Our blog post – “Video Encryption – How to Secure Your Digital Content” – we covered the basics of the vulnerabilities video content is susceptible to, and available encryption techniques. With the increasing prevalence of streaming video content, a more in-depth look is now in order.
Streaming video is widely used in online education, from universities to specialty schools. Because such organizations charge tuition, videos that are used in the curriculum are school property – and as such, need to be kept out of the hands of non-students either looking for free instruction or to copy the streaming video and sell it for their own profit. The same applies to corporate training videos and webinars, which can give competitors an advantage if they gain access. And did we mention gaming?
But first, the bad news. There is no way to prevent someone with the determination and skills to access your streaming video from doing so. If videos can be accessed and viewed online, they can be stolen. The best you can do is add protective technology to make your streaming videos more difficult to steal. It’s basically the rationale that law enforcement agencies use when telling people to secure the doors to their home with more than the just the handle lock. Additional measures such as deadbolts and a security system will act as sufficient deterrents for most burglars, who’ll tend to pass up more secure homes for one that’s easier to enter.
What is video encryption?
“At its essence, video encryption is the process of hiding video from unintended audiences. When working appropriately, it protects data so that it’s watched and accessed just by intended parties. Usually this goes hand-in-hand with other methods to restrict access to content, be it password protection to just placing an embed restricted version of the asset to your site. This is done through encrypting the asset in some manner in order to prevent snooping attacks where access to video could be compromised through a network tap and sniffer technologies.
“It can also include encrypting stored content, going as far as to protect assets in the event of a physical hard drive or database being compromised on location.
“There are a couple of different ways to encrypt content, and several different states that data can be in as well. For the topic of video storage, the common state for these assets is data at rest and also data in transit during delivery to an end viewer.”
What is data at rest?
Very briefly, data at rest is essentially information or assets that aren’t moving through a network. This includes content stored locally, like a video saved on a laptop, and assets that might be saved on databases.
What is data in transit?
Data in transit is information flowing over a network. In the context of video, it’s the delivery of video to an endpoint for playback. It is different from data in use, which is data that might be in the process of being generated, updated or removed.
So, how can you best protect streaming video from being stolen?
When it comes to encrypting video data at rest or in transit, one solution is by using the Advanced Encryption Standard (AES) – a symmetric block cipher that can be implemented in software, hardware and other processes to encrypt sensitive data. It’s the successor to DES (Data Encryption Standard), developed by researchers at IBM in the early 1970s.
How does AES work?
To safeguard assets, AES takes a key and some data (plaintext) as an input and then transforms that into something random, known as ciphertext. This can be anything from part of a document to part of a video asset. Now to get something meaningful out of that ciphertext, AES and the same key used to transform it are required to turn it back into plaintext.
In relation to video in transit specifically, the content is encrypted in a way so that access requires being decoded by authorized players in browsers where the stream is delivered using HTTPS (HTTP over SSL/TLS). This is done through symmetric-key algorithm, which again requires the same key to be used for both encrypting and decrypting the data to get something meaningful from it.
The key is actually a number, and functions as a security method because of the huge amount of different combinations that it could be. The number of combinations depends on what key length or size is used: 128, 192 or 256 bits. The naming conventions relate to each key’s potential number of combinations.
Using a true streaming server provides even greater protection. The big advantage here is that the file is not actually downloaded to the user’s computer – it is seen only as a real-time stream and there is no file left on the user’s hard drive.
A streaming media or streaming video server is a specialized application which runs on an internet server. This is often referred to as “true streaming”, since other methods only simulate streaming.
True streaming has advantages such as:
• Handling much larger traffic loads.
• Detecting users’ connection speeds and supply appropriate files automatically.
• Broadcasting live events.
There are two ways to have access to a streaming server:
• Operate you own server (by purchasing or leasing)
• Sign up for a hosted streaming plan with an ISP (Internet Service Provider)
However, Media College warns that true video streaming in any form can be an expensive business. Unless you really have a need for it, you are probably better off starting with basic HTTP streaming.
Obviously, regardless of the solution you consider, streaming video encryption is not a DIY project. DocuServe provides robust data encryption solutions for a wide variety of industries. Learn about all we offer, then contact us to keep your intellectual property secure.