Telcos are on a security learning curve as they rush to deploy television services over their broadband networks. In fact, IPTV presents new challenges for all involved when it comes to securing and regulating the usage of content.
“In a normal service provider environment, content is not the responsibility of the service provider,” explains David Ramirez, senior manager of global practice, security and business continuity at Lucent Worldwide Services. “End users [for other services than IPTV] have engaged the content provider directly, and they have a formal or tacit agreement where either content provider or user is responsible for the security of the content. In cases such as Web information, e-banking and music, the service provider is never responsible for the protection of content.” For instance, Verizon Communications Inc. battled the Recording Industry Association of America (RIAA) in 2002, when RIAA asked a federal judge to order the carrier to turn over the name of a Kazaa subscriber who allegedly was sharing copies of more than 600 music recordings. After an appeals process, Verizon won the battle.
In the IPTV environment, the model changes because service providers are hosting the content and charging for access to it, and are effectively in control of subscriber management “so there are clear contractual obligations with content providers to ensure the protection of the content,” says Ramirez. “Content owners tend to request specific security measures as part of the infrastructure offered by service providers.”
Contracts between service providers and content owners often include requirements to protect programming against theft, hacking, legal breaches, malware and viruses, and content sharing/unauthorized access. Theft can occur during transmission or at storage points, and could include proprietary information or intellectual property, redirection of an IPTV stream via peer-to-peer networks, or the theft of subscriber identity information. “Traditional broadcast is exposed to unauthorized access, but one of the main differences in IPTV is the possibility of redirection, or re-broadcasting the IPTV traffic,” says Ramirez. “Premium content or video on demand redirected could cause significant losses to providers. The technology is available to enable any home PC to become a TV station.”
Tony Wasilewski, chief scientist for subscriber networks at Scientific Atlanta, the Cisco Systems Inc.-owned company that has been providing broadcast security solutions for years to telcos and MSOs, says that telcos need to be aware of the security requirements for content along the entire distribution path. “They need to be ready to be audited when it comes to any particular asset at any time,” he notes. “They have to be able to tell the content provider that X movie has been made available to box Y for Z amount of time. This all goes to the business and billing relationships, and a lot of telco operations folks may not have been exposed to this kind of content protection before.”
Click to Enlarge |
Ramirez adds that while encryption is used to protect content and typically is performed by software, it is viable for hackers to compromise the host at the OS level. “The technology used for video compression techniques — MPEG-4 — makes it easier to ‘share’ (steal) the contents using P2P networks,” he says. And security breaches due to viruses, worms and hackers can affect the quality of service and deteriorate the customer experience, Ramirez notes, which is a potentially disastrous scenario for an IPTV provider that may be the third or even fourth video service provider in a hypercompetitive market.
“A key unique attribute that we are now beginning to see is the need to administer the business rights [i.e. intellectual property rights, or digital rights management (DRM)] attaching to content,” says Christy Lally, director of business development for Oracle Corp., which provides a security solution in its Identity Management suite, and partners to address the DRM and intellectual property management space. “This means understanding how the service provider can leverage the content, and also the need to be able to manage the evermore complex royalty calculation and allocation requirements that will arise from this.”
This becomes more difficult as content goes “mobile” — meaning service providers and content companies allow for the offloading of a television program from the TV to a Sony PSP or other handheld device, for example. “On the minds of the service and content providers is the desire/momentum to broaden this distribution of content to all wired and wireless endpoints, further enabling new business models/drivers across advertising and cross-marketing,” says Nash Parker, director of content alliances at Alcatel North America. One example of this trend would be CBS making available its national news broadcast as an online simulcast, a download and via traditional linear models, he notes. Ads can be placed across all these different formats and platforms, adding additional complexity.
Click to Enlarge |
“The ultimate goal is to engage the consumer with the right content so that the content provider and other participants, such as advertisers, optimize their results,” says John Bito, chief technical architect of Qpass, Amdocs Ltd.’s digital commerce division. “It will be crucial to deploy a platform that can identify consumers and regulate and track the flow of content reliably,” says Bito. “This platform is required in order for the service provider to connect the consumer with the content they expect across a variety of endpoints. A solution that addresses only IPTV almost immediately will become a liability for the network service provider, since consumers will gravitate to providers who can offer enhanced services across multiple media (wireless, broadband, voice) at attractive prices. The consumer will expect that the content he paid for will apply across all media, and the service providers that allow consumers to use various devices seamlessly will drive ARPU.”
The sheer number of parties involved in a television service — particularly a next-generation television service — also opens up a variety of new concerns and relationship models. “IP is, by nature, a public infrastructure, and one has to take measures to block intrusions from uncontrolled sources,” says Alon Aginsky, CEO and co-founder of cVidya Networks, maker of the MoneyMap revenue assurance solution for IPTV. “Consider the case of streaming video combined with e-commerce. The consumer purchases goods that he sees as part of the TV show. The scenario involves two content providers (one for the TV show and the other for the goods), the e-commerce service provider and the IPTV service provider. The transactions, the service delivery, the approvals and the payments are going back and forth between the parties involved, providing many weak points where errors might occur or malicious actions might take place.”
On the upside, however, the IP in IPTV means the service providers can achieve a level of granularity that is not possible in traditional distribution architectures. “With IPTV, you know exactly what content is being consumed, where it is being consumed, and by whom,” says Francois Cosquer, chief security architect at Alcatel North America. “For example, the IPTV set-top box in the house decrypts the content for consumption and is an active participant in that it continually requests and receives unique keys to unlock each content or application during a consumer’s use of them. This level of granularity enables control and auditing to both the service provider and content provider on a scale not possible before.”
IPTV access security capitalizes on two-way networks and allows for a one-to-one connection to be established between the middleware platform and the end user, enabling strong authentication of the devices. The security methods for this are built on open standards and proven security technology like the use of digital certificates, public key infrastructure and strong encryption in transit.
“You can have an ongoing discussion for authentication for any content at any time,” says Jim Baldwin, product manager for Microsoft TV Edition. “The service provider can leverage an entire stable of content as needed.”
The two-way distribution network also allows for more advanced and secure business rules and DRM to be enabled and enforced. “Services running in the service provider’s video office protects content from being compromised at the end device, a historic problem experienced in broadcast distribution schemes,” says Cosquer.
“Providing a rich user experience by delivering media over highquality and secure IP networks is a real challenge, and it is important to stay on the learning curve,” he adds. “Security should be viewed as a process as opposed to a defined end state.”
| Links |
| Alcatel www.alcatel.com Amdocs Ltd. www.amdocs.com cVidya Networks www.cvidya.com Lucent Technologies Inc. www.lucent.com Microsoft Corp. www.microsoft.com Oracle Corp. www.oracle.com Scientific Atlanta www.sciatl.com Verizon Communications Inc. www.verizon.com |
