Video: Broadcast Content Protection

With video piracy estimated to cost the US economy $29M a year and programming rights costing 100s of millions of dollars or more, there’s plenty of reason to look to technology to protect your content. There is a long history of copy protection for broadcast/linear content which is continually changing.

Graham Turner, who has worked extensively in copy protection for many years, gives us an overview of how pay TV works, a look at the different types of protection and a look back at the history to see what we can learn from the mistakes made since the late 1980s.

After explaining the many reasons different types of channels have to protect their content, Graham explains the fundamentals of content protection, encryption and decryption being central to protection discussing symmetric and asymmetric cryptography. He then discusses key length which is something we hear a lot of, but can be non-trivial to understand. After all, AES talks of 128 and 256-bit keys, whereas in other areas we hear 1024, 2048 and more. Graham shows how these relate to the different keys in symmetric and asymmetric cryptography.

Pay TV is the area of focus for this video whereby live decryption keys need to be available at the set top box (STB) in the home. For DVD copy protection, the key is already in the DVD player and revocation of the rights of that DVD player are difficult. For TV there is a path from the broadcaster to the receiver which allows for more reactive rights management. ECM, Entitlement Checking Messages and EMM, Entitlement Management Messages, are the ways in which these permissions are spread so we look at how these work.

The architecture of the STB comes in focus next as Graham explains how the decryption and describing fit together along with hardware security and software security. Naturally after the STB has decoded the video, there’s interest in making sure the delivery to the TV is also secure which is where HDMI’s HDCP comes in with HDCP 2.2 protecting UHD content. HDCP is a method of ensuring that recording devices don’t get to record protected video whereas TVs or display devices can. Fingerprinting and watermarking are two technologies which are also examined showing how they are useful, to an extent, in identification of footage though not directly useful in preventing piracy itself.

The video ends with a very interesting look at the various high profile hacks from the last 30 or so years examining what was broken and how – in particular whether the cryptography itself was broken or whether the attack succeeded due to a weak link in the chain of another part of the system.

Watch now!

​ Graham Turner ​Graham Turner
Television Technologist,
Former Chair, IET Media

Video: Hacking ATSC 3.0

ATSC’s effort to bring IP into over-the-air broadcast has been long in the making and its deployment in South Korea along with the ITU’s inclusion of it in it’s list of recommended digital broadcast standards is a testament to it gaining acceptance. But as US broadcasters continue with test broadcasts and roll-outs in 2020, what security problems arise when IP’s included in the mix?

Acting is a great network security primer, this talk from Texas A&M’s Wayne Pecena, explains the premise and implications of creating and maintaining security in your broadcast plant. Starting by documenting the high profile attacks on broadcasters over the years, Wayne hones in on the reasons they should care from the obvious, omnipresent threat of ‘dead air’ to ‘loss of trust’ which is particularly motivating in recent years as we have seen state actors move to influence, not disrupt the normal course of life, in low-key, long-burn persistent attacks.

The talk hinges around the ‘AIC’ triad, comprising confidentiality, integrity and availability which are the three core aspects of data to protect. Integrity involves ensuring that the data are not altered either in transit or, indeed, in storage. Confidentiality revolves around ensuring that access control is maintained at all levels including physical, network-level and application live. Finally availability encompasses the fact that if the data isn’t available to the people who need it, the whole thing is pointless. Therefore supporting the availability side of the triangle includes thinking about redundancy and disaster recovery procedures.

Wayne, who is also the president of the Society of Broadcast Engineers, explains some of the attributes of a secure system which starts with security policies. These are the outer layer of any secure environment detailing how the many other layers of security will be managed and applied. Other aspects of a secure environment are appropriately layered and segmented network design, to limit what is available to anyone who does penetrate part of a system, access controls and logging.

After looking at the IETF and IEEE standards bodies, we see how the standard network models overlay neatly on the ATSC layered model with networking in the centre of them all. This leads in to a brief introduction to ‘IP’ in the sense of the the IP protocol on which are based TCP/IP and UDP/IP, between them central to most network communications around the world.

As we see how a small hole in defences can be slowly changed and enlarged allowing the attacker to move forward and create another hole in the next layer, Wayne talks about the types of security threats such malware, denial of service attacks and, of course, inside threats such as your employees themselves being complicit.

As the talk draws to a close we look at how this plays out in the real world talking through diagrams of broadcasters’ systems and how mitigations might play out on premise before talking cloud security. As the threat model in the cloud is different, Wayne explains the best practices to ensure safety and how these and the other security technologies used on the internet keep ATSC 3.0 secure including TLS secure certificate and the use of DNSSEC

The talk finishes with a look at security in the home whether that be with the myriad of consumer media consumption devices or items from the ‘internet of things’.

Watch now!

Wayne Pecena Wayne Pecena
Director of Engineering, KAMU TV/FM at Texas A&M University
President, Society of Broadcast Engineers AKA SBE

Webinar: Securing Live Streams

Piracy in France cost €1.2bn in 2017 and worldwide the loss has been valued up to US$52 billion. Even if these numbers are inflated, over-counted or similar, it’s clear there is a lot of money at stake in online streaming. There are a number of ways of getting to protect your content, encryption, Digital Rights Management (DRM) and tokenisation are three key ones and this webinar will examine what works best in the real world.

All these technologies used together don’t always stop piracy 100%, but they can significantly impact the ease of pirating and the quality of the final material.

Date: Thursday January 30th – 10a.m. PT / 1p.m. / 18:00 GMT

It’s important to understand the difference between encryption and Digital Rights Management. In general DRM relies on encryption, whereby encryption is a way of making sure that decodable video only lands in the hands of people who have been given the encryption key. This means that people who are snooping on traffic between the video provider and consumer can’t see what the video is and can be accomplished in a similar way to secure web pages which are secured against eavesdroppers. The problem with encryption is, however, that it doesn’t intrinsically decide who is allowed to decode the video meaning anyone with the decryption key can video the content. Often this is fine, but if you want to run a pay-TV service, even ignoring content, it’s much better to target customer by customer who can video the video. And this is where DRM comes in.

DRM is multi-faceted and controls the way in which consumers can view/use the content as much as whether they can access it to start with. DRM, for instance, can determine that a display device can show the work, but a recorder is not allowed to make a recording. It can also determine access based on location. Another aspect of DRM is tracking in the form of insertion of watermarks and metadata which mean that if a work is pirated, there is a way to work back to the original subscriber to determine the source of the leak.

Tokenisation is a method in which the player requests access to the material and is passed a token, by means of a response from the server after it has checked if the player is allowed access. Because of the way this token is created, it is not possible for another player to use it to access the content which means that sharing a URI won’t allow another user access to the video. Without some form of access control, once one subscriber has received a URI to access the video, they could pass that to another user who could also then access it.

What’s the best way to use these technologies? What are the pros and cons and what are the other methods of securing media? These questions and more will be discussed in this Streaming Video Alliance webinar on January 30th.

Register now!

Peter Cossack Peter Cossack
Vice President Cybersecurity services,
Kei Foo Kei Foo
Director of Advanced Video Engineering,
Charter Communications
Orly Amsalem Orly Amsalem
Product Manager, AI/ML based video security and anti-piracy solutions ,
Marvin Van Schalkwyk Marvin Van Schalkwyk
Senior Solutions Architect,
Jason Thibeault Jason Thibeault
Executive Director,
Streaming Media Alliance

Webinar: ATSC 3.0 Signaling, Delivery, and Security Protocols

ATSC 3.0 is bringing IP delivery to terrestrial broadcast. Streaming data live over the air is no mean feat, but nevertheless can be achieved with standard protocols such as MPEG DASH. The difficulty is telling the other end what’s its receiving and making sure that security is maintained ensuring that no one can insert unintended media/data.

In the second of this webinar series from the IEEE BTS, Adam Goldberg digs deep into two standards which form part of ATSC 3.0 to explain how security, delivery and signalling are achieved. Like other recent standards, such as SMPTE’s 2022 and 2110, we see that we’re really dealing with a suite of documents. Starting from the root document A/300, there are currently twenty further documents describing the physical layer, as we learnt last week in the IEEE BTS webinar from Sony’s Luke Fay, management and protocol layer, application and presentation layer as well as the security layer. In this talk Adam, who is Chair of a group on ATSC 3.0 security and vice-chair one on Management and Protocols, explains what’s in the documents A/331 and A/360 which between them define signalling, delivery and security for ATSC 3.0.

Security in ATSC 3.0
One of the benefits of ATSC 3.0’s drive into IP and streaming is that it is able to base itself on widely developed and understood standards which are already in service in other industries. Security is no different, using the same base technology that secure websites use the world over to achieve security. Still colloquially known by its old name, SSL, the encrypted communication with websites has seen several generations since the world first saw ‘HTTPS’ in the address bar. TLS 1.2 and 1.3 are the encryption protocols used to secure and authenticate data within ATSC 3.0 along with X.509 cryptographic signatures.

Authentication vs Encryption
The importance of authentication alongside encryption is hard to overstate. Encryption allows the receiver to ensure that the data wasn’t changed during transport and gives assurance that no one else could have decoded a copy. It provides no assurance that the sender was actually the broadcaster. Certificates are the key to ensuring what’s called a ‘chain of trust’. The certificates, which are also cryptographically signed, match a stored list of ‘trusted parties’ which means that any data arriving can carry a certificate proving it did, indeed, come from the broadcaster or, in the case of apps, a trusted third party.

Signalling and Delivery
Telling the receiver what to expect and what it’s getting is a big topic and dealt with in many places with in the ATSC 3.0 suite. The Service List Table (SLT) provides the data needed for the receiver to get handle on what’s available very quickly which in turn points to the correct Service Layer Signaling (SLS) which, for a specific service, provides the detail needed to access the media components within including the languages available, captions, audio and emergency services.

ATSC 3.0 Receiver Protocol Stack

ATSC 3.0 Receiver Protocol Stack

Media delivery is achieved with two technologies. ROUTE (Real-Time Object Delivery over Unidirectional Transport ) which is an evolution of FLUTE which the 3GPP specified to deliver MPEG DASH over LTE networks. and MMTP (Multimedia Multiplexing Transport Protocol) an MPEG standard which, like MPEG DASH is based on the container format ISO BMFF which we covered in a previous video here on The Broadcast Knowledge

Register now for this webinar to find out how this all connects together so that we can have safe, connected television displaying the right media at the right time from the right source!


Adam Goldberg Adam Goldberg
Chair, ATSC 3.0 Specialist Group on ATSC 3.0 Security
Vice-chair, ATSC 3.0 Specialist Group on Management and Protocols
Director Technical Standards, Sony Electronics