OTT Streaming Security Checklist

Privacy and Protection

Project Status:

(roll over for info)

Write

The working group is currently writing the document. This is a collaborative approach using Google Docs.

Start:

February 8, 2023

Estimated Completion:

August 31, 2023
  • Home
  • OTT Streaming Security Checklist

Problem Statement

This project will create an end-to-end security checklist that an OTT provider, vendor and programmer can reference as they seek to improve content protection.

Project Description

This working group has written two papers, “Securing Video Streaming” and “Securing Video Player” where both papers provide examples of vulnerabilities and best practices to address them. While those papers are educational and informative, it does not provide an end-to-end view of what OTT service providers should consider. As more direct-to-consumer OTT apps are making its way to the marketplace, it will be helpful to provide a checklist in one place that a newcomer can reference which contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way during the design/architecture phase. This will also provide an understanding of potential security risk when certain security options are foregone. The content will cover all aspects of an OTT service – Password policy, geo-location, DRM, concurrency management, etc.

Project Type

Document

Project Leads

Brian Paxton

Kei Foo

Advisors

Brian Paxton

Draft Documents

Estimated Publication Date: Q3 2023

More Details

(DRAFT) SVTA5056: OTT Streaming Security Checklist

This working group has written two papers, “Securing Video Streaming” and “Securing Video Player” where both papers provide examples of vulnerabilities and best practices to address them. While those papers are educational and informative, it does not provide an end-to-end view of what OTT service providers should consider. As more direct-to-consumer OTT apps are making its way to the marketplace, it will be helpful to provide a checklist in one place that a newcomer can reference which contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way during the design/architecture phase. This will also provide an understanding of potential security risk when certain security options are foregone. The content will cover all aspects of an OTT service – Password policy, geo-location, DRM, concurrency management, etc.


Goals and Objectives

  • It is a list of the common controls used in streaming services. “That’s a good idea – I should explore further.”
  • It is not mandatory. The checklist simply lists controls in common use. Operator requirements will vary.
  • It will focus more on consumer content streaming rather than other areas – IT/cloud/content handling/etc.
  • It may span both product and technical controls.
  • It will include a simple description for each control.
  • It will include detailed controls where it adds value, but we will generally aim for coverage rather than depth.
  • It will include notes to give additional information where required. (e.g. this control protects against xyz).
  • It will avoid configuration or implementation information.

Project Scope

Below are topics that the Project will address:
  • Registration
  • User Management (Login, etc)
  • Playback Control
  • Geo-Restriction
  • CDN
  • DRM
  • Usage Rules (Concurrency limits, etc)
  • Watermarking
Below are areas that are out of scope:
  • IT
  • Application
  • Data Center
  • Cloud
  • Operational Processes (Non-streaming specific)

Contributors

The following members have contributed to this project. Click on their name to visit their profile. If they have not published their profile, the link will redirect to their LinkedIn profile.

Additional References

SVTA Publication – Securing Streaming Video SVTA Publication – Forensic Watermarking Implementation Considerations for Streaming Media SVTA Publication – Securing Media Players

Presentations

The following presentations delivered during Privacy and Protection working group sessions may provide additional information about this project.

Get Notified!

Want to get notified when we publish a new blog post, technical document, webinar, or other piece of content? Just enter your email address below. Don’t worry, we won’t share your email with anyone and will only use it to notify you of new content.

Resources

Legal

Other Sites

Making Streaming Video Better

The Streaming Video Technology Alliance is committed to bringing video streaming companies together to help build a better viewer experience at scale.

© 2015-2023 The Streaming Video Technology Alliance (SVTA).

Twitter Vimeo Linkedin