Content security: Locking up OTT

Distribution of high-value content, including live premium sports and 4K UHD movies, means that OTT providers need to ensure they meet ever-more stringent security requirements. Anna Tobin looks at developments.

Pirates may now be few and far between on the high seas, but they’re still surfing the web where the biggest game of cat and mouse is being played out every day in an attempt to stop them in their tracks. With premium content now being streamed over-the-top to a growing number of devices, some of it now even in 4K and UHD, it is becoming ever more enticing to hackers.

Holes in content security are constantly being exposed. The challenge for rights holders and content security providers is to find these gaps and plug them before the pirates take advantage of them, revenue streams start haemorrhaging and licences get revoked.

It’s also worth tracking where any stolen content is going, so that operators can prioritise going after the big fish before the small fry.

“There is a challenge related to the sharing or theft of service access credentials. We have analysed this issue and found that media sharers can be categorised into a number of types based on their behaviour, from casual sharers among family and friends, to professionals that sell stolen credentials to consumers. The challenge is to detect credential sharers and then to find ways of better monetising your content based on that information,” says Michal Brenner, product marketing manager, service provider video solutions at Cisco.

“Content playback on consumer-owned devices has many unknowns, and naturally, the large and growing diversity of devices and platforms in the field only makes the situation more challenging. One glaring example of a security risk when delivering content to consumer-owned devices is if a device is jailbroken or rooted. Effective technology for detecting a rooted or jailbroken device is needed for a robust content protection system. The OTT app can also be tampered with. To have a secure service it is critical to monitor for hacks on an ongoing basis, to uncover the breach quickly and to have responsive engineering and security organisations to effectively analyse, develop and deploy the needed fixes and countermeasures.”

Lots of devices

There are a lot of devices to keep track of, however. OTT content is being received via set-top boxes, games consoles, tablets, computers, smartphones and smart TVs. The demand for these devices is spurring on the churning out of ultra-cheap mass-produced Android products. The problem here is that these tend to be less secure than the well-guarded, big brand products such as those produced by Apple and Samsung.

“For providers looking to offer the most secure and complete service, the variety of technologies involved in client implementations is daunting,” says Steve Christian, senior vice-president, marketing at Verimatrix. “Some devices are more secure that others, so the challenge of real security is to try and address the weakest links. Quite often that turns out to be PC devices. They’re a diminishing proportion of the OTT viewership, but they are where it all started and a significant proportion of people still try to use PCs to watch internet content, particularly short-form video.”

To make matters more complicated, not everyone is using the latest version of Windows to view content. There are a number of different operating systems being used, all of which have different software environments and different security vulnerabilities.

PCs might be an easy target, but set-top boxes have been the traditional focus of pirates up to now, says Harrie Tholen, managing director, at NexGuard, although he doesn’t think this will continue to be the case. “With more devices entering the mix, service providers need to ensure that their content protection solutions cater for multiple devices – from smartphones and tablets through to games consoles.”

Balancing the need for security and convenience of use is a tremendous task for any operator. To safely deliver OTT content to a range of devices, the operator needs to cope with variances in video encoding formats, streaming formats and DRM technologies.

This requires a combination of content protection technologies to work in concert, says Tholen at NexGuard. “DRM [is needed] to ensure that only the legitimate subscriber has access to content and forensic watermarking [is required], which automatically identifies the source of a leak and traces it back to the respective culprit,” he says.

Multiple DRMs

The haphazard way the industry has evolved, however, has meant that not one, but multiple DRM systems have emerged. “As open devices are increasingly vertically integrated into vendor ecosystems, they also come with pre-embedded platform DRMs from these vertical ecosystems,” explains Tor Helge Kristiansen, EVP principle architect, Conax. “We see that all Google devices comes with pre-integrated Widevine, for instance, while Microsoft devices come with PlayReady, and Apple devices comes with FairPlay Streaming. These DRMs are typically integrated into the devices with decent security, and provide operators with a means for delivering OTT content. It does, however, force the operator into using multiple DRM systems in their back-end, creating complexity in overall security management of the system.”

However, according to a more upbeat Ajey Anand, CEO of Norigin Media, the problems posed by multiple DRM systems have been largely surmounted. “The complexity is more or less gone, as you are only left with Microsoft PlayReady, Google Widevine and Apple FairPlay to deal with, unless a new device pops up that has its own [DRM],” he says. Until then, building umbrella systems for these technologies “is not that complex for the many DRM companies out there”, he adds.

For basic OTT video services, implementing security based on multiple DRM systems is relatively straightforward, agrees Brenner at Cisco, but he adds a caveat: “Once you start looking at delivering advanced services, the associated added security features can be challenging to implement across DRMs, because each allows or prohibits different things. For example, content downloaded to a device for offline viewing is supported by some DRM systems, but not others.”

The cheaper mobile Android devices have some particularly vulnerabilities, because there is no real standard for quality, says Christian at Verimatrix. “Every manufacturer can have a different version of Android with different sub-systems supported, so it is quite hard to cover all of the bases,” he says. “In some cases you have to basically exclude certain types of devices, because you can not guarantee that these devices meet the minimum standards for detection of routing and other kinds of vulnerabilities, for instance.”

This is something that consumers are not always made aware of when they purchase a device and can’t receive a service. They may not automatically assume that it’s their device that’s the root of the problem, but blame their service provider. This leaves a lot of customer service operators having to waste time explaining away problems that aren’t technically down to them.

Ultimately, whoever has licensed the content is responsible for keeping it secure. And the content creators don’t drop out of the picture once their rights have been signed away. They put resources into seeing that their licensees meet contracted responsibilities and that revenue is not compromised by hackers.

“Studios and content owners have a strong interest in protecting their valuable assets, so they often have internet monitoring operations, both in-house and through third parties,” says Tholen at NexGuard.

Consequently, the service providers have a double vested interest in protecting their licensed content: they must guarantee it is secure in order to protect their revenues and also to ensure that they don’t have their precious licences revoked, a measure that could potentially close them down.

This is a big responsibility, says Christopher Schouten, senior manager product marketing at Nagra: “Hollywood expects its licensees to put proactive piracy monitoring in place for premium content, as do many sports rights holders. This means that service providers need to either hire extra staff to do this monitoring, or they need to find partners, such as Nagra, who can put in place monitoring and response programmes that meet the contractual requirements of licensors; and, ultimately help protect the service provider’s own business.”

To operate effectively in the current market, operators need to invest in a multi-DRM solution for Microsoft PlayReady, Google Widevine and Apple FairPlay Streaming, as well as various smaller players.

It’s no good locking up the house and leaving the windows open. “The level of investment in security should be measured against the cost of service piracy and the risks of losing distribution rights to quality content,” says Brenner at Cisco. “This changes depending on the specific situation of the service provider. A periodic security assessment by an experienced operational security team is important for understanding the state of piracy and its costs.”

However, the good news for smaller service providers is, as Anand at Norigin Media says, that competition in the market is strong and may result in lower prices for content security solutions in some areas.

“On the playout side there is a lot of competition in the multi-DRM space, which I assume will drive the cost down over time… On the client side however, it is still a complex matter and service providers must expect to make an investment per platform they want to support. It is sizeable and in the millions for the larger services. The smaller, tier-two providers should rely on other unique OTT CAS-based content protection options, which reduces the costs of licences,” he says.

Operators nevertheless have no choice but to invest in comprehensive security solutions, including digital watermarking, says Tholen at NexGuard. “Especially for OTT distribution, deployment of watermarking is straightforward and the upfront investment for a service provider is limited. The return on investment is twofold: not only does watermarking help service providers avoid revenue loss from illegal re-streaming, it gives them much better access to premium content by meeting the studios’ enhancement security requirements,” he says.

Content security systems needs to be able to deal with the timing of rights windows too, points out Simon Trudelle, senior manager product marketing at Nagra. “Beyond content protection itself, the business need for controlling concurrent access to streamed content within the home domain and at the subscriber account level, or for allowing content to be downloaded and consumed offline for a given time period, are also key content usage rules that need to be enforced to secure the business model of the service provider,” he says. “Our Nagra MediaLive platform provides the capabilities to address these scenarios.”

Operators must also be able to react when security breaches are found to have been carried out via foreign, off-shore illegal streaming services, says Trudelle. “While watermarking is a first technique that can be used to identify the source of the leaks feeding these redistribution streaming servers, the most actionable approach is to leverage cyber-security technology to monitor pirate services. The cyber-security vendor then actually works with the rights owner, national authorities and ISPs to take down these illegal servers.”

Going live

Live premium content in particular has a short shelf life and without stringent security measures it could easily be redistributed instantly, seriously compromising rights-holders’ revenues. If content goes on to a social media channel such as Periscope or Facebook it could be shown around the world within seconds. “The last thing an operator wants is to see premium content distributed by mechanisms that they have no control over and that they are not getting any revenue from,” says Christian at Veritmatrix. “You have only a very limited amount of time to trace the source of these illegitimate content streams and shut them down. The period of a soccer match doesn’t give you much time to respond. The period of a boxing match is even shorter. You need tools and techniques to detect illegitimate streams, identify the source of the content on those streams and then shut it down more or less in real time.”

Speed and efficiency are of the essence to secure live content, agrees Tholen at NexGuard. “The requirements for live event coverage are not so different from other types of OTT content – the only difference being that live coverage puts more emphasis on the speed of watermark detection. NexGuard has solutions in place that can detect watermarks in minutes, ensuring that the original source of the leak can be traced, even during much awaited premium sports games such as the English Premier League or the upcoming Olympics.”

Although this will likely soon change, live sports events have yet to catch up with Hollywood standards when it comes to security, says Kristiansen at Conax. “For now, the security requirements for live sports are surprisingly less strict than the MovieLabs ECP requirements for Hollywood content,” he says. “Conax believes for live sports one should also apply the same security features being enforced for movies. We can expect requirements for increased use of hardware-based security, including support for Secure Media Pipelines, in the future. Also, we believe that purpose-built forensic watermarking solutions that enable instant detection and shutdown of illegal content redistribution will become a necessity.”

There has been a surge in live event streaming to devices over the past two years, driven by live sports, so additional security measures are welcomed. “Our current solution relies on DRM technology and session-based licences to protect the live adaptive bit-rate OTT streams,” says Nagra’s Trudelle. “This is a first step.” Discussions have been taking place since the middle of 2015 within the DASH Industry Forum security workgroup, chaired by Nagra, to provide a more scalable solution to deliver live OTT content to a large audience, including all major companies in the CAS and DRM space. This led to updates to DASH-IF IOP guidelines in version 3.2 for handling live content. An update of the standardisation efforts will be presented at IBC 2016.

The widespread availability of high-speed broadband, which allows high-quality OTT services, also provides a platform for online streaming piracy and this is helping to fuel the theft of live services in particular, says Brenner at Cisco.

“We see this is a growing concern for broadcasters. Especially in the case of live events, the legal takedown counter-measures available today take too long to have any significant impact,” he says. In order to deal with piracy of live events, Cisco has developed Streaming Piracy Prevention, a set of services and technologies that work to monitor the internet for illegal redistribution, identify the source device responsible for the leak and enact a blocking of the source device.

4K UHD TV

When you add UHD to the mix, things become even more exciting. Currently, UHD is largely limited to set-tops. Security providers are working on ways to make a multitude of other devices watertight, however, including hardware-enabled DRM and fingerprinting on OTT streaming services. One of the main changes is that UHD requires hardware-enabled DRM, says Anand. “We previously could rely on DRM implemented purely as software; the new requirements mean that the device itself needs to have the DRM running on the chipset. The leading DRM providers such as Microsoft, Apple and Google have all taking this into account and have updated their APIs and tech stack to support this.”

The MovieLabs consortium’s set of recommendations for Enhanced Content Protection has helped to simplify 4K UHD content security, says Kristiansen at Conax. “These recommendations are gradually becoming mandatory requirements for 4K and UHD, as well as for early release window VoD content. MovieLabs ECP recommendations describe security mechanisms covering a holistic security approach and mandate use of hardware-based security, Secure Media Pipelines and forensic watermarking,” he explains. “Complying with these stringent requirements means basing the devices on a type of security architecture with significantly more hardware security backing than has historically been used. The industry is working towards meeting these requirements; and, particularly on the set-top box and TV, we now see a dramatic improvement in security levels through the introduction of new chipset designs. There is still a long way to go for open devices though, as they currently do not provide many hardware security mechanisms that can be employed to implement a Secure Media Pipeline.”

These devices will doubtless evolve. Whether the industry can move fast enough to stay one step ahead of the hackers is another matter, but this is the best anyone can hope for. Pirates will always be trying to find a chink in the OTT armour, but as long as technology providers stay ahead of the game, they may never get their hands on the treasure.