Want to hide your videos from prying eyes? You have three options:
- Cloak it (Protect it)
- Encrypt it
- Do both
In essence, protection of video looks like this:
Encryption deals with the masking or manipulation of data. Protection deals with protecting the file via passwords, codecs, container formats, and so on, so that others don’t have access to the data inside. If you don’t understand the difference between a file and data, read Data, File Code and Software.
The third way is to do both, which gives you the best of all worlds. When people use the word encryption, they might mean encryption, encoding, protection or all of these in various permutations and combinations.
Because the technologies underlying these methods are complex and overlap more often than not, when I say encryption from here on, I mean securing your data on every level possible. In other words, both.
What is video encryption?
Video encryption is simply the process of hiding your video from prying eyes. There are two major reasons to do this:
- Digital Rights Management (DRM)
Personal encryption is when you create a video and want to share it with your clients, friends, family, etc., or just store it for archival purposes – but don’t want any unauthorized person to see it. It’s a simple concept. Most of us understand personal privacy.
Digital Rights Management is the same thing, except you have layers of complexity for:
- Different video streams (qualitative and quantitative) for different price brackets
- Region-specific video
- Media/Device-specific video
- Software-specific video
- Adaptive streaming
What’s the fundamental difference between the two? In simple words, personal encryption blocks out everyone, except the intended recipient; while DRM blocks out people temporarily or permanently, in a fluid situation, unaided by humans, based on a set of rules. Let’s take a brief look at some of these rules.
Different qualitative and quantitative streams for different price brackets
If you pay more, you get 4K. Pay the lowest, and you might only get SD. This affects the physical data rate of the stream, which affects resolution, hence ‘quality’, therefore I call it qualitative.
On the other hand, if you pay more, you get more channels (or more videos), and this is quantitative. The idea is to ensure people only get what they pay for, and nothing more.
Premiering in one place exclusively? Then you don’t want any other country to see it first. Want to control the market and distribution (like they tried for DVD and failed)? Or, are you barred by law to show certain videos in certain places? Then, you need region-specific management of your video.
You can’t play Blu-rays on a DVD or CD-ROM reader. The point is, create a media or system that is exclusive by itself (Apple TV, Amazon Kindle, iTunes, etc.), so that devices that don’t conform to it can’t play it.
Some NLEs refuse to play certain codecs, either because the Operating System doesn’t support it or because they have to pay a license for it. Licensing of codecs is one instance of how manufacturers control its usage.
I’ve already covered this here. Basically it means the stream dynamically changes its bit rate, resolution, etc., based on the speed of the Internet and/or other factors.
Things to look out for before committing to a video encryption standard
It’s easy to go by just theory or marketing hype when trying to protect your video. But there are a few major roadblocks:
- Not everyone has the same device, so multiple encryption methods will need to be used.
- No matter what you encrypt, it is liable to be decrypted by a smart kid with a computer. To avoid this, you will try to encrypt with larger bit depths, and that’ll increase the cost and inconvenience to the end user.
- Technologies change fast. If something is encrypted today, and five years down the line if the technology becomes obselete, who will dig up all the files to re-encode them? If you don’t, they will be unreadable in the future.
- This means, you must maintain one unencrypted version of your video somewhere, and archive it in a secure and safe place.
- You are tied to the licensing you purchase. Tomorrow, if something new and better comes along, or if some kid hacks your expensive encryption service, you will have to start from scratch.
How a video is protected on the Internet
If you dared to take a peek, you’d find the following chain of events behind every DRM system:
- Video is encoded into an encryption standard (more later). (E)
- It is stored in a secure server that not everyone can access. (P)
- One must login to the server with an email and password to access the video. (P)
- The video is transferred via a secure socket to the user’s computer. (P)
- The user will watch the video on an open browser or player that decrypts the video in real-time. (E)
- The browser or player will disallow unauthorized access to other software trying to ‘take a peek’ or record its stream. (P)
- The browser or player will stop the Operating System from storing the video in any physical memory within the user’s computer. (P)
- Once the video has finished playing, the secure connection is terminated. (P)
- Data (of every kind imaginable) from the user passes on to the content provider for statistical research and targeted marketing. Of course, using this information, it can track down the source of any ‘leakage’. (P)
- If the video is downloaded somehow, the encryption ensures it will not play (or should not play) on commonly available media players. (E)
E is the ‘Encryption’ part, and P is the ‘Protection’ part. It’s all encryption generically, but I wanted to show why it is so.
The paying customer doesn’t care. All they have to do is pay (made easy with single click transactions), login and watch. How does all this stop the wannabe pirate? A few challenges:
- The pirate must have enough knowledge to break the encryption.
- He/she must pay to obtain a high-quality stream in the first place.
- This means, the server has information about his or her identity, along with data on his or her activities. If the pirate does this often, there will also be statistical data that is tough to refute in a court of law.
- He or she must encode the encrypted stream using software to obtain a commonly-accessible format. This will reduce the quality of the source, or increase its file size.
- An increase in file size means the pirate will have to spend more to upload the data back into the Internet.
- Algorithms in the cloud can use the uploaded source and compare it to the stream to find out correlations between the two.
- All this takes time and effort, not to mention money.
This looks formidable, except when you change the word ‘pirate’ to ‘content producer’. You see, ensuring this much level of protection is no child’s play, and it costs a lot of money and expertise to set up such a system. The content developer or distributor must have full access to the technology, otherwise it might find itself unable to read its own files in the future! It would seem that, in the long run, DRM hurts everybody.
So, who will win? Who knows?
As content producers we have a vested interest in keeping data safe and secure, and getting our due for all the hard work we put in. Manufacturers and software developers are already making the decisions for you. Encryption and protection will always be necessary. The question you have to ask is: Which option do I choose?
What are the available options for video encryption currently?
There are two situations here:
- Video at rest
- Video in motion (streaming)
For videos downloaded to play back at a later date, or videos residing on hard drives, some options are:
- Apple FairPlay – for videos downloaded from iTunes
- Windows Protected Media Path (PMP)
- Google Widevine
- AES (128, 192, 256)
For streaming videos, some options are:
- RTMP(E) and RTMFP, by Adobe (based on Flash)
- The coming HTML5 DRM standard (which might never come!)
Side note: Apple HLS does not have DRM.
Probably the most robust of all the above systems is AES-128 (which is good enough for ‘secret’ classifed information according to the US government. ‘Top secret’ needs a 256-bit AES). Such a protocol is implemented by the Wowza streaming service, which allows the content provider to encrypt HLS streams with AES-128.
If you’ve read Understanding Wireless Video Production, you’ll have noticed that several wireless video systems have either AES-128 or AES-256 encryption to prevent data theft. Google has started to encrypt all its data to AES-128 to keep away snoopers. They go even further. They encrypt the AES-128 key, and also encrypt that key with a master key!
How do you go about encrypting your videos with AES? Try AESCrypt (256 bit), it’s free and available on many platforms. If you want a more familiar name, WinZip can archive to both AES-128 and AES-256, but it starts at $30.
Should you care?
A little. On the one hand nobody really interferes in the content creation phase. It’s only in the distribution of video that problems arise. If you have hosted videos on your own site under password protected web pages, you should be okay for most video work.
At its simplest level, it works like this:
- You encrypt your video with AES and upload it to your server.
- Recipient downloads the file from the server via FTP or a secure port.
- Recipient decrypts the file using the same software, with a password.
- The video can be played back on his or her computer on most video players.
However, if you’re making a video intended to be seen by millions, and are ready to make an investment to achieve this end, the choice of the right video encryption specification is critical. In this case it would be better to work with your streaming service provider for the best options. Hey, you’re paying them good money. Let them deal with the mess.
What do you think? Worth the trouble?