CyberSecurity

Video: A Frank Discussion of NMOS

Posted on by Russell Trafford-Jones

What NMOS isn’t is almost as important as what NMOS actually is when it comes to defining a new project implementing SMPTE ST 2110. Written by AMWA, NMOS is a suite of open specifications which help control media flow hence the name: Network Media Open Specifications. Typically NMOS specifications are used alongside the ST 2110 standards but in this hype-free panel, we hear that 2110 isn’t the only application of NMOS.

AMWA Executive Director Brad Gilmer introduces this ‘frank’ panel with Imagine’s John Mailhot explaining the two meanings ‘NMOS’ has. The first is the name of the project we have just introduced in this article. The second is as shorthand for the two best-known specifications created by the project, IS-04 and IS-05. Together, these allow new devices to register their availability to the rest of the system and to receive instructions regarding sending media streams. There are plenty of other specifications which are explained in this talk of which two more are mentioned later in this video: IS-08 which manages audio channel mapping and IS-09 which allows new devices to get a global configuration to automatically find out facts like their PTP domain.

 

 

Security is “important and missing previously,” says Jed Deame from Nextera but explains that since NMOS is predominantly a specification for HTTP API calls, there is nothing to stop this from happening as HTTPS or another protocol as long as it provides both encryption and authorisation. The panel then explores the limits of the scope of NMOS. For security, its scope is to secure the NMOS control traffic, so doesn’t stretch to securing the media transport or, say, PTP. Furthermore, for NMOS as a whole, it’s important to remember it defines control and not more than control. Brad says, though, that even this scope is ambiguous as where does the concept of ‘control’ stop? Is a business management system control? What about scheduling of media? Triggering playback? There have to be limited.

Imagine Communications’ John Mailhot explores the idea of control asking how much automation, and hence NMOS-style control, can help realise one of the promises of IP which is to reduces costs by speeding up system changes. Previously, Brad and John explain, changing a studio from doing NFL to doing NHL may take up to a month of rewiring and reprogramming. Now that rewiring can be done in software, John contends that the main task is to make sure the NMOS is fully-fledged enough to allow interoperable enumeration, configuration and programming of links within the system. The current specifications are being reinforced by ‘modelling’ work whereby the internal logical blocks of equipment, say an RGB gain control, can be advertised to the network as a whole rather than simply advertising a single ‘black box’ like an encoder. Now it’s possible to explain what pre and post-processing is available.

Another important topic explored by NVIDIA’s Richard Hastie and Jeremy Nightingale from Macnica, is the use of NMOS specifications outside of ST 2110 installations. Richard says that NVIDIA is using NMOS in over 200 different locations. He emphasises its use for media whether that be HEVC, AV1 or 2110. As such, he envisages it being used by ‘Twitch streamers’ no doubt with the help of the 2110-over-WAN work which is ongoing to find ways to expose NMOS information over public networks. Jeremy’s interest is in IPMX for ProAV where ‘plug and play’ as well as security are two of the main features being designed into the package.

Lastly, there’s a call out to the tools available. Since NMOS is an open specification project, the tools are released as Open Source which companies being encouraged to use the codebase in products or for testing. Not only is there a reference client, but Sony and BBC have released an NMOS testing tool and EasyNMOS provides a containerised implementation of IS-04 and IS-05 for extremely quick deployments of the toolset.

Watch now!
Speakers

Brad Gilmer Brad Gilmer
Executive Director, Video Services Forum
Executive Director, Advanced Media Workflow Association (AMWA)
John Mailhot John Mailhot
CTO Networking & Infrastructure
Jed Deame Jed Deame
CEO,
Nextera Video
Richard Hastie Richard Hastie
Senior Sales Director,
NVIDIA
Jeremy Nightingale
President
Macnica Americas, Inc.

Video: A 360-degree view on Video Piracy

Posted on by Russell Trafford-Jones

There will always be piracy, but that’s no reason not to fight against it. And the entertainment industry always has, sometimes effectively, and sometimes farcically (such as the DeCSS debacle at the turn of the century). One of the traditional cat and mouse games, this set of short talks gives a rounded view of the types of protection, types of piracy and methods of detection.

Recorded at the Milan Video Tech meetup, Senior Consultant at VideoDeveloper.io, Andrea Fassina, introduces the first speaker who is Ilker Ürgenc from Akamai with a rounded overview of the threat service for programme producers, broadcasters and streaming providers who starts by looking at piracy rates around the world and its impacts.

When people talk about anti-piracy measures, their mind typically goes straight to DRM. DRM is the most ‘tangible’ aspect of content protection as most people have had to deal with it, or rather the consequences of not being able to watch something both at home and at work. But Ilker’s point is that the protection has to go much further than DRM. It needs to be about protecting against screen recording, against phishing and hacking the production systems or contribution streams. The whole chain needs protections which Ilker details as a protective ecosystem. His solutions, apart from IT best practices are fingerprinting, content watermarking and stream monitoring.

Next up is Matteo Freddi from CHILI who talks about protecting streams whether they be HLS, DASH or other protocols. He starts with outlining the DRMs compatible with the different Microsoft Smoothstreaming, HLS and MPEG DASH in terms of the streaming specifications before bringing us down to earth by looking at what’s actually supported by the different manufacturer devices such as Roku, Apple TV etc. Players are implemented either natively within an OS or through programming interfaces (APIs). APIs allow for a wider ecosystem of players, but they don’t offer some of the tight integrations OSes can provide. Further, Matteo explains how this also affects how easily they can process DRM.

Finally, we have Steve Epstein from Synamedia, who details the techniques which allow providers to protect against misuse of accounts, resharing and restreaming of content. Steve looks at techniques to minimise credential stuffing, watermarking and active monitoring of the streaming service in order to identify misuse of accounts such as multiple simultaneous logins, logins from different parts of the world.

Watch now!
Speakers

Ilker Ürgenc Ilker Ürgenc
Senior Technical Media Solutions Specialist,
Akamai Technologies
Matteo Freddi Matteo Freddi
Head of Technology Operations,
CHILI
Steve Epstein Steve Epstein
Distinguished Engineer – Analytics, Data Science, & Cybersecurity,
Synamedia
Andrea Fassina Moderator:Andrea Fassina
Senior Consultant
videodeveloper.io

Video: The 2020 EBU Pyramid of User Requirements

Posted on by Russell Trafford-Jones

There’s a lot more to IP-based production than just getting your video and audio streaming between devices. You need configuration tools, you need timing, there’s the management of the devices to consider and, critically, security. the problem is, working in IP is still new and many of the solutions are yet to mature. This means we still don’t have all the tools we need to realise the full promise of live production IP systems.

Back in 2018, the EBU embarked on a project to focus the industry on the gaps: The Technology Pyramid. This pyramid shows that although we, as an industry, had largely succeeded in defining essence transport over IP, this was only the ‘top of the iceberg’, so to speak, in what needed to be done. also known by its full name, “The Technology Pyramid for Media Nodes 2018”, it shows that everything is underpinned by security, upon that is configuration and monitoring, with discovery and registration built on that.

One important aspect of the pyramid is the green – yellow – red colour coding. When initially released, the only green was the transport layer, but this talk looks at the 2020 edition of the pyramid which shows that the time & sync, as well as discovery and connection, have improved.

We’re joined by Willem Vermost and Félix Poulin to discuss the problems the industry has faced to date and the progress made in making the pyramid green. Both previously with the EBU and now both with early-adopter broadcasters who are going live with IP systems, they are perfectly placed to explain the evolution on of the market.

Not only has the colouring of the pyramid changed, but the detail of what each layer constitutes has evolved. The industry has reacted with a number of specifications such as JT-NM TR-1001-1 and AMWA BCP-003. Willem and Félix explain the hidden necessities that have come out of the woodwork as the early adopters have fought to make everything work. PTP is a good example, being able to free-wheel without a PTP clock for 5 minutes and then join back without a glitch has been added to the list of requirements. Time stamping and lip-sync have proven tricky, too. Intermediate processing steps place their timestamps over the original timestamp of when the media was captured. If you are trying to sync audio and video which have gone through processing, you need the original timestamps which have now been lost. This problem is being addressed but until it is, it’s a big gap.

Overall we can see the power of focussing people’s attention in this way. Whilst there is much more detail in the talk itself, just from the extracts in this article, it’s clear progress has been made and with plenty more broadcasters starting their IP projects, there is all the more motivation for the vendors to implement the requirements as laid out than there was before.

Watch now!
Speakers

Willem Vermost Willem Vermost
Design & Engineering Manager,
VRT
Félix Poulin Félix Poulin
Direcor – Media Transport Architecture & Lab
CBC/Radio-Canada

Video: Securing Your Network with Firewall Tech

Posted on by Russell Trafford-Jones

As true for corporate networks as for broadcast networks, security needs to underpin everything we do to ensure the smooth running of service, that ransomware is kept out and that our data is kept in. This doesn’t mean every device has to have every security feature turned up to 11, it means that security – and which threats need to be protected against – have been thought through at the system level.

Such importance has security in broadcast facilities, that we see it as the foundational layer of the EBU’s Technology Pyramid. We see SMPTE ST 2110 at the top and whilst this is seen as the ‘business end’, it’s not practical without all that underpins it; the system timing, the NMOS protocols and the security practices.

In this video, Ray Scites explains the threats to networks and challenges the audience to take them seriously showing how mitigations can be implemented. He explains some of the common attacks on networks, both technical and human. Human attacks are phishing attacks which effectively simply ask for the details. Starting with asking for seemingly innocuous information like “Is Donald available today?” and building on knowing that someone is away to put on pressure to hand over information “Donald told me this needs doing right now or the $1,000 deposit will be lost.” With enough small information providing the context, people can be tricked into thinking that an attacker is legitimately doing business and their requests complied with.

To supplement the human element, vulnerabilities can be used. Ray highlights that it’s not just Windows 10 that needs updates, the CVE list of vulnerabilities shows that just this year over 40 security issues with Netgear devices have been publicly reported; all elements in the network need to be kept up to date.

Ray looks at the levels of firewall available from the basic features such as port blocking and forwarding to advanced, like intrusion detection and deep-packet-inspection. The latter technology being where packets are not just forwarded, but read to determine their payload and make firewall decisions based upon the contents. He then explains how port forwarding and NAT (Network Address Translation) work in firewalls.

The cloud offloads all the functionality, but none of the liability.

Ray Scites
An important takeaway from this video is that moving infrastructure and/or data to the cloud can be a great move for your company’s workflow, IT overheads and costs but it doesn’t solve all your security issues. Your responsibility is still to implement secure practices both in the office and in the cloud. Whilst the job may be easier now as it may be someone else’s responsibility to update OSes or other software, you are still the one responsible for data breaches and for ensuring that your security coverage is complete.

Ray finishes by showing a brute-force password attack in real time and answering questions covering how to implement security around hardware devices which had no security features, using remote PC terminals to maintain security and whether attacks are on the increase.

Watch now!
Speaker

Ray Scites Ray Scites
KNL Consulting Services