Protected Streaming: Difference between revisions

Content deleted Content added

Inline

Revision as of 00:34, 24 May 2009

Protected Streaming is a DRM technology by Adobe. It is used to protect digital content (video or audio) from unauthorized use.

Protected Streaming consists of many different techniques; basically there are two main components:

This technique is used by the RTE Player.

Encryption

All contents are encrypted by the Flash Media Server "on the fly". This means there is no encryption of the source file needed (which is different to Microsoft DRM, for instance). For data transmission, a special protocol is used: RTMPE or RTMPS.

RTMPS uses SSL-encryption, RTMPE makes use of a proprietary encryption protocol consisting of Diffie-Hellman key exchange generating an RC4 key, which is then used to encrypt the rest of the stream. RTMPE causes less CPU-load than RTMPS on the Flash Media Server. In the past, some tools were able to capture RTMPE streams by taking advantage of a security hole within the Flash player object. Adobe fixed this issue in January 2009.

Tools which have a copy of the encryption keys extracted from the Adobe Flash player are still able to capture RTMPE streams, which is a form of the trusted client problem. Adobe issued a DMCA takedown on one such tool to try to limit their distribution.^[1]

SWF verification

The Adobe Flash player contains a cryptographic key which is used to identify it to the server. This technique is used to ensure that only a client with a copy of the encryption key can be used to request the streaming data. The player also reports the SHA-256 hash of the SWF file being used, which Flash Media Server uses to limit access to those clients which report an authorised hash.

All officially allowed clients (which are in fact *.swf Files) need to be placed on the Flash Media Server. Any unknown client requesting a connection will receive a "connection reject".

The combination of both techniques ensures that streams cannot be sniffed and stored into a local file when using the Adobe Flash player. SWF verification is intended to prevent manipulated clients from accessing the content. Those clients could possibly write the unencrypted content to a file.

Additionally, it is possible to restrict connections to the Flash Media Server to a list of known hosts, to avoid that the whole player (the Flash client) is placed on a foreign site.

Notes

^ "Adobe has issued a DMCA removal request for rtmpdump". 2009-05-21.

References

Whitepaper by Adobe
RTMPE (Adobe LiveDocs)
RTMPS (Adobe LiveDocs)
Source code of rtmpdump v1.5 by Andrej Stepanchuk
RTMPE specification, generated from the rtmpdump source code

[1] "Adobe has issued a DMCA removal request for rtmpdump". 2009-05-21.

[1]

@@ Line 1: / Line 1: @@
+{{orphan|date=May 2009}}
-'''Protected Streaming''' is a [[Digital rights management|DRM]]-Technology by [[Adobe Systems|Adobe]]. It is used to protect digital content (video or audio) from unauthorized use.
+{{mergeto|Real Time Messaging Protocol|date=May 2009}}
+'''Protected Streaming''' is a [[digital rights management|DRM]] technology by [[Adobe Systems|Adobe]]. It is used to protect digital content (video or audio) from unauthorized use.
-In fact, Protected Streaming consists of many different techniques; basically there are two main components:
+Protected Streaming consists of many different techniques; basically there are two main components:
 This technique is used by the [[RTE Player]].
 == Encryption ==
-All contents are encrypted by the Flash Media Server "on the fly". This means, there is no [[encryption]] of the source file needed (which is different to [[Microsoft]] DRM, for instance). For data transmission, a special protocol is used: ''rtmpe'' or ''rtmps''.
+All contents are encrypted by the Flash Media Server "on the fly". This means there is no [[encryption]] of the source file needed (which is different to [[Microsoft]] DRM, for instance). For data transmission, a special protocol is used: [[RTMPE]] or [[RTMPS]].
-''rtmps'' uses [[SSL]]-encryption, ''rtmpe'' makes use of a proprietary encryption protocol consisting of [[Diffie-Hellman key exchange]] generating an [[RC4]] key, which is then used to encrypt the rest of the stream.  ''rtmpe'' causes less [[CPU]]-load than ''rtmps'' on the Flash Media Server. In the past, some tools were able to capture rtmpe Streams by taking advantage of a security hole within the flash player object. Adobe fixed this issue in Jan. 2009.
+RTMPS uses [[SSL]]-encryption, RTMPE makes use of a proprietary encryption protocol consisting of [[Diffie-Hellman key exchange]] generating an [[RC4]] key, which is then used to encrypt the rest of the stream.  RTMPE causes less [[CPU]]-load than RTMPS on the [[Adobe Flash Media Server|Flash Media Server]]. In the past, some tools were able to capture RTMPE streams by taking advantage of a security hole within the Flash player object. Adobe fixed this issue in January 2009.
-Tools which have a copy of the encryption keys extracted from the [[Adobe Flash]] player are still able to capture rtmpe streams, which is a form of the [[trusted client]] problem. Adobe issued a [[DMCA takedown]] on one such tool to try to limit their distribution [http://linuxcentre.net/adobe-has-issued-a-dmca-removal-request-for-rtmpdump/].
+Tools which have a copy of the encryption keys extracted from the [[Adobe Flash]] player are still able to capture RTMPE streams, which is a form of the [[trusted client]] problem. Adobe issued a [[DMCA takedown]] on one such tool to try to limit their distribution.<ref>{{cite web|url=http://linuxcentre.net/adobe-has-issued-a-dmca-removal-request-for-rtmpdump/|title=Adobe has issued a DMCA removal request for rtmpdump|date=2009-05-21}}</ref>
-==SWF-Verification==
+==SWF verification==
 The [[Adobe Flash]] player contains a cryptographic key which is used to identify it to the server. This technique is used to ensure that only a client with a copy of the encryption key can be used to request the streaming data. The player also reports the [[SHA-256]] hash of the SWF file being used, which Flash Media Server uses to limit access to those clients which report an authorised hash.
@@ Line 19: / Line 22: @@
 The combination of both techniques ensures that streams cannot be sniffed and stored into a local file when using the [[Adobe Flash]] player. SWF verification is intended to prevent manipulated clients from accessing the content. Those clients could possibly write the unencrypted content to a file.
-Additionally, it is possible to restrict connections to the Flash Media Server to a list of known hosts, to avoid that the whole player (the flash client) is placed on a foreign site.
+Additionally, it is possible to restrict connections to the Flash Media Server to a list of known hosts, to avoid that the whole player (the Flash client) is placed on a foreign site.
+== Notes ==
+{{reflist}}
 == References ==
-* [http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf] - Whitepaper by Adobe
+* [http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf Whitepaper by Adobe]
-* [http://livedocs.adobe.com/flashmediaserver/3.0/docs/help.html?content=08_xmlref_281.html] - rtmpe (Adobe LiveDocs)
+* [http://livedocs.adobe.com/flashmediaserver/3.0/docs/help.html?content=08_xmlref_281.html RTMPE (Adobe LiveDocs)]
-* [http://livedocs.adobe.com/flashmediaserver/3.0/docs/help.html?content=03_configtasks_25.html] - rtmps (Adobe LiveDocs)
+* [http://livedocs.adobe.com/flashmediaserver/3.0/docs/help.html?content=03_configtasks_25.html RTMPS (Adobe LiveDocs)]
 * Source code of rtmpdump v1.5 by Andrej Stepanchuk
+* [http://lkcl.net/rtmp/RTMPE.txt RTMPE specification], generated from the rtmpdump source code
+[[Category:Multimedia]]
+[[Category:Network protocols]]
 [[de:Protected Streaming]]