What is Streaming Media Security and How to Secure Your Streams?
Last updated: 7 March 2023
Streaming media security technologies are important tools nowadays. They can help you protect your video and audio content from unauthorized access and use. These technologies, which include geo-fencing, tokens, URL signing, and digital rights management (DRM), offer different approaches and benefits. Understanding their differences and limitations can help you to choose the right security technology for your needs.
SSL
SSL, or Secure Sockets Layer, is a type of technology that is used to establish an encrypted connection between a streaming server, edge cache, cloud or CDN and a media client, such as a browser, player or app. This encrypted connection ensures that any data that is transmitted between the server and the client is secure and cannot be accessed by third parties.
SSL uses a combination of public key and symmetric key encryption to secure the data transmitted between the server and the client. When a client connects to a server using SSL, the server sends the client its SSL certificate, which contains the server’s public key. The client then uses this public key to encrypt a random symmetric key, which is then sent back to the server. The server uses its private key to decrypt the symmetric key, and the two parties can then use the symmetric key to securely transmit data back and forth.
In order to use SSL, a streaming platform must have an SSL certificate installed on its servers. This certificate is issued by a certificate authority (CA), which verifies the identity of the owner and issues a certificate that contains the public key. When a client connects to the service, the SSL certificate is used to establish a secure connection.
One common way to tell if a website is using SSL is to look for the “https” in the URL, as opposed to “http”. Additionally, most web browsers will display a lock icon in the address bar, indicating that a website is using SSL. If a website is using SSL, but the streaming service is not, the browser will alert the viewer that connections may not be safe or will block the connection.
Geo-fencing
Geo-fencing is a streaming media security technology that uses location data to restrict access to content. By defining a geographic area or “fence” where the content can be accessed, businesses and organizations can ensure that only users within that area can access the content. This can be useful for organizations that want to restrict access to content based on location. For example, for regional licensing agreements or to comply with local laws and regulations.
Tokens & URL signing
Another streaming media security technology that can be used to restrict access to content is tokens. Tokens are unique codes or keys that are assigned to individual users or devices, and they are required to access the content. This can provide an additional layer of security, as it ensures that only authorized users or devices can access the content. Tokens can be useful for businesses and organizations that want to provide single-sign-on access to content on a per-user or per-device basis, such as for subscription-based services or corporate training programs.
URL signing is a streaming video security technology that uses cryptographic signatures to verify the authenticity of a URL. By signing the URLs that are used to access the content, businesses and organizations can ensure that the content can only be accessed from a trusted source. This can help to prevent unauthorized access and use of the content, such as deep linking. URL signing is typically based on tokens. If implemented correctly, URL signing can be a very easy and cost-effective technology to prevent access and protect business interests. Especially, compared to the complexity and costly DRM.
AES
AES, or Advanced Encryption Standard, is a type of encryption algorithm that is used to protect media. It is a symmetric key algorithm, which means that the same key is used to encrypt and decrypt the data. AES is considered to be a very secure algorithm. It is widely used in various applications, including in secure communication protocols and for encrypting sensitive data such as your videos and live streams.
AES encryption is similar to DRM. It is used to encrypt digital content from unauthorized access or copying, and issues licenses to manage access per user. However, there are some key differences between the two. For one, AES encryption is a specific type of technology that is used to encrypt data, whereas DRM is a broader term that refers to various technologies and methods that are used to control access to digital content. Additionally, AES encryption is typically used to protect the actual data itself, whereas DRM is often used to control access to the content by encrypting keys or other access controls.
In terms of security, AES encryption is generally considered to be more effective than DRM. This is because AES is more generic and easier to implement, and transparent to users, while DRM is more complex and costly to implement and operate and can frustrate and limit users. It is worth noting that the effectiveness of both AES encryption and DRM depends on how they are implemented. And the specific strengths and weaknesses of each approach can vary depending on the specific use case. For monetized or protected vod streaming and live streaming, AES is a great candidate. On the other hand, DRM gives more control over PVOD and downloadable media.
DRM
DRM, or Digital Rights Management, is a type of technology that is used to control access to digital content. It is typically implemented in order to prevent unauthorized copying or distribution of their content. The most common implementations of DRM involve encrypting the content. Meaning it can only be accessed by authorized users who have the necessary decryption key.
Some common benefits of DRM include protecting the copyright of digital content and preventing piracy. This can help content creators and owners to make a profit from their work. What’s more, it can encourage the production of more high-quality digital content.
On the other hand, DRM can also have some drawbacks. For example, it can make it more difficult for users to access and use the content they have purchased. And it can limit the ways in which they can use it. In some cases, DRM can even prevent users from using the content on certain devices or in certain ways. This can lead to user frustration.
Also, there is no single DRM service that supports all devices. You need Fairplay for Apple, Widevine for Google, and PlayReady for Microsoft. This makes implementing and operating a user-friendly DRM service quite difficult. Therefore, you will need internal expertise and external specialists.
Both DRM and AES can sometimes be circumvented by determined users, such as screen capturing, which can reduce the effectiveness of these technologies. Therefore, sometimes watermarking technologies are used in addition, which can track a copy back to a registered user.
How does Jet-Stream take care of the security of your media?
Jet-Stream is committed to high media security standards to help you protect your media, your privacy, and your business. Jet-Stream Cloud is a secure cloud that is designed with privacy and security first principles. We actively protect your media and your data.
Jet-Stream Cloud and its Multi CDN partners always use SSL-encrypted connections to deliver your media to your audiences. This means that nobody else can see who’s consuming which media. Also, it guarantees that browsers and apps don’t block access to your media.
What do we offer?
Free built-in, codeless, geo-fencing service
Jet-Stream Cloud offers a free built-in, codeless, geo-fencing service. It offers some benefits over other platforms, such as the ability to real-time create and change custom country groups. Moreover, it gives the ability to set multiple countries and group fences per individual video and live stream, in real-time (instead of having to wait hours or days for the setting to propagate).
Built-in token URL signing feature
Jet-Stream Cloud offers a built-in token URL signing feature, that lets you create signed URLs on the fly (without the need for using an API) to manage access per viewer. You decide WHY someone is granted access (user rights, custom geo-fence, login wall or paywall for instance), and we enforce access. In real-time we translate your URL sign key to new URL signed keys to our edge servers and CDNs. So people cannot bypass your website or app, and people cannot bypass our load balancers. Some other benefits are that you can enable locking in real-time per individual video and live stream (instead of per account or per zone).
Real-time access control and geofence management
Both geo-fencing and access control can be managed in real-time per title by hand via the intuitive web interface and automated via the API.
You can set an optional password per video and stream, to override the lock for debugging and testing purposes. Or to have a lightweight easy (codeless) way to manage access to content.
Instead of presenting an ugly error message, you can also upload custom ‘no access’ videos. These will be shown to users outside the geo-fence, and to users without a valid token.
Password protection, geo-fencing and locking can be used in combination too. For instance, you can set a password for a video and set a geo fence, plus lock the video. Even when the password is correct, or a valid token is presented, the geo-fence can still block access to the media. Whether you toggle these services on or off, all your media is always served over encrypted SSL connections. This cannot be switched off.
AES & DRM
Jet-Stream Cloud offers an open architecture and allows you to upload DRM / AES encrypted content and live streams. Thus, providing you with full control over encryption and licensing. Do you need even higher levels of security and don’t want your unencrypted and encrypted media to leave your premises? Integrate your own origin services with Jet-Stream Cloud in a single click. Jet-Stream Cloud will cache the encrypted media from your origins and act as the origin shield for the 3rd party CDNs. You have full control over encryption, storage and licensing.
Encrypted media origins can be password protected, geo-fenced and locked. In other words, you are free to combine all Jet-Stream’s security technologies with your own.
If you are interested in learning more about the media security offered by Jet-Stream Cloud and how it can benefit your business, we encourage you to contact us. Don’t hesitate to get in touch – we look forward to discussing your business case.