaming, HLS and MPEG DASH in terms of the streaming specifications before bringing us down to earth by looking at what’s actually supported by the different manufacturer devices such as Roku, Apple TV etc. Players are implemented either natively within an OS or through programming interfaces (APIs). APIs allow for a wider ecosystem of players, but they don’t offer some of the tight integrations OSes can provide. Further, Matteo explains how this also affects how easily they can process DRM.

Finally, we have Steve Epstein from Synamedia, who details the techniques which allow providers to protect against misuse of accounts, resharing and restreaming of content. Steve looks at techniques to minimise credential stuffing, watermarking and active monitoring of the streaming service in order to identify misuse of accounts such as multiple simultaneous logins, logins from different parts of the world.

Watch now!

Ilker Ürgenc Ilker Ürgenc
Senior Technical Media Solutions Specialist,
Akamai Technologies
Matteo Freddi Matteo Freddi
Head of Technology Operations,
Steve Epstein Steve Epstein
Distinguished Engineer – Analytics, Data Science, & Cybersecurity,
Andrea Fassina Moderator:Andrea Fassina
Senior Consultant

Video: The 2020 EBU Pyramid of User Requirements

There’s a lot more to IP-based production than just getting your video and audio streaming between devices. You need configuration tools, you need timing, there’s the management of the devices to consider and, critically, security. the problem is, working in IP is still new and many of the solutions are yet to mature. This means we still don’t have all the tools we need to realise the full promise of live production IP systems.

Back in 2018, the EBU embarked on a project to focus the industry on the gaps: The Technology Pyramid. This pyramid shows that although we, as an industry, had largely succeeded in defining essence transport over IP, this was only the ‘top of the iceberg’, so to speak, in what needed to be done. also known by its full name, “The Technology Pyramid for Media Nodes 2018”, it shows that everything is underpinned by security, upon that is configuration and monitoring, with discovery and registration built on that.

One important aspect of the pyramid is the green – yellow – red colour coding. When initially released, the only green was the transport layer, but this talk looks at the 2020 edition of the pyramid which shows that the time & sync, as well as discovery and connection, have improved.

We’re joined by Willem Vermost and Félix Poulin to discuss the problems the industry has faced to date and the progress made in making the pyramid green. Both previously with the EBU and now both with early-adopter broadcasters who are going live with IP systems, they are perfectly placed to explain the evolution on of the market.

Not only has the colouring of the pyramid changed, but the detail of what each layer constitutes has evolved. The industry has reacted with a number of specifications such as JT-NM TR-1001-1 and AMWA BCP-003. Willem and Félix explain the hidden necessities that have come out of the woodwork as the early adopters have fought to make everything work. PTP is a good example, being able to free-wheel without a PTP clock for 5 minutes and then join back without a glitch has been added to the list of requirements. Time stamping and lip-sync have proven tricky, too. Intermediate processing steps place their timestamps over the original timestamp of when the media was captured. If you are trying to sync audio and video which have gone through processing, you need the original timestamps which have now been lost. This problem is being addressed but until it is, it’s a big gap.

Overall we can see the power of focussing people’s attention in this way. Whilst there is much more detail in the talk itself, just from the extracts in this article, it’s clear progress has been made and with plenty more broadcasters starting their IP projects, there is all the more motivation for the vendors to implement the requirements as laid out than there was before.

Watch now!

Willem Vermost Willem Vermost
Design & Engineering Manager,
Félix Poulin Félix Poulin
Direcor – Media Transport Architecture & Lab

Video: Securing Your Network with Firewall Tech

As true for corporate networks as for broadcast networks, security needs to underpin everything we do to ensure the smooth running of service, that ransomware is kept out and that our data is kept in. This doesn’t mean every device has to have every security feature turned up to 11, it means that security – and which threats need to be protected against – have been thought through at the system level.

Such importance has security in broadcast facilities, that we see it as the foundational layer of the EBU’s Technology Pyramid. We see SMPTE ST 2110 at the top and whilst this is seen as the ‘business end’, it’s not practical without all that underpins it; the system timing, the NMOS protocols and the security practices.

In this video, Ray Scites explains the threats to networks and challenges the audience to take them seriously showing how mitigations can be implemented. He explains some of the common attacks on networks, both technical and human. Human attacks are phishing attacks which effectively simply ask for the details. Starting with asking for seemingly innocuous information like “Is Donald available today?” and building on knowing that someone is away to put on pressure to hand over information “Donald told me this needs doing right now or the $1,000 deposit will be lost.” With enough small information providing the context, people can be tricked into thinking that an attacker is legitimately doing business and their requests complied with.

To supplement the human element, vulnerabilities can be used. Ray highlights that it’s not just Windows 10 that needs updates, the CVE list of vulnerabilities shows that just this year over 40 security issues with Netgear devices have been publicly reported; all elements in the network need to be kept up to date.

Ray looks at the levels of firewall available from the basic features such as port blocking and forwarding to advanced, like intrusion detection and deep-packet-inspection. The latter technology being where packets are not just forwarded, but read to determine their payload and make firewall decisions based upon the contents. He then explains how port forwarding and NAT (Network Address Translation) work in firewalls.

The cloud offloads all the functionality, but none of the liability.

Ray Scites
An important takeaway from this video is that moving infrastructure and/or data to the cloud can be a great move for your company’s workflow, IT overheads and costs but it doesn’t solve all your security issues. Your responsibility is still to implement secure practices both in the office and in the cloud. Whilst the job may be easier now as it may be someone else’s responsibility to update OSes or other software, you are still the one responsible for data breaches and for ensuring that your security coverage is complete.

Ray finishes by showing a brute-force password attack in real time and answering questions covering how to implement security around hardware devices which had no security features, using remote PC terminals to maintain security and whether attacks are on the increase.

Watch now!

Ray Scites Ray Scites
KNL Consulting Services

Video: What is NMOS? with a Secure Control Case Study

Once you’ve implemented SMPTE ST 2110‘s suite of standards on your network, you’ve still got all your work ahead of you in order to implement large-scale workflows. How are you doing to discover new devices? How will you make or change connections between devices? How will you associate audios to the video? Creating a functioning system requires an whole ecosystem of control protocols and information exchange which is exactly what AMWA, the Advanced Media Workflow Association has been working on for many years now.

Jed Deame from Nextera introduces the main specifications that have been developed to work hand-in-hand with uncompressed workflows. All prefixed with IS- which stands for ‘Interface Specificaion’, they are IS-04, IS-05, IS-08, IS-09 and IS-10. Between them they allow you to discover new devices, create connections between then, manage the association of audio with video as well as manage system-wide information. Each of these, Jed goes through in turn. The only relevant ones which are skipped are IS-06 which allows devices to communicate northbound to an SDN controller and IS-07 which manages GPI and tally information.

Jed sets the scene by describing an example ST-2110 setup with devices able to join a network, register their presence and be quickly involved in routing events. He then looks at the first specification in today’s talk, NMOS IS-04. IS-04’s job is to provide an API for nodes (cameras, monitors etc.) to use when they start up to talk to a central registry and lodge some details for further communication. The registry contains a GUID for every resource which covers nodes, devices, sources, flows, senders and receivers. IS-04 also provides a query API for controllers (for instance a control panel).

While IS-04 started off very basic, as it’s moved to version 1.4, it’s added HTTPS transport, paged queries and support for connection management with IS-05 and IS-06. IS-04 is a foundational part of the system allowing each element to have an identity, track when entities are changes and update clients accordingly.

IS-05 manages connections between senders and receivers allowing changes to be immediate or set for the future. It allows, for example, querying of a sender to get the multicast settings and provides for sending that to a receiver. Naturally, when a change has been made, it will update the IS-04 registry.

IS-08 helps manage the complexity which is wrought by allowing all audios to flow separately from the video. Whilst this is a boon for flexibility and reduces much unnecessary processing (in extracting and recombining audio) it also adds a burden of tracking which audios should be used where. IS-08 is the answer from AMWA on how to manage this complexity. This can be used in association with BCP-002 (Best Current Practice) which allows for essences in the IS-04 registry to be tagged showing how they were grouped when they were created.

Jed looks next at IS-09 which he explains provides a way for global facts of the system to be distributed to all devices. Examples of this would be whether HTTPS is in use in the facility, syslog servers, the registration server address and NMOS versions supported.

Security is the topic of the last part of talk. As we’ve seen, IS-04 already allows for encrypted API traffic, and this is mandated in the EBU’s TR-1001. However BCP 003 and IS-10 have also been created to improve this further. IS-10 deals with authorisation to make sure that only intended controllers, senders and receivers are allowed access to the system. And it’s the difference between encryption (confidentiality) and authorisation which Jed looks at next.

It’s no accident that security implementations in AMWA specifications shares a lot in common with widely deployed security practices already in use elsewhere. In fact, in security, if you can at all avoid developing your own system, you should avoid it. In use here is the PKI system and TLS encryption we use on every secure website. Jed steppes through how this works and the importance of the cipher suite which lives under TLS.

The final part of this talk is a case study where a customer required encrypted control, an authorisation server, 4K video over 1GbE, essence encryption, unified routing interface and KVM capabilities. Jed explains how this can all be achieved with the existing specifications or an extension non top of them. Extending the encryption methods for the API to essences allowed them to meet the encryption requirements and adding some other calls on top of the existing NMOS provided a unified routing interface which allowed setting modes on equipment.

Watch now!
For more information, download these slides from a SMPTE UK Section meeting on NMOS

Jed Deame Jed Deame
Nextera Video