OTT Streaming Security Checklist

Project Status:

(roll over for info)

Completed

The project has been completed.

Start:

February 8, 2023

Estimated Completion:

August 31, 2023
  • Home
  • OTT Streaming Security Checklist

Problem Statement

This project will create an end-to-end security checklist that an OTT provider, vendor and programmer can reference as they seek to improve content protection.

Project Description

This working group has written two papers, “Securing Video Streaming” and “Securing Video Player” where both papers provide examples of vulnerabilities and best practices to address them. While those papers are educational and informative, it does not provide an end-to-end view of what OTT service providers should consider. As more direct-to-consumer OTT apps are making its way to the marketplace, it will be helpful to provide a checklist in one place that a newcomer can reference which contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way during the design/architecture phase. This will also provide an understanding of potential security risk when certain security options are foregone. The content will cover all aspects of an OTT service – Password policy, geo-location, DRM, concurrency management, etc.

Project Type

Document

Project Leads

Advisors

Published Documents

Version: 1.0

Date Plublished: 03/28/2024

More Details

Add to Basket

SVTA5056: OTT Streaming Security Checklist

As more direct-to-consumer Over-the-Top (OTT) apps are making their way to the marketplace, it is helpful to provide a single checklist that contains a list of the security options in use by contemporary OTT services. This ensures that security options are taken into consideration every step of the way, from design and architecture, to development and test, and finally to live operation. This will also provide an understanding of potential security risks that may be presented when certain security options are foregone.

This document provides an end-to-end security checklist that an OTT service provider, technology vendor, and service developer can reference as they seek to improve content protection on OTT streaming services.

Goals and Objectives

  • It is a list of the common controls used in streaming services. “That’s a good idea – I should explore further.”
  • It is not mandatory. The checklist simply lists controls in common use. Operator requirements will vary.
  • It will focus more on consumer content streaming rather than other areas – IT/cloud/content handling/etc.
  • It may span both product and technical controls.
  • It will include a simple description for each control.
  • It will include detailed controls where it adds value, but we will generally aim for coverage rather than depth.
  • It will include notes to give additional information where required. (e.g. this control protects against xyz).
  • It will avoid configuration or implementation information.

Project Scope

Below are topics that the Project will address:
  • Registration
  • User Management (Login, etc)
  • Playback Control
  • Geo-Restriction
  • CDN
  • DRM
  • Usage Rules (Concurrency limits, etc)
  • Watermarking
Below are areas that are out of scope:
  • IT
  • Application
  • Data Center
  • Cloud
  • Operational Processes (Non-streaming specific)

Contributors

The following members have contributed to this project. Click on their name to visit their profile. If they have not published their profile, the link will redirect to their LinkedIn profile.

Presentations

The following presentations delivered during Security working group sessions may provide additional information about this project.

Have A Question ABout Membership?

Schedule A Meeting

Send An Email

Don’t want to schedule a face-to-face meeting just now? No problem. Simply send your membership question to info@streamingvideoalliance.org or fill out the form below and someone will get back to you as soon as possible.

"*" indicates required fields

Name*
Email*
Hidden