Video: RIST Pre-Shared Key Encryption

An important factor when sending production video feeds and other media over the internet for most people is encryption. When distributing to the end user, it’s different, but for contribution having the assurance that no-one else can view the video is very reassuring to all parties even when the content doesn’t necessitate it. RIST has been in development for a while and has grown beyond the simple profile which only dealt with packet loss. Now with the main profile, encryption is possible; there are actually two ways to encrypt. One uses DTLS which is the UDP-based equivalent of the same TLS encryption that https:// websites use, the other uses pre-shared keys (PSK).

Sergio Ammirata from DVEO starts the talk by introducing the main profile and the use of GRE tunnels. The use of a tunnel from sender to receiver allows for a single connection to carry multiple channels of multiplexed data. Importantly. it also allows the encryption to happen to the tunnel rather than to each media stream separately.

The next section of the talk revises what DTLS is: part of the main profile providing TLS encryption to UDP. Given this is an encryption method, it’s important to realise it is not part of the data-loss recovery algorithms. Since DTLS is based on TLS, it will also need certificates. Just like websites you have the choice of having a self-signed certificate or one signed by a trusted authority. This means that you not only know that you are sending encrypted data, you are also sending it to a trusted computer, not someone unintended. Sergio takes us through the workflow of verifying the certificates highlighting, for instance, the requirement for a realtime clock otherwise the start and expiry dates in the certificates wouldn’t have any meaning.

With PSK, there is no authentication. It encrypts the whole of the GRE tunnel except for headers with an AES key related to the pre-shared passphrase. The encryption is changed periodically by an automatic process. It’s important to realise that because this is so deterministic, this can be used for bonded connections. When Sergio then looks at the data flow for using PSK, we see that that it is much simpler with many fewer handshakes.

As to when PSK is the route to take over using DTLS, one-to-many transmission is an obvious candidate but also where there is only one-way communication such as most satellite links. Sergio finishes the talk by looking at the use of FEC and taking questions from the floor.

Watch now!
Speaker

Sergio Ammirata Sergio Ammirata
CTO,
DVEO

Video: 2019 What did I miss? – Introducing Reliable Internet Streaming Transport

By far the most visited video of 2019 was the Merrick Ackermans’ review of RIST first release. RIST, the Reliable Internet Stream Transport protocol, aims to be an interoperable protocol allowing even lossy networks to be used for mission-critical broadcast contribution. Using RIST can change a bade internet link into a reliable circuit for live programme material, so it’s quite a game changer in terms of cost for links.

An increasing amount of broadcast video is travelling over the public internet which is currently enabled by SRT, Zixi and other protocols. Here, Merrick Ackermans explains the new RIST specification which aims to allow interoperable internet-based video contribution. RIST, which stands for Reliable Internet Stream Transport, ensures reliable transmission of video and other data over lossy networks. This enables broadcast-grade contribution at a much lower cost as well as a number of other benefits.

Many of the protocols which do similar are based on ARQ (Automatic Repeat-reQuest) which, as you can read on wikipedia, allows for recovery of lost data. This is the core functionality needed to bring unreliable or lossy connections into the realm of usable for broadcast contribution. Indeed, RIST is an interesting merging of technologies from around the industry. Many people use Zixi, SRT, and VideoFlow all of which can allow safe contribution of media. Safe meaning it gets to the other end intact and un-corrupted. However, if your encoder only supports Zixi and you use it to deliver to a decoder which only supports SRT, it’s not going to work out. The industry as accepted that these formats should be reconciled into a shared standard. This is RIST.

File-based workflows are mainly based on TCP (Transmission Control Protocol) although, notably, some file transfer service just as Aspera are based on UDP where packet recovery, not unlike RIST, is managed as part of the the protocol. This is unlike web sites where all data is transferred using TCP which sends an acknowledgement for each packet which arrives. Whilst this is great for ensuring files are uncorrupted, it can impact arrival times which can lead to live media being corrupted.

RIST is being created by the VSF – the Video Standards Forum – who were key in introducing VS-03 and VS-04 into the AIMS group on which SMPTE ST 2022-6 was then based. So their move now into a specification for reliable transmission of media over the internet has many anticipating great things. At the point that this talk was given the simple profile has been formed. Whist Merrick gives the details, it’s worth pointing out that this doesn’t include intrinsic encryption. It can, of course, be delivered over a separately encrypted tunnel, but an intrinsic part of SRT is the security that is provided from within the protocol.

Despite Zixi, a proprietary solution, and Haivision’s open source SRT being in competition, they are both part of the VSF working group creating RIST along with VideoFlow. This is because they see the benefit of having a widely accepted, interoperable method of exchanging media data. This can’t be achieved by any single company alone but can benefit all players in the market.

This talk remains true for the simple profile which just aims to recover packets. The main protocol, as opposed to ‘simple’, has since been released and you can hear about it in a separate video here. This protocol adds FEC, encryption and other aspects. Those who are familiar with the basics may whoosh to start there.

Speaker

Merrick Ackermans Merrick Ackermans
Chair,
VSF RIST Activity Group

Video: The next enhancement for RIST

Continuing the look at RIST, the developing protocol which allows for reliable streaming over the internet – even in the event of packet loss, we have a look at a key feature on the roadmap.

The core proposition of RIST is to produce an interoperable protocol which brings the internet into the list of ways to contribute and distribute low-latency video. It’s resilient to packet loss due to it’s ability to re-request packets which have been lost yet is light enough for video streaming. In another talk at IBC, we learn about the latest developments which have added security and many other features to the list of capabilities.

Here, Adi Rozenberg from VideoFlow explains how this will further be extended by upcoming work to allow the source stream to reduce in bitrate in response to reduced capacity in the network. With RIST’s ARQ – the technology which requests missing packets – we find that the retransmissions can actually aggravate bitrate constrictions particularly when they are permanent. Adi proposes the only real way to solve lack of bandwidth issues is to reduce the bitrate of the source.

RIST already includes NULL packet removal so that NULL packets aren’t transmitted and are re-inserted at the remote end. This is usually a great start in reducing the bitrate of the stream. However more is needed, we need a way to tell the encoder to reduce the bandwidth of the video stream itself. This can be accomplished by RTCP.

Adi identifies the problem of identifying when extra bandwidth has returned as a reduction of bandwidth is quickly and easily signalled with retransmissions, but excess bandwidth silently returns. The system gradually increases the encoder bandwidth to always be probing the current balance of bandwidth and bitrate.

This works well when there is a single encoder and a single decoder. When there are multiple decoders, life is more difficult. The solution offered to this is to create a ladder of bitrates all of which are adaptable. Now the destination can switch between profiles. This can be extended to MPTS (Multi-Program Transport Streams) whereby, depending on the destination, services in the MPTS are dropped in order to recover bandwidth. A mechanism is used which prioritises services depending on the destination (i.e. German channels are de-prioritised on delivery to France).

The session ends with a Q&A on stream switching details and use in stat mixing.

Watch now!
Speakers

Adi Rozenberg Adi Rozenberg
CTO,
VideoFlow

Video: RIST Main Profile Description

RIST solves a problem by transforming unmanaged networks into reliable paths for video contribution in an interoperable way. RIST not only improves reliability through re-requesting missing packets, but also comes with a range of features and tools, not least of which is tunnelling. Cobalt Digital’s EVP of engineering, Ciro Noronha explains how the protocol works and what’s next on the roadmap.

Ciro starts with a look at the RIST Simple Profile covering the ARQ negative acknowledgement (NACK) mechanism, link bonding and seamless switching. He then moves on to examine the missing features such as content encryption, authentication, simpler firewall configurations, in-band control, high bitrates, NULL packet extraction. These features define RIST’s Main Profile.

Tunnelling and Multiplexing is a technique to combine Simple Profile flows into a bi-directional tunnel, providing simpler network and encryption configuration. Using a GRE (RFC 8086) tunnel, RIST provides a full, protocol agnostic tunnel and a UDP-only reduced overheard mode which only requires 0.6% data overhead to implement. Ciro explains a number of setups, including one where the connection is initiated by the receiver – something that the Simple Profile doesn’t allow.

Authentication and Encryption are covered next. DTLS us the UDP implementation of TLS which is the security mechanism used on secure websites. This provides security to the tunnel so everything which travels through is covered. Ciro explains the pre-shared key (PSK) mechanism in the Main Profile.

The talk finishes by covering NULL Packet removal, also known as ‘bandwidth optimisation’, header extension which extends RTP’s sequence number to allow for more in-flight packets and questions from the audience.

Watch now!
Speaker

Ciro Noronha Dr. Ciro Noronha
Executive Vice President of Engineering,
Cobalt Digital