OTT Streaming Security Checklist

Working Group:

Security

In Collaboration With:

Project Status:

Completed

The project has been completed.

Start:

February 8, 2023

Target End:

August 31, 2023
  • Home
  • OTT Streaming Security Checklist

Problem Statement

This project will create an end-to-end security checklist that an OTT provider, vendor and programmer can reference as they seek to improve content protection.

Project Description

This working group has written two papers, “Securing Video Streaming” and “Securing Video Player” where both papers provide examples of vulnerabilities and best practices to address them. While those papers are educational and informative, it does not provide an end-to-end view of what OTT service providers should consider. As more direct-to-consumer OTT apps are making its way to the marketplace, it will be helpful to provide a checklist in one place that a newcomer can reference which contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way during the design/architecture phase. This will also provide an understanding of potential security risk when certain security options are foregone. The content will cover all aspects of an OTT service – Password policy, geo-location, DRM, concurrency management, etc.

Project Type

Document

Project Leads

Brian Paxton

Kei Foo

Advisors

Brian Paxton

Published Documents

Version: 1.0

Date Plublished: 03/28/2024

More Details

Add to Basket

SVTA5056: OTT Streaming Security Checklist

As more direct-to-consumer Over-the-Top (OTT) apps are making their way to the marketplace, it is helpful to provide a single checklist that contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way, from design and architecture, to development and test, and finally to live operation. This will also provide an understanding of potential security risks that may be presented when certain security options are foregone.

This document provides an end-to-end security checklist that an OTT service provider, technology vendor, and service developer can reference as they seek to improve content protection on OTT streaming services.

Goals and Objectives

  • It is a list of the common controls used in streaming services. “That’s a good idea – I should explore further.”
  • It is not mandatory. The checklist simply lists controls in common use. Operator requirements will vary.
  • It will focus more on consumer content streaming rather than other areas – IT/cloud/content handling/etc.
  • It may span both product and technical controls.
  • It will include a simple description for each control.
  • It will include detailed controls where it adds value, but we will generally aim for coverage rather than depth.
  • It will include notes to give additional information where required. (e.g. this control protects against xyz).
  • It will avoid configuration or implementation information.

Project Scope

Below are topics that the Project will address:
  • Registration
  • User Management (Login, etc)
  • Playback Control
  • Geo-Restriction
  • CDN
  • DRM
  • Usage Rules (Concurrency limits, etc)
  • Watermarking
Below are areas that are out of scope:
  • IT
  • Application
  • Data Center
  • Cloud
  • Operational Processes (Non-streaming specific)

Contributors

The following members have contributed to this project. Click on their name to visit their profile. If they have not published their profile, the link will redirect to their LinkedIn profile.

Brian Paxton

Kei Foo

Rodrigo Fernandes

Additional References

SVTA Publication – Securing Streaming Video SVTA Publication – Forensic Watermarking Implementation Considerations for Streaming Media SVTA Publication – Securing Media Players

Presentations

The following presentations delivered during Security working group sessions may provide additional information about this project.

Get Notified!

Want to get notified when we publish a new blog post, technical document, webinar, or other piece of content? Just enter your email address below. Don’t worry, we won’t share your email with anyone and will only use it to notify you of new content.

Close

Have A Question ABout Membership?

Schedule A Meeting

Send An Email

Don’t want to schedule a face-to-face meeting just now? No problem. Simply send your membership question to info@streamingvideoalliance.org or fill out the form below and someone will get back to you as soon as possible.

"*" indicates required fields

Name*
Email*
This field is hidden when viewing the form