HESP Ready Stream Security

Viewers are more demanding than ever. They expect a premium online video Quality of Experience including low latency and a fast channel change. But making such features central to the business model of a service provider also requires that they transparently accommodate the implementation of robust security that can protect and enhance their revenue streams. What solutions can be offered in today’s market that address these two sets of requirements without dismantling much of the technology stack we all have come to trust?

Emerging Low-Latency Solutions

Popular low-latency streaming formats such as LL-HLS and LL-DASH often fail to effectively address the latency and channel change issue, as well as falling short in their accommodation of efficient security support.

• DRM license acquisition cannot operate in parallel with early content download where all the necessary information is contained in a large initialization video segment which can take a long time to load. While shortening the initialization segment speeds the process, an even better solution is locating the critical PSSH information in the manifest file to speed identification and extraction of the data required to make the DRM license request.
• Even LL-HLS and LL-DASH recommend segment sizes of 2-6 seconds, which ultimately limits the lowest achievable operational latency in a trade-off with frequency of download for manifest files.
• CMAF-CTE [link] offers an improved content request/response mechanism, but cannot in practice meet the goal of sub-second latency even in a bandwidth rich environment.

Protocols such as webRTC appear to offer the potential of low channel-change times. However, in order to scale to multiple clients, webRTC solutions often reuse the same GOP for every client. As a result the player may not be able to take full advantage of early data for display if it needs to wait for the ongoing GOP to be completed and a keyframe to be available. Additionally, there are significant challenges in supporting commercial-grade security for webRTC with currently deployed DRM mechanisms and services.

The HESP Alliance has taken an incremental approach to addressing the challenges of secure low-latency services with its carefully architected protocol. And EZDRM, as one of the HESP contributors, has demonstrated how these protocols can be used in conjunction with modern, robust cloud-based DRM services to deliver on the paradigm of secure low-latency streaming services.

HESP Context

As fully described in the latest HESP technical white paper [link here], HESP incrementally builds on existing ABR standards for format and delivery to offer the Quality of Experience viewers are looking for, including sub-second latency, fast channel change, extensive cross-platform support and improved rate adaption. A HESP foundation stone in this respect is the significant cumulative advances in streaming technology incorporated in the CMAF standard. As identified in an earlier EZDRM white paper [link here], the industry convergence on CMAF, despite numerous technical and political hurdles, brought with it a wealth of value, including for our purposes:

• Streaming service workflow rationalization: A focus on a single secure video origin file format that can be referenced by different streaming manifest file structures.
• Security unification: An encryption approach and and scrambling algorithm that is globally supported and compatible with all critical DRM solutions.
• The potential for securing low-latency delivery systems. Live workflows using CMAF can exploit Chunked Transfer Encoding (CTE) to deliver a video segment in micro chunks (e.g., 200 ms), using byte range requests before the full multi-second ABR segment is available.

ABR protocols have already established an extensive footprint on most mobile devices and desktop devices, but for SmartTVs and STBs existing ABR approaches have significant downsides as viewers expect the same fast channel experience as they have grown to love in the legacy broadcast environment. HESP aims to solve this problem by optimizing ABR delivery towards these platforms as well, optimizing the experience for lean back TV through its fast channel change capabilities.

Optimizing Security

Another benefit of the HESP approach to streaming implementation is the manner in which data and processes have been structured to be sympathetic to the needs of the security implementation. In particular, with regard to latency and channel change time reduction, care has been taken to ensure the key management processes on secure streams will have a negligible effect on overall performance. The benefits of this architectural approach can straightforwardly be verified in actual measurement of stream behavior.

Benchmark Setup & Results

HESP Alliance test results, referenced in a recent white paper [link], illustrate clearly the negligible impact on latency and startup performance when using a DRM protected HESP stream. The partner testbed included a linear stream provided by Synamedia, a THEOplayer client in various HTML5 browser environments, and EZDRM as the multi-DRM service. The baseline stream was configured as a single presentation at a single bitrate, with the same configuration used for both DRM protected and Clear delivery to facilitate comparison. The startup time overhead of DRM protection is proven to be a rather small number - with DRM enabled, the startup time for each of the tested HESP streams stays well below the critical one second benchmark.

Latency measurements performed with and without DRM give similar results. A median of 50ms additional protocol latency was measured for DRM encrypted streams compared to clear streams, which is less than 10% of the overall protocol latency.

Full details can be found in the HESP white paper

Conclusion

Based on the significant benefits we see in real-world deployments, the HESP format will likely gather further momentum in 2023, with products and services being introduced to enable every type of video business approach. EZDRM, of course, is especially engaged with other partner vendors in this effort, and has introduced a true Universal Complete DRM service that fully enables the secure low-latency delivery capabilities of HESP. We look forward to supporting our customers in extending the competitive edge of their deployments in this way.