Encryption can make sure your videos are safe and secure when streamed online. This is usually required if you want to securely share videos online, ones that contain confidential information. When we talk about encryption, there are two types of encryption methods that are widely known - AES and DRM.
But what do each of these video encryption methods mean? How do they protect your videos? Is one better than the other? Are they enough?
In this article, we first cover where encryption is required in the entire process from upload to delivery. We then cover what AES and DRM encryption means and show how our video streaming platform VIDIZMO uses them.
What is Video Encryption?
Video encryption is the process of converting a video into some form of gibberish (ciphertext) and only converting it back (decrypting) when it's accessed by an authorized person.
In the simplest form, it works in the same way as encryption of any other form of data. We'd recommend reading this article by Cloudflare on encryption to understand more.
In summary, an unauthorized person accessing your video will not be able to play it, if it has been properly encrypted.
Where is Encryption Needed in the Video Streaming Process?
Before we go on and discuss where encryption is needed in the streaming process, let's compare two platforms to see how fool-proof encryption differs from one that doesn't offer one.
The Encrypted Video
- Go on to this video hosted on our VIDIZMO platform.
- Right-click on the video in the player and select inspect.
- Copy the URL right after "src="
- Paste this URL in any new tab. You'll see the following message.
This is because the video streamed from the VIDIZMO platform is encrypted. If you directly visit the source URL without a decryption key, you can't access the video file.
The Non-Encrypted Video
- Go to this page on our website.
- Right click on the video embedded at the center of the page.
- Copy the URL after "src="
- Paste the URL in any new tab and you'll see the video playing.
You are able to access and play the video as it was hosted in a non-encrypted form.
The activity that you just performed covers the basics of encryption. However, it gives you a good idea on how encrypted and protected videos differ from ones that are not.
Best Practices For Encrypting Videos
From upload till delivery, there are three stages when the video needs to be encrypted.
Encryption at Rest
When a video is stored, it's uploaded somewhere and the video needs to be stored in a decrypted form. If unauthorized individuals access the video from the storage, they won't be able to access it.
Encryption in Transit
When a user requests to watch a video, it is likely to be transferred over the internet. The video needs to be streamed under an SSL (TLS) connection. This way, if any unauthorized individual successfully attempts to access it midway, they'll get nothing but gibberish. Read more on SSL-based streaming.
Decryption Only by Player
If a user needs to watch a video, it needs to be decrypted. A secure video platform, like ours, will make sure the video can only be decrypted by the player. Moreover, we use something simillar to token management to verify if the logged-in user accessing the video is even authorized to do so.
Now that we have discussed what encryption is and its best practices, it's time to discuss the two popular encryption methods and their differences.
Video Protection Using Advanced Encryption Standard (AES)
AES is an encryption method that allows content owners to encrypt their video using a 128-bit or 256-bit cryptographic key. An end-user will require the same key to playback the video. Anyone that does not have access to the key, would be unable to access the content. Even downloading the video will open some junk data (ciphertext) that simply will not open.
AES is a fool-proof encryption method and this is seen from the fact that it's included in the approved list of secure cryptographic functions as provided by the National Institute of Standards and Technology (NIST) under FIPS.
However, one of the drawbacks of AES is that the mechanism is fool-proof as long as the keys are safe. Your data is not safe if hackers can get access to the keys.
This is why you need a secure mechanism to ensure that your keys are kept safe as well.
In theory, in VIDIZMO, this is done by having two sets of keys for any data - Data Encryption Keys (DEK) and Key Encryption Keys (KEK), and then securely storing these keys in a vault. Key access is managed by an identity and access management system.
This way, not only your data is encrypted but the keys encrypting this data is also encrypted. Decryption takes place when access is granted by an identity and access management system (IAM) such as Azure AD, Okta etc.
Read more on end-to-end video security in VIDIZMO.
Video Protection Using Third-party Digital Rights Management (DRM) Solution
Digital Rights Management (DRM) is a technology system where content owners can define rules to allow content access to users and also determine how the content can be used, reused, purchased, copied, downloaded and distributed by that user.
DRM is not an entirely separate encryption mechanism, but it adds on to the existing AES encryption as discussed previously. It usually means paying more to a third-party to add more protection to your existing video streaming method.
A DRM system will make sure that content can't be downloaded or recorded. It is usually provided by a third-party such as Microsoft’s PlayReady, Google’s Widevine or Apple’s FairPlay etc. This is because these applications will ensure some form of control on the end-user's device, browser, OS, etc.
AES vs. DRM?
TL;DR: AES is fool-proof for video streaming to an internal audience where you can manage access using an IAM system like Okta, Azure AD, etc. DRM is best when you need to stream to the public (say movies) and have limited mechanisms to manage who accesses the content.
You might find yourself confused in assessing what type of security measures your digital content requires.
After assessing AES encryption and full-fledged DRM systems for video encryption, we can highlight the following areas where they differ, helping you make the best decision.
In terms of AES, the cryptographic keys are maintained and provided by a video content management system (such as VIDIZMO) and the Identity and Access Management System (IAM).
A good video content management system will make sure there are necessary mechanisms in place to safeguard the keys.
For our platform VIDIZMO, we do this by encrypting keys with another set of Key Encryption Keys (KEK). The delivery of these keys is under HTTPS to prevent any man-in-the-middle attacks. The keys are managed through an IAM system and are only provided if a user has access to specific content.
In terms of DRM, these systems are configured to maintain and share these cryptographic keys and they have dedicated rules and functions that make sure the key transmission is as secure as possible.
To be more specific, DRM systems do not transmit keys, but they transmit licenses that contain all the details of user identity and the permissions that are allowed for that specific user, such as when the usage rights expire etc.
AES is as secure as DRM if you have a good system managing the keys.
Your Use Case
Using AES is secure if you can use a video platform that integrates with an IAM system.
This is usually when you are using the system to stream content in an enterprise to employees internally, where you have an IAM system with unique identities for every employee.
AES encryption provides software-level security, it authenticates and authorizes users based on their virtual identities, and the rights permitted against that identity. The decrypting key can be accessed by all those users having the permission to watch the content. These permissions are managed by VIDIZMO and the integrated IAM system.
However, when streaming to the public such as a movie (for a subscription), then the chances of having an identity management system are almost none. Here's where you'll need the added protection provided by a DRM system.
Being a mature security technology, a DRM also validates the hardware devices where the content is accessed, based on the permits that are assigned to that device and user by the license servers of DRM. This also allows content owners to stream their content in specific devices with specific qualities only. As licenses are maintained per device, an authorized end-user requires a designated license for content access on their device.
In summary, DRM is better for public streaming use cases such as for movies, shows, etc. and AES will do fine if you need to stream to employees at your workplace.
AES-encrypted content may require decrypting key on the fly and might be a problem if the user goes offline. These may be an issue for certain systems, but our video platform allows for offline viewing as well.
While in the case of DRM systems, the licenses are maintained per user’s device, allowing content owners to track content usage offline as well, such as allowing a user to play a video for the next 48 hours only.
Added security measures
DRM systems include more security measures that can somehow be overcome by normal encryption processes, such as preventing screen recorders while playback or partially encrypting content and making it unplayable, so decrypting becomes an easier process as compared to full-fledged encryption.
Also, DRM licenses are signed, preventing one from tampering licenses while in transit over HTTP and much more.
To essentially facilitate private video hosting and digital evidence management, VIDIZMO offers a Gartner recognized video content management system with multiple security features including AES encryption. The platform can also be integrated with leading DRM providers.
This solution is specifically designed for effective video asset management through a YouTube-like portal. It can be used to deliver secure video training to employees, to share recorded meetings or confidential videos and much more.
VIDIZMO also offers a Digital Evidence Management System which is an end-to-end solution for securely storing, managing and sharing digital evidence, such as videos, audio, images, documents and more from a centralized system. It integrates with CCTV, Dashcam, Bodycam storage and much more.
Feel free to contact us to ask relevant queries or schedule a product demonstration.
The US Department of State Uses VIDIZMO to Stream Live and On-demand Videos Internally – Read More on This Story