Abstract
Despite major breakthroughs in multimedia security over the last three decades, video piracy is still striving. Sport leagues are pirated during major live competitions; popular TV shows and series are redistributed on illegal platforms; Hollywood movies are leaked prior to theatrical releases, etc. Similarly to traditional flamenco dancers, one step from service providers to improve the protection of their video platforms leads to another step from the pirates to circumvent such protection.
The fight against piracy is multi-faceted and goes well beyond technical solutions only. It includes for instance international laws that regulate how digital entertainment content might be used, as well as educational campaigns to inform end-users about the impact of piracy. On another hand, technical protection measures such as digital rights management and conditional access system have been introduced to prevent piracy. In his keynote talk, we will focus on a technology named digital watermarking which modifies the digital representation of a media item in an imperceptible manner to convey information that can be reliably recovered even if the content has been modified afterwards. Forensic watermarking refers to a specific application use case of this technology wherein the watermark signal encodes information about the entity to whom a piece of content has been delivered, thereby providing means to trace back the source of piracy.
The use of forensic watermarking has been limited in its early age to post-production ecosystems, e.g. to prevent leaks prior to official content release, and to well-defined market segments, e.g. the digital cinema or the hospitality market. However, the development of mobile devices to consume video as well as the ever increasing quality of video content have led the movie industry to mandate the use of forensic watermarking for D2C video delivery. Moreover, the rapid transition to OTT delivery and its pervasive use of open devices fundamentally changed the trust model of watermarking systems and called for new template blueprints.
In this context, an industry standard, routinely referred to as A/B watermarking nowadays, gradually emerged. The baseline principle is to segment a video asset, and to generate pre-watermarked A&B variants of each segment using off-the-shelf watermarking technologies. Forensic watermarking then reduces to delivering a unique sequence of A/B pre-watermarked segments to each individual user. This approach has the virtue to perform all security-sensitive operations outside of the end-user device. Moreover, it is naturally fitted to modern segmented delivery protocols such as HLS or DASH. While early generations of such systems relied on playlist/manifest manipulation, the rapid development of CDN edge compute capabilities led to more scalable designs where requests from the end-users are redirected to their A or B variants at the edge. The industry is now engaged in a standardization effort to facilitate interoperability across the ecosystem.
In the meantime, pirates did not stand still, watching their operations being interrupted more and more frequently thanks to improved forensic capabilities. For instance, findings from successful police raids clearly revealed that collusion attacks are not an academic mind game but can be applied at industrial scale. This has been most notably exemplified by beoutQ piracy in the MENA region during the 2018 FIFA World Cup and is now a routine piracy practice.
Collusion refers to the process of combining several watermarked copies of the same asset in an attempt to confuse the forensic tracking engine. The academic response to such threat models led to the design of anti-collusion codes whose length scales with the square of the number of colluders. While advances have been made to reduce the length of these codes, they can rapidly become unusable in practice. It is therefore worth revisiting some of the underlying assumptions that underpin these anti-collusion codes to explore if trade-offs can emerge. End of the day, the business expectation is to be able to shut down a pirate before the end of the match.
On another front, OTT delivery has introduced its own set of vulnerabilities that pirates took no time to exploit. In broadcast, service providers make significant initial investments to deploy their delivery infrastructure. However, once the system is deployed, the operating cost is fixed regardless of the number of end users. In contrast, OTT operating costs scale with the number of end-users actively using the infrastructure in a "pay as much as you use" manner, which rather appealing as long as the end-users are active subscribers of your service. Unfortunately, today, leveraging some know weaknesses of DRM systems, pirate providers are able deploy pirate services that leverages the OTT delivery infrastructure of the legitimate service providers. In other words, the service provider is paying for the pirate traffic, a new form of piracy routinely referred to as CDN leeching.
This issue calls for new protection mechanism to shield the CDN from such vampire traffic. The industry consensus is currently to use a crypto-protected token to grant access to CDN resources or not. While simple token strategies may offer a first layer of protection, it is necessary to anticipate the next moves of the pirates and to devise means to prevent token sharing, which might prove easier said than done in heavily distributed infrastructures.
