OTT Streaming CDN Security Best Practices

Security

Project Status:

(roll over for info)

Write

The working group is currently writing the document. This is a collaborative approach using Google Docs.

Start:

February 28, 2023

Estimated Completion:

April 30, 2024
  • Home
  • OTT Streaming CDN Security Best Practices

Problem Statement

Streaming operators are under constant attack from those who wish to gain unauthorized access to content, steal content, or harm the streaming operator in some way. The streaming operator CDN is one of the targets for some of these attacks. This “OTT Streaming CDN Security Best Practice” whitepaper will provide streaming operators with the information they need to appropriately secure their CDN against these attacks.

Project Description

A Content Delivery Network (CDN) is a distributed network of servers used for the delivery of assets to consumer devices. In the context of streaming services, CDNs are responsible for delivering manifest files, media content, and static files efficiently. CDNs are designed to handle the high-volume streaming of these assets across extensive geographic areas. A range of documentation is available on-line to guide OTT (Over-The-Top) streaming operators in optimizing their CDNs for enhanced content delivery to users. This involves minimizing startup delays, rebuffering events and efficiently managing operational expenses. However, limited information is available for streaming operators wishing to protect their assets and CDN from abuse. This document provides descriptions of some of the known attacks of today and best practice guidance for OTT streaming services to secure their CDN and assets.

Project Type

Document

Project Leads

Brian Paxton

Kei Foo

Suzy Lopez

Advisors

Brian Paxton

Draft Documents

Estimated Publication Date: Q2 2024

More Details

(DRAFT) SVTA5062: OTT Streaming CDN Security Best Practices

A Content Delivery Network (CDN) is a distributed network of servers used for the delivery of assets to consumer devices. In the context of streaming services, CDNs are responsible for delivering manifest files, media content, and static files efficiently. CDNs are designed to handle the high-volume streaming of these assets across extensive geographic areas. A range of documentation is available on-line to guide OTT (Over-The-Top) streaming operators in optimizing their CDNs for enhanced content delivery to users. This involves minimizing startup delays, rebuffering events and efficiently managing operational expenses. However, limited information is available for streaming operators wishing to protect their assets and CDN from abuse. This document provides descriptions of some of the known attacks of today and best practice guidance for OTT streaming services to secure their CDN and assets.


Goals and Objectives

  • Provide an overview of contemporary piracy attacks and how they can impact operational efficiency and distribution expenses.
  • Document the best practices to improve security of the CDN for streaming applications.
  • Describe methods for ensuring the security of the playback and DRM license requests.

Project Scope

This document WILL provide best practice for OTT streaming operators in the following areas:
  • Securing playback requests (Brief coverage only)
  • Securing DRM license requests (Brief coverage only)
  • Management of CDN content.
  • Protecting CDN content from unauthorized access.
  • Protecting the CDN from abuse.
  • Best practice for multi-CDN operators, logging, and forensic watermarking.
This document WILL NOT provide best practice for:
  • End-to-end security best practice for OTT streaming services.
  • CDN performance.
  • CDN availability (load-balancing/failover).
  • Non-OTT streaming applications.

Contributors

The following members have contributed to this project. Click on their name to visit their profile. If they have not published their profile, the link will redirect to their LinkedIn profile.

Additional References

“OTT Streaming Security Checklist” from SVTA Privacy WG (currently in final review).

Presentations

The following presentations delivered during Security working group sessions may provide additional information about this project.

Get Notified!

Want to get notified when we publish a new blog post, technical document, webinar, or other piece of content? Just enter your email address below. Don’t worry, we won’t share your email with anyone and will only use it to notify you of new content.

Resources

Legal

Other Sites

Making Streaming Video Better

The Streaming Video Technology Alliance is committed to bringing video streaming companies together to help build a better viewer experience at scale.

© The Streaming Video Technology Alliance (SVTA).

Twitter Vimeo Linkedin
Close

Have A Question ABout Membership?

Schedule A Meeting

Send An Email

Don’t want to schedule a face-to-face meeting just now? No problem. Simply send your membership question to info@streamingvideoalliance.org or fill out the form below and someone will get back to you as soon as possible.

"*" indicates required fields

Name*
Email*
Hidden