About one year ago, I informed you that the final draft of my book was sent to Springer, my editor. Today, a new step: after several copy edit rounds, the text is final. We enter now the final stage: layout and printing. In other words, the book should be now soon available in the stores (before end of this quarter).
The book will have inserts entitled “Devil’s in the Details”. These short sections will deeply dive in some naughty details highlighting the difference between theoretical schemes and actual robust security. For instance, you will learn some details on the Black Sunday, or on how AACS was hacked.
I will keep you informed about the next steps.
Brightcove proposes an interesting whitepaper describing the spectrum of solutions available to secure video. The section describing the security spectrum is a good high-level introduction to the existing problems. It tackles:
- Unlimited access
- Watermarking (both visible burn-in and invisible forensics watermark)
- Geo-restriction; you limit the geographical zone where your content may be viewed. This is why non-US residents cannot access the free episodes on sites such as ABC
- Domain restriction
- IP restriction
- RTMPE for protecting video during transfer
- Protected page; the usual restriction by an access control to the web page
- SWF restriction; this is a characteristics of Flash Access, Adobe’s DRM, where you can define the list of AIR players allowed to access a content
- Anonymous DRM; using a dedicated mode of Flash Access
- Advanced DRM; using more complex features of Flash Access
- Secure HLS; the format defined by Apple to securely stream content to an iOS device.
- User authentication
The beginning of the list is well done. They are generic enough to be able to extrapolate to other solutions than the ones proposed by Brightcove. The last ones (in italic in this post) are very specific either to a solution, or to the offer of Brightcove. They are mostly based on the use of Adobe Flash Access for non-Apple devices, and HLS for Apple devices.
The last section, Security across channels, is not focusing on security challenges in the different environments and may be confusing for the non-specialists.
The document is available here and requires registration.