Carlos Rocha Gonçalves at Jscrambler on what’s being done to try to keep the pirates at bay.
At last, sport is slowly but surely returning — albeit looking very different to what we all remembered.
The global lockdown has seen OTT streaming services soar in popularity and usage, and the return of the sports we love will arguably have an even greater impact.
However, with the return of sports comes the return of the pirates. For OTT providers, the exposure of premium content to pirates means the loss of potential revenue and a breach of compliance with content rights owners.
Piracy cost pay-TV and OTT providers $9.1 billion in 2019 and it’s expected this cost could reach $12.5 billion by 2024.
As such, security in OTT media services is imperative — not only for safeguarding the company’s revenue but also for securing copyrighted content.
The HTML5 standard, new Web APIs and JavaScript have become the power tools behind modern OTT services.
Providers leveraged these technologies for a faster and more reliable way of delivering online streaming content, as a replacement for Adobe Flash.
But using these modern technologies without due diligence jeopardises the content being transmitted to the user, as well as the user itself.
When developing a web application for an OTT service, providers must consider how the media content is being protected from theft during transmission and when it reaches the client-side.
Digital Rights Management (DRM)
With its successful adoption in industries like video games and music, DRM is the de-facto anti-piracy layer in OTT streaming, as it protects premium content from being accessed by unauthorised users.
In the context of web players, this is achieved in three steps: encryption, licensing and decryption. In the context of web streaming, the Encrypted Media Extension API allows the client to securely interact with the licensing server before the actual decryption comes into place.
Watermarking
As powerful as DRM is, it’s not a catch-all solution to solve piracy. Notably, it doesn’t offer any additional protection after the content is decrypted — a user can still find ways to capture the streamed content and illegally distribute it.
To fight this, providers use forensic watermarking. This technique embeds a visually imperceptible mark containing metadata inside the digital content.
This metadata usually includes the user ID, device ID, and IP address.
As a result, when that content is leaked and found in the wild (piracy websites), the analysis of the watermark allows the provider to track down the origin of the leak and stop that source of piracy.
Advanced watermarking solutions are built specifically for live sports, enabling providers to do this whole process within a couple of minutes.
Security exploits in web streaming
Forensic watermarking is rapidly growing in adoption and becoming a standard much like DRM has.
However, a lesser-known security exploit allows attackers to bypass watermarking and leak content with no traceability: code tampering.
Because modern watermarking implementations are done at the client-side, attackers can tamper with the exposed code of the watermarking agent and bypass it — effectively removing the watermark.
To address this, providers must protect the JavaScript source code of the agent with anti-tampering capabilities.
As we see live sports making their long-awaited comeback, OTT providers will face this immense challenge of fighting tag-along pirates. Here, proven technologies like DRM, watermarking and JavaScript protection will be key to fend pirates off.
Carlos Rocha Gonçalves is head of marketing and sales at Jscrambler.