guido hettema (akamai) | tu - hack & attacks
TRANSCRIPT
Media Security Solutions Overview
Guido Hettema, Service Line Manager Benelux
©2014 AKAMAI | FASTER FORWARDTM
Market Dynamics
• Market Dynamics
– Content owners demand security requirements for premium content to broadcasters and
distributors
• Two types often used:
– Transport encryption (streaming) – (SSL/TLS)
– Digital rights management (DRM) (Offline) – expensive, complex, overkill for streaming
only.
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
So what should we look out for ?
©2014 AKAMAI | FASTER FORWARDTM
Common vulnerabilities
• Link Sharing - Unauthorized users obtain access to premium/paid content, bypassing a
retailer's business model.
• Deep Linking – A hacker decompiles the player and posts hidden links to his own site in
order to monetize the content.
• Player Hijacking – Theft of the player, followed by copying it to a different website,
thereby bypassing attributions to the origin site.
• Stream Ripping - Theft of the actual content from the stream while it is being delivered
to client systems.
• Stealing from Cache - Theft of the content from a browser, player cache or disk.
• Content Tampering - Modification of the actual content (e.g., replacing/injecting
unwanted advertisements into the stream).
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
How do we secure Live and
On Demand content ?
©2014 AKAMAI | FASTER FORWARDTM
Secure HD
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.Token Auth
©2014 AKAMAI | FASTER FORWARDTM
Token Auth Workflow
“SecureHD’s Token Authorization
security mechanism can be used
to provide
a hybrid token scheme in which a
combination of a short TTL URL
token and a long TTL cookiebased
token is used”
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.Player Verification
©2014 AKAMAI | FASTER FORWARDTM
Player Verification
“HDS dynamic streaming
workflow using
HD Player Verification security
mechanism.”
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.Media Encryption
©2014 AKAMAI | FASTER FORWARDTM
Media Encryption
• Content is encrypted in transit and at
rest
• Limits the content breach by using
unique encryption key per session
• Multi-factor decryption mechanism for
stronger security
• Supports message integrity to detect
content tempering
• Provides breach response
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.Content Targeting
©2014 AKAMAI | FASTER FORWARDTM
Content targeting
“Based on the Akamai
EdgeScape service, SecureHD’s
Content Targeting protects
against content access in specific
geographic areas. At a standard
level of service, EdgeScape
provides geo-based protection
based on continent, country, or
region within an individual
country.”
Looking up the end user’s IP address in
Akamai’s EdgeScape Database.
Akamai Edge Server Side Implementation
Origin Server-Side Implementation
2 ways to do it:
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.Summary
©2014 AKAMAI | FASTER FORWARDTM
Summary
©2014 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.Thank you !
©2014 AKAMAI | FASTER FORWARDTM