May 8, 2020

Keeping OTT Content Secure: Why Is DRM Not Enough?

by Jscrambler

Keeping OTT Content Secure: Why Is DRM Not Enough?

This post is the third part of our "Keeping OTT Content Secure" series. Feel free to read part two here.

Before, we explored the huge role of Digital Rights Management (DRM) systems in protecting premium content in OTT. But, if you recall, we ended on a cliffhanger:

If DRM is such a widely adopted and robust solution, why is piracy still such a big, growing threat to OTT providers?

The main goal of DRM is to prevent unauthorized access to OTT content. However, once DRM has done its job, we're left with a user which is streaming (legitimately accessed) content on his/her device. And here things can still go south.

There is no further protection between the protected player and the display where content is viewed by the user. This means that the user can capture the content and then illegitimately redistribute it — in a similar way to the still common issue of someone recording at the movies.

Malicious users often exploit this by either directly recording from their video or sound card, or using other techniques to record their own screen in a way that retains as much quality of the content will as possible. Then, it's a matter of illegally distributing this content in any of the several existing piracy platforms.

White Paper OTT Security

When this happens (and it happens), providers need another anti-piracy solution to be able to track these malicious users. And that can be achieved with one or more techniques of watermarking.

Watermarking

The general concept of watermarking is relatively well-known — add an identifier to a proprietary piece of content (image, sound, text, video, etc.) to either identify the owner of the content and/or quickly identify the origin of the leaked content. An example of this most common type of watermarking (visual watermarking) is shown below.

Visual Watermarking Example

Forensic Watermarking

In digital media, forensic watermarking refers to embedding metadata inside a target digital content. This usually includes details of the authenticity and integrity of the digital content and might include relevant metadata such as copyright ownership or user identification.

This technique is widely used to quickly identify the origin of leaked content. When watermarked content is leaked and found to be used in the wild, providers can analyze the watermark to recover the relevant metadata that will allow investigation teams to track down the origin of the leak and to stop that source of piracy (for example, by blocking the account that originated the leak).

It should be noted that, unlike DRM, which protects against content hijacking, watermarking does not prevent the content from being stolen. So, forensic watermarking is typically not a standalone solution but rather a much-needed complement to DRM on the fight against piracy.

And it may seem like we're again reaching the end of this topic. But there's still one key aspect to forensic watermarking that we must explore.

Jscrambler engineers have worked closely with OTT providers and watermarking providers alike. Together, we uncovered a key threat — the risk of tampering with forensic watermarking solutions. This could lead attackers to completely remove the watermark and leak content with no traceability.

In our following (and last) post of this series, we will explore how this security threat can be solved.

Stay tuned!


For an in-depth analysis of this topic of security in OTT media delivery, read our free white paper.