Keeping OTT Content Secure: SSL, CDNs, and Encryption

As the industry tackles piracy concerns, we explore the roles played by SSL, CDNs, and encryption.

For decades, cable was the king of premium content delivery.

This all changed with the introduction of broadband internet in the late 1990s and technological breakthroughs like DCT compression. For the first time, it became possible to transmit video content over the top.

With the quick proliferation of high-speed Internet access, a major market opportunity was born: OTT services.

Today, we have 4.5 billion Internet users, most of whom now have all the hardware and software required to instantly stream high-quality media over the top. Browsers became one of the preferred forms of media playback for consumers, and even today, around 40% of OTT subscribers still use a computer to stream content.

This global change is tied-in with the growth we saw in recent years behind some SVOD services such as Netflix, YouTube, Amazon Video, and, more recently, Disney+. And even though almost half of U.S. households still have a traditional TV subscription, OTT services are growing fast.

In 2017, OTT services cumulatively generated revenue of around $97.5B and some estimations estimate this will grow to $332.5B by 2025.

As we surpass 600 million OTT users globally, the industry encounters new hurdles.

One such hurdle and a key threat to revenue and business sustainability in OTT is piracy. By leaking premium content to piracy platforms, attackers directly compromise the revenue of OTT services.

The exposure of premium content also means a breach of compliance with content rights owners. These owners trust OTT stream providers to ensure that their copyrighted content is kept secure. Exposed content might lead to legal charges against the OTT provider. These and other types of attacks cost pay-TV and OTT providers $9.1 billion in 2019, and it is expected that this cost will reach $12.5 billion by 2024.

To reduce their exposure to piracy, OTT providers employ a series of security layers. In this article, we'll explore the role of HTTPS and CDNs.

Delivering Web Content To The User

OTT providers rely on Content Delivery Networks (CDNs) to reduce latency (and increase the user experience) when delivering content to their users.

Unlike the web server, CDNs are spread out around the globe, which means they will be closer to the end-user.

This will help in delivering content faster, as the content will usually be cached or pre-fetched from the main server, preventing the user from having to connect directly to it. It will also help on live broadcasts, as the content producer will not have to broadcast its content to every individual user but instead will broadcast to several CDNs, which will, in turn, help deliver the content to the clients.

Traditionally, HTTPS has been a common approach to increasing the integrity and security of web content.

In a nutshell, HTTPS confirms to the user that he or she is connecting to the expected server while ensuring that the communication between them is encrypted, preventing Man-in-the-Middle (MITM) Attacks.

When applied to the problem of delivering copyrighted content to clients, HTTPS is not the right tool for the job.

Since CDNs typically don’t belong to the content providers, their own SSL/TLS certificates used for establishing HTTPS connections can't be used. As such, the content is delivered in plain HTTP to end-users or in HTTPS, but using the CDN’s certificates.

And even if it were feasible for OTT providers to use the HTTPS protocol to deliver their content efficiently, the content would only be protected during the transmission.

After the content reaches the client-side of the browser, HTTPS grants no protection to prevent attackers from leaking transmitted content without it being known to the OTT provider.

So far, we have explained the current landscape for OTT content delivery and the main security issues it faces.

Security Approaches to Secure OTT Content

Thankfully, there are several approaches to help minimize these security issues. These approaches can be based on authentication tokens, DRM systems, watermarking techniques, JavaScript/HTML5 protection, and webpage monitoring.

In this series of blog posts, we will explore the advantages and pitfalls of each approach to securing OTT content.

Read the next part, where we will explore authentication tokens and DRM systems.

For an in-depth analysis of security in OTT media delivery, read our free white paper about protecting intellectual property in OTT media delivery.