April 16, 2020

Keeping OTT Content Secure: SSL, CDNs, and Encryption

by Jscrambler

jscrambler-blog-keeping-ott-content-secure-ssl-cdn-encryption

For decades, cable was king in premium content delivery.

This all changed with the introduction of broadband internet in the late 1990s and technological breakthroughs like DCT compression. For the first time, it became possible to transmit video content over-the-top.

With the quick proliferation of high-speed Internet access around the world, a major market opportunity was born: OTT services.

Today, we're at 4.5 billion Internet users, most of which now have all the hardware and software required to instantly stream high-quality media over the top. Browsers became one of the preferred forms of media playback for consumers and, even today, around 40% of OTT subscribers still use a computer to stream content.

This global change is tied-in with the huge growth we saw in recent years behind some SVOD services such as Netflix, YouTube, Amazon Video, and, more recently, Disney+. And even though almost half of U.S. households still have a traditional TV subscription, OTT services are growing fast.

In 2017, OTT services cumulatively generated revenue of around $97.5B and some estimations estimate this will grow to $332.5B by 2025.

As we surpass 600 million OTT users globally, the industry encounters new hurdles.

One such hurdle, and a key threat to revenue and business sustainability in OTT, is piracy. By leaking premium content to piracy platforms, attackers directly compromise the revenue of OTT services.

White Paper OTT Security

The exposure of premium content also means a breach of compliance with content rights owners. These owners trust OTT stream providers to ensure that their copyrighted content is kept secure. Exposed content might lead to legal charges against the attacked OTT provider. These and other types of attacks cost pay-TV and OTT providers $9.1B in 2019 and it is expected that this cost reaches $12.5B by 2024.

With the goal of reducing their exposure to piracy, OTT providers employ a series of security layers. In this article, we'll explore the role of HTTPS and CDNs.

Delivering Web Content To The User

OTT providers rely on Content Delivery Networks (CDNs) to reduce latency (and by consequence an increased experience) in delivering content to their users. Unlike the main web server, CDNs are spread out around the globe, which means they will be in closer proximity to the end-user. This will help in delivering content faster, as the content will usually be cached or pre-fetched from the main server, preventing the user from having to connect directly to it. It will also help on live broadcasts, as the content producer will not have to broadcast its content to every individual user, but instead will broadcast to several CDNs, which will, in turn, help deliver the content to the clients.

Traditionally, HTTPS is a very common approach when it comes to increasing the integrity and security of web content.

In a nutshell, HTTPS provides confirmation to the user that he/she is connecting to the expected server, while also ensuring that the communication between both of them is encrypted, preventing Man-in-the-Middle (MITM) Attacks.

When applied to the problem of delivering copyrighted content to clients, HTTPS is not the right tool for the job. Since CDNs typically don’t belong to the content providers, their own SSL/TLS certificates used for establishing HTTPS connections can't be used. As so, the content is delivered in plain HTTP to end-users, or HTTPS but using the CDN’s certificates.

And even if it was feasible for OTT providers to use the HTTPS protocol to deliver their content efficiently, the content would only be protected during the transmission. After the content reaches the client-side of the browser, HTTPS grants no protection whatsoever to prevent attackers from leaking transmitted content without it being known to the OTT provider.

So far, we have explained the current landscape for OTT content delivery and the main security issues it faces.

Thankfully, there are several approaches to help minimize these security issues. These approaches can be based on authentication tokens, DRM systems, watermarking techniques, JavaScript/HTML5 protection, and webpage monitoring.

In this series of blog posts, we will explore the advantages and pitfalls of each approach when it comes to securing OTT content. Continue reading on the next part, where we will explore authentication tokens and DRM systems.

For an in-depth analysis of this topic of security in OTT media delivery, read our free white paper.