An important factor when sending production video feeds and other media over the internet for most people is encryption. When distributing to the end user, it’s different, but for contribution having the assurance that no-one else can view the video is very reassuring to all parties even when the content doesn’t necessitate it. RIST has been in development for a while and has grown beyond the simple profile which only dealt with packet loss. Now with the main profile, encryption is possible; there are actually two ways to encrypt. One uses DTLS which is the UDP-based equivalent of the same TLS encryption that https:// websites use, the other uses pre-shared keys (PSK).
Sergio Ammirata from DVEO starts the talk by introducing the main profile and the use of GRE tunnels. The use of a tunnel from sender to receiver allows for a single connection to carry multiple channels of multiplexed data. Importantly. it also allows the encryption to happen to the tunnel rather than to each media stream separately.
The next section of the talk revises what DTLS is: part of the main profile providing TLS encryption to UDP. Given this is an encryption method, it’s important to realise it is not part of the data-loss recovery algorithms. Since DTLS is based on TLS, it will also need certificates. Just like websites you have the choice of having a self-signed certificate or one signed by a trusted authority. This means that you not only know that you are sending encrypted data, you are also sending it to a trusted computer, not someone unintended. Sergio takes us through the workflow of verifying the certificates highlighting, for instance, the requirement for a realtime clock otherwise the start and expiry dates in the certificates wouldn’t have any meaning.
With PSK, there is no authentication. It encrypts the whole of the GRE tunnel except for headers with an AES key related to the pre-shared passphrase. The encryption is changed periodically by an automatic process. It’s important to realise that because this is so deterministic, this can be used for bonded connections. When Sergio then looks at the data flow for using PSK, we see that that it is much simpler with many fewer handshakes.
As to when PSK is the route to take over using DTLS, one-to-many transmission is an obvious candidate but also where there is only one-way communication such as most satellite links. Sergio finishes the talk by looking at the use of FEC and taking questions from the floor.
RIST is a streaming protocol which allows unreliable/lossy networks such as the internet to be used for critical streaming applications. Called Reliable Internet Stream Protocol, it uses a light-touch mechanism to request any data that’s lost by the network. As losses are often temporary and sporadic, the chances are that the data will get through the second or, perhaps, third time. For a more in-depth explanation of RIST, check out this talk from Merrick Ackermans
The panel here at the IBC 2019 IP Showcase give an brief definition of RIST and then examine how far they’ve got with the ‘Simple Profile’ of RIST calling out things that are yet to be done. Still on the to-do list are such things as ‘pull’ streams, encryption, simplifying the port structure and embedding control.
Fixed Key encryption comes under the microscope next asking whether there’s a practical threat in terms of finding the key but also in terms of whether there are any side-channel attacks in a ‘non-standard’ encryption. The fixed key encryption has been implemented in line with NIST protocols but, as Kieran highlights, getting enough eyes on the detail is difficult with the specification being created outside of an open forum.
The panels covers the recent interop testing which shows overall positive results and then discusses whether RIST is appropriate for uncompressed video. Already, Kieran points out, Amazon Direct Connect is available in 100s of Gb/s links and so it’s completely possible to do uncompressed to the cloud. RTP is over 20 years old and is being used for much more than ever imagined at the time. As technology develops, use of RIST will also develop.
What are the other uses for RIST? Videoconferencing is one possibility, creating a generally secure link to equipment and ingest into the cloud are the others offered.
The panel fishes by looking to the future. Asking how, for instance, the encoder could react to reduced quality of the link. How much of the all the technology needed should be standardised and what features could be added. Sergio Ammirata suggests opening up the protocol for the bandwidth estimation to be requested by any interested device.
This session, bringing together DVEO, OBS, Zixi and Net Insight finishes with questions from the audience.