[streaming] Re: Fwd: Enterprise Ready Streaming On-Demand Server
Martin Forget
mforget at mtotelecom.com
Tue Nov 21 00:02:12 CET 2006
i honnestly don't know....
i did found stuff on the internet about ffdeCSA which sounds like a
decryptor, but i havn't tried it on a vlc encrypted without the keys...
theoritically, my experience with live channel decryption (from
satellite or digital-cable)
is that hackers definitly put the focus on finding the keys in the
DVB-SI messages and others.. (EMMs, ECMs)
not at decrypting live the streams. [a quick look at ffdecsa seems
to point to that way to since they detect nagra/seca/ which
are more key-distributing algorithm than anything else..)
in a case of IPTV,(unlike most cable or satellite) key echange is bi-
directional... so it doesn't have to be sent to all subscribers
(hence the https/php dialog idea so that nobody can sniff the keys
easily)
but in practice, it depends on your usage i guess...
for example,
if you own your content and want to distribute it very securly i
would suggest pgp or something else very secure.
if you are an iptv provider...
for live content (regular TV channel) , i don't think any cpu will be
able to decrypt live without keys.
i guess someone could store and decrypt... but it becomes easier to
put a vcr and re-encode... specially if we change the keys every 2-3
minutes...
and if you want real security , just limit the IGMP snooping on the
dslam... that's security! if you don't pay, the dslam won't send you
the stream.
for VOD content, it's all unicast RTSP based, so just don't send the
stream to someone who is not paying at the RTSP server level
anyway, in my case... encrypting channels was a must for no other
reasons than making content owners happy.
trying to explain IGMP snoop control was an ocean to cross...
and for this... DVB-CSA was an easy sell. when you think about it...
all their content is already in the air with this encryption
note: if someone knows an easier way of decrypting live csa feeds...
please comment... i am saying an opinion with not much
experimentation at this point.
-martin
On 20-Nov-06, at 4:15 AM, Rémi Denis-Courmont wrote:
> Le samedi 18 novembre 2006 23:20, Martin Forget a écrit :
>> hi... i am working on __exactly__ the same kind of setup in the same
>> context (cable tv operator planning an iptv launch)
>>
>>
>> for DRM/Encryption, i suggest the DVB-CAS encryption that is built-in
>> vlc already.
>> it works for both live and on-demand and adds somewhat minimal
>> overhead in processing power....
>>
>> --sout-ts-csa-ck <string> CSA Key to encrypt
>> --ts-csa-ck <string> to decrypt
>>
>> works perfectly!
>
> Is CSA still considered satisfactorily secure by today's standard and
> for the Internet? I thought it was kinda low, and the industry only
> used it with relatively fast changing keys nowadays, but I might be
> wrong.
>
> --
> Rémi Denis-Courmont
--
This is the streaming mailing-list, see http://www.videolan.org/streaming/
To unsubscribe, please read http://www.videolan.org/support/lists.html
More information about the streaming
mailing list