<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=49414&amp;fmt=gif">
 

I’d like to learn more about Campaign Creators!

5 min read

Video Encryption: AES or DRM?

By Shahan Zafar
Video Encryption in an Enterprise Video Platform

There are different ways in which enterprises can secure their digital media within their enterprise video content management systems. These security requirements can either be fulfilled by the safety measures provided by the system (for e.g., AES Encryption) or by using third-party technologies (for eg., DRM) that are dedicated systems for providing extensive security. 

VIDIZMO, a Gartner-recognized enterprise video content management system and digital evidence management system, provides its customers with different layers of security measures at every step along the way – during steps of content ingestion, delivery, playback and storage, we got you covered. These security requirements can either be fulfilled by the safety measures provided by VIDIZMO. Or if customers wish to integrate with any third-party Digital Rights Management (DRM) technologies with their enterprise video portal, then VIDIZMO also offers seamless support for such technologies, allowing customers to utilize enhanced benefits provided by these security systems. 

Here's a diagrammatic representation showing a simplified representation of encryption in VIDIZMO:

The encryption process within VIDIZMO 

Learn More About VIDIZMO

But the important question: “Which security measures are best for me to secure my video content?” 

Within VIDIZMO, customers can choose to encrypt their video at-rest and in-transit as well. At-rest, video can be encrypted in the following ways: 

  • Static: Video is encrypted right after upload using the cryptographic key. Video playback requires video decryption using the same key that was used while encrypting. 
  • Dynamic: Content is encrypted on-the-fly before transferring for playback. This allows the customer to decide the key right before transmitting video, allowing changing the key if necessary at any time. 

In-transit, VIDIZMO uses TLS (1.2 and 1.3) to transfer content, preventing man-in-the-middle attacks. 

In fact, all encryption in VIDIZMO is compliant with FIPS 140-2 standards for encryption.

Video encryption is a pain-point for customers who require high security standards for their digital media. However, VIDIZMO makes it easier for its users to encrypt their content in multiple ways, as suitable to the customer’s requirements: 

  • Using Advanced Encryption Standard (AES) to encrypt video content by default
  • Using third-party Digital Rights Management (DRM) technologies 

Video Protection Using Advanced Encryption Standard (AES)

AES is an encryption method that allows content owners to encrypt their video using a 128-bit or 256-bit cryptographic key. An end-user will require the same key to playback the video. Entities that do not have access to the key, would be unable to access the content. Even downloading the video will open some junk data (ciphertext) that simply will not open.

AES is a fool-proof encryption method and this is seen from the fact that it's included in the approved list of secure cryptographic functions as provided by the National Institute of Standards and Technology (NIST) under FIPS. 

However, one of the drawbacks of AES is that the mechanism is fool-proof as long as the keys are safe. Your data is not safe if hackers can get access to the keys. This is why you need a secure mechanism to ensure that your keys are kept safe as well.

In theory, in VIDIZMO, this is done by having two sets of keys for any data - Data Encryption Keys (DEK) and Key Encryption Keys (KEK), and then securely storing these keys in a vault. Key access is managed by an identity and access management system. This way, not only your data is encrypted but the keys encrypting this data is also encrypted. Decryption takes place when access is granted by an identity and access management system (IAM) such as Azure AD, Okta etc. 

Video Protection using third-party Digital Rights Management (DRM) Solution

Digital Rights Management (DRM) is a technology that defines a set of rules according to which content owners can define rules to allow content access to users and determines how the content can be used, reused, purchased, copied, downloaded and distributed by that user. 

DRMs are third-party technologies that are creating out-of-the-box solutions for content security, like Microsoft’s PlayReady, Google’s Widevine or Apple’s FairPlay etc. The end-users can select their cryptographic keys and they will be maintained and provided by DRM.

DRM is for organizations looking towards a safer option than AES, one with better key and license management.   

What is the right content protection for you?

Customers often find themselves in the confusion of assessing what type of security measures their digital content requires. After assessing AES encryption and full-fledged DRM systems for video encryption, we can highlight the following areas where they differ, helping customers to make the decision that suits them best. 

Decrypting Key Security

In terms of AES, the cryptographic keys are chosen by the end-users but are maintained and provided by VIDIZMO. The delivery of these keys depends upon a customer’s choice, but by default VIDIZMO chooses to use HTTPS for key transmission, preventing any man-in-the-middle attacks. The keys are kept secure from unauthorized access by encrypting the keys and managing access through an IAM system.  

DRM systems are configured to maintain and share these cryptographic keys and they have dedicated rules and functions that make sure the key transmission is as secure as possible. To be more specific, DRM systems do not transmit keys, but they transmit licenses that contain all the details of user identity and the permissions that are allowed for that specific user, such as when the usage rights expire etc. But maintaining these licenses for every user may introduce added overhead that might not be the level of security that interests your encryption needs.  

Security Level of the Decryption Process

AES encryption provides software-level security, it authenticates and authorizes users based on their virtual identities, and the rights permitted against that identity. The decrypting key can be accessed by all those users having the permissions to watch the content. These permissions are managed by VIDIZMO and the integrated IAM system. 

Being a mature security technology, a DRM also validates the hardware devices where the content is accessed, based on the permits that are assigned to that device and user by the license servers of DRM. This also allows content owners to stream their content in specific devices with specific qualities only. As licenses are maintained per device, an authorized end-user requires a designated license for content access on their device. 

Offline Playback

AES-encrypted content may require decrypting key on the fly and might be a problem if the user goes offline. While in the case of DRM systems, the licenses are maintained per user’s device, allowing content owners to track content usage offline as well, such as allowing a user to play a video for the next 48 hours only. 

Added security measures

DRM systems include more security measures that can somehow be overcome by normal encryption processes, such as preventing screen recorders while playback or partially encrypting content and making it unplayable, so decrypting becomes an easier process as compared to full-fledged encryption. Also, DRM licenses are signed, preventing one from tampering licenses while in transit over HTTP and much more. 

Although DRM technologies introduce a different dimension and perspective to normal encryption, but AES encryption remains a valid case in most situations as users may not require a deeper level of security as DRM offers. So, it all boils down the level of security that your digital content requires.  

 

Learn More About VIDIZMO EnterpriseTube

To essentially facilitate private video hosting and digital evidence management, VIDIZMO offers both of these options to its customers and can be easily configured and utilized in your branded video portal. By default, all videos are end-to-end encrypted using AES and TLS.

VIDIZMO offers a Gartner recognized enterprise video content management system to store, stream and manage video and other digital content in a secure environment. This solution is specifically designed for effective video asset management through a YouTube-like portal.

VIDIZMO Digital Evidence Management System provides an end-to-end solution for securely storing, managing and sharing digital evidence, such as videos, audio, images, documents and more from a centralized system.

You can read more regarding various compliances covered for video security and privacy, and digital evidence.

To know more, contact us today or visit our website to explore broader aspects of VIDIZMO video platform capabilities.  

Learn More

 

US State Department

The US Department of State Uses VIDIZMO to Stream Live and On-demand Videos Internally – Read More on This Story

Posted by Shahan Zafar

Shahan is the Product Marketing Manager at VIDIZMO - An expert in video streaming, sharing and management platforms. Shahan is actively involved in researching and consolidating information regarding innovative features, customer challenges and emerging trends in this domain. You can email at shahan.zafar@vidizmo.com for any queries.

Tags: EVCM, encryption, Digital rights management, security

By signing up you agree to receive our offers, promotions & other commercial messages. You may unsubscribe any time.
Check-1-2

Sign up for our monthly blog updates to receive great content