Video: RIST Pre-Shared Key Encryption

An important factor when sending production video feeds and other media over the internet for most people is encryption. When distributing to the end user, it’s different, but for contribution having the assurance that no-one else can view the video is very reassuring to all parties even when the content doesn’t necessitate it. RIST has been in development for a while and has grown beyond the simple profile which only dealt with packet loss. Now with the main profile, encryption is possible; there are actually two ways to encrypt. One uses DTLS which is the UDP-based equivalent of the same TLS encryption that https:// websites use, the other uses pre-shared keys (PSK).

Sergio Ammirata from DVEO starts the talk by introducing the main profile and the use of GRE tunnels. The use of a tunnel from sender to receiver allows for a single connection to carry multiple channels of multiplexed data. Importantly. it also allows the encryption to happen to the tunnel rather than to each media stream separately.

The next section of the talk revises what DTLS is: part of the main profile providing TLS encryption to UDP. Given this is an encryption method, it’s important to realise it is not part of the data-loss recovery algorithms. Since DTLS is based on TLS, it will also need certificates. Just like websites you have the choice of having a self-signed certificate or one signed by a trusted authority. This means that you not only know that you are sending encrypted data, you are also sending it to a trusted computer, not someone unintended. Sergio takes us through the workflow of verifying the certificates highlighting, for instance, the requirement for a realtime clock otherwise the start and expiry dates in the certificates wouldn’t have any meaning.

With PSK, there is no authentication. It encrypts the whole of the GRE tunnel except for headers with an AES key related to the pre-shared passphrase. The encryption is changed periodically by an automatic process. It’s important to realise that because this is so deterministic, this can be used for bonded connections. When Sergio then looks at the data flow for using PSK, we see that that it is much simpler with many fewer handshakes.

As to when PSK is the route to take over using DTLS, one-to-many transmission is an obvious candidate but also where there is only one-way communication such as most satellite links. Sergio finishes the talk by looking at the use of FEC and taking questions from the floor.

Watch now!
Speaker

Sergio Ammirata Sergio Ammirata
CTO,
DVEO

Video: Broadcast Content Protection

With video piracy estimated to cost the US economy $29M a year and programming rights costing 100s of millions of dollars or more, there’s plenty of reason to look to technology to protect your content. There is a long history of copy protection for broadcast/linear content which is continually changing.

Graham Turner, who has worked extensively in copy protection for many years, gives us an overview of how pay TV works, a look at the different types of protection and a look back at the history to see what we can learn from the mistakes made since the late 1980s.

After explaining the many reasons different types of channels have to protect their content, Graham explains the fundamentals of content protection, encryption and decryption being central to protection discussing symmetric and asymmetric cryptography. He then discusses key length which is something we hear a lot of, but can be non-trivial to understand. After all, AES talks of 128 and 256-bit keys, whereas in other areas we hear 1024, 2048 and more. Graham shows how these relate to the different keys in symmetric and asymmetric cryptography.

Pay TV is the area of focus for this video whereby live decryption keys need to be available at the set top box (STB) in the home. For DVD copy protection, the key is already in the DVD player and revocation of the rights of that DVD player are difficult. For TV there is a path from the broadcaster to the receiver which allows for more reactive rights management. ECM, Entitlement Checking Messages and EMM, Entitlement Management Messages, are the ways in which these permissions are spread so we look at how these work.

The architecture of the STB comes in focus next as Graham explains how the decryption and describing fit together along with hardware security and software security. Naturally after the STB has decoded the video, there’s interest in making sure the delivery to the TV is also secure which is where HDMI’s HDCP comes in with HDCP 2.2 protecting UHD content. HDCP is a method of ensuring that recording devices don’t get to record protected video whereas TVs or display devices can. Fingerprinting and watermarking are two technologies which are also examined showing how they are useful, to an extent, in identification of footage though not directly useful in preventing piracy itself.

The video ends with a very interesting look at the various high profile hacks from the last 30 or so years examining what was broken and how – in particular whether the cryptography itself was broken or whether the attack succeeded due to a weak link in the chain of another part of the system.

Watch now!
Speakers

​ Graham Turner ​Graham Turner
Television Technologist,
Former Chair, IET Media

Video: WAVE (Web Application Video Ecosystem) Update

With wide membership including Apple, Comcast, Google, Disney, Bitmovin, Akamai and many others, the WAVE interoperability effort is tackling the difficulties web media encoding, playback and platform issues utilising global standards.

John Simmons from Microsoft takes us through the history of WAVE, looking at the changes in the industry since 2008 and WAVE’s involvement. CMAF represents an important milestone in technology recently which is entwined with WAVE’s activity backed by over 60 major companies.

The WAVE Content Specification is derived from the ISO/IEC standard, “Common media application format (CMAF) for segmented media”. CMAF is the container for the audio, video and other content. It’s not a protocol like DASH, HLS or RTMP, rather it’s more like an MPEG 2 transport stream. CMAF nowadays has a lot of interest in it due to its ability to deliver very low latency streaming of less than 4 seconds, but it’s also important because it represents a standardisation of fMP4 (fragmented MP4) practices.

The idea of standardising on CMAF allows for media profiles to be defined which specify how to encapsulate certain codecs (AV1, HEVC etc.) into the stream. Given it’s a published specification, other vendors will be able to inter-operate. Proof of the value of the WAVE project is the 3 amendments that John mentions issued from MPEG on the CMAF standard which have come directly from WAVE’s work in validating user requirements.

Whilst defining streaming is important in terms of helping in-cloud vendors work together and in allowing broadcasters to more easily build systems, it’s vital the decoder devices are on board too, and much work goes into the decoder-device side of things.

On top of having to deal with encoding and distribution, WAVE also specifies an HTML5 APIs interoperability with the aim of defining baseline web APIs to support media web apps and creating guidelines for media web app developers.

This talk was given at the Seattle Video Tech meetup.

Watch now!
Slides from the presentation
Check out the free CTA specs

Speaker

John Simmons John Simmons
Media Platform Architect,
Microsoft