Beyond DRM: Completing the Content Protection Story (part 2 of 3)

Last time, we recognised video piracy as an expensive risk for video providers, and showed that once the content has arrived at its intended legitimate destination, the traditional video security techniques of Conditional Access and DRM can do nothing to stop it from being redistributed by entities that have no rights to do so.

The security shortcoming stems from the fact that only the legitimate path from origination to the point of consumption is being secured.

Credential management as an access management tool

Today’s video services are protected by a ‘front door’ that challenges the consumer to provide access credentials in the form of a user ID and a password, before being admitted to access the service.

In the days of traditional set-top boxes, before streaming services, credential sharing outside the home was relatively pointless for legitimate access. You had to be in the home, in the presence of a set-top box that was paired with the credentials, in order to gain access. But with
streaming, where the consumer can be anywhere, credential abuse has become commonplace.

Password sharing, and consumer video account abuse have captured the video industry’s attention in recent months and years, but, like DRM, the management of credential abuse and credential theft don’t help reduce the distribution of content once it has escaped the boundaries of a video service.

Identifying video content that has been discovered out-of-bounds

To protect the value of premium video content outside of these legitimate service boundaries, the video itself needs to be identified in a way that confirms its outermost point of legitimate use. Once that is known, infringing users and industrial-scale pirates can be identified.

To fill these gaps in protection not covered by DRM or CA, video providers can embed information into the video payload itself, which can occur at the origin, in the CDN during distribution or within the player device. Forensic watermarking has emerged as a preferred technique.

Payload information contained within the watermark can include the device IP address, session details, subscriber identifier, or other information.

While consumers can’t see the watermarks, automated analysis can. Let’s look at two watermarking methods that are common for IP streaming.

About server-side, or A/B variant watermarking

One technique, called A/B variant watermarking, is performed within the service provider’s facilities, “upstream” from the ultimate consumer at the video provider’s headend, or in the distribution network.

A/B variant replicates every streaming session into “A” and “B” streams, each of which receive a different watermark (Figure 1). These streams are then broken up into segments which are then combined into a single stream containing a unique combination of A and B segments, so that no two users receive the same sequence.

Figure 1: Combining two sets of watermarked video

Source: Friend MTS. Image source: frames from (CC) Blender Foundation | mango.blender.org

While this appears to be a clever approach, A/B variant watermarking is resource-intensive and therefore costly. Each video source (every live video channel, for example) must be encoded twice and distributed simultaneously, meaning that the video provider needs two sets of
encoders, and sufficient storage and origination resources to accommodate the two sets of streams.

A/B variant watermarking creates several challenges. One is to ensure that the A and B segments can’t be discerned when they are received for playback. Another is that A/B variant watermarking can be defeated via several forms of man-in-the-middle attacks. There are also
challenges with how A/B variant watermarking would work in low latency live streaming situations.

In summary, A/B variant watermarking is costly to implement, not robust, and is not widely deployed, which may be perceived as risky.

About client-composited watermarking

An alternative to A/B variant watermarking is client-composited watermarking, where the watermarking process occurs within the consumer device. The embedded player implements a software library that is used to access a database that replies with a unique identifier. The watermark payload is converted into a pattern, similar in concept to a QR code, and then composited over the video.

Figure 2: Watermark is composited with the video frame

Source: Friend MTS. Image source: frames from (CC) Blender Foundation | mango.blender.org

The client-composited watermarking approach has multiple benefits that make it preferable to the A/B variant approach.

One benefit is the time to detection, which can be as little as a few seconds.

In A/B variant watermarking of HLS-encoded adaptive bit-rate streams, using six-second segments, the amount of time necessary to cycle through the segments and positively identify the session could take as much as seven minutes. If segments were two seconds long, it’s still
about 2 ½ minutes. This makes the A/B variant approach ineffective for live sporting events where a match or a race could be over by the time the infringing user has been identified.

Another benefit is low cost.

Unlike A/B variant watermarking, there is no need to implement two sets of video processing, storage and origination resources. Another benefit of client-composited watermarking is that the watermark generation and compositing processes reside at the consumer device (at the ‘client side’), using software. The process requires no hardware modification.

And finally, this process works equally well with live and on-demand services.

So far, we’ve talked about how DRM falls short in fully protecting video content. We’ve also identified video watermarking as a way to fill these gaps, justifying client-composited watermarking as a preferred approach. In the next instalment, we’ll talk about how the source of infringing use can be identified and managed.

 

Friend MTS, a leading global provider of content protection services, is dedicated to innovation in platform security in the anti-piracy space in entertainment media. With advanced, proprietary digital security technologies developed to detect, deter and disrupt piracy on broadcast and streaming platforms, Friend MTS enables pay-TV operators, rights holders and broadcasters to protect premium live content, events and on-demand entertainment programming from illegal redistribution. From fingerprinting and watermarking to advanced subscriber identification, Friend MTS delivers highly-effective solutions to combat content theft and safeguard revenue worldwide.

For more information, visit www.friendmts.com, follow us on LinkedIn and Twitter.

About the author

Steven Hawley

Founder & Managing Director

Piracy Monitor

Diagrams sourced through Friend MTS

Piracy is a huge business. The US Department of Commerce estimated [1] that the US economy suffers at least $29.2 [...]

Get in Touch

Talk with one of our experts for more information or a demo.

Please enter your enquiry here:

* indicates mandatory field

Friend MTS Limited
Eleven Brindleyplace, 2 Brunswick Square
Birmingham
B1 2LP
United Kingdom

UK: +44 121 633 2000
USA: +1 303-902-2209