Think adding security to protect your live stream is hard to do? Think again. RTMPS is the easiest way to protect your live stream.
Living LIVE and streaming everyday moments to personal accounts on Facebook and YouTube is not a fad – it’s almost the norm for a generation weaned on social media and smart phones. As live streaming shifts from the impromptu to legitimate, money-generating ventures and OTT (Over The Top) subscription packages, more and more businesses, governments, and schools are eagerly jumping on the live streaming bandwagon. But just how secure is a live stream? The answer might surprise you.
When most people think about secure live streaming, they think about restricting who can access the live stream. Usually, that’s done with stream privacy settings like unlisting or making a live streaming event private in YouTube and Facebook. Those stream privacy settings secure live streaming on the distributed stream, which is from the CDN to the viewer. The event owner can control who gets the stream URL to watch the stream.
Securing the distributed stream
For live streaming security on the stream distribution side, there are some common methods used to restrict who can access the content, such as secure portals that require user name and password authentication. After you’ve authenticated, the content is encrypted (typically using HTTPS) before it’s distributed for viewing. With the correct security handshake certificate on the viewer’s computer, you can be sure that the live streaming content is coming from a trusted site.
But what about protecting the content that’s sent to the CDN before distribution? Once your live stream enters the Internet, it’s vulnerable. Most stream privacy settings don’t protect the contribution stream, which is from the content source to the CDN.
Securing the contribution stream with RTMPS
Streaming software and hardware encoders typically use a data transfer protocol called RTMP (Real-Time Messaging Protocol). It’s reliable but not all that secure. RTMP is prone to spoofing (for example, someone pretending to be YouTube and rerouting your stream to a different server) and other man-in-the-middle attacks. The threat of someone maliciously disrupting an important live streaming event is possible. So how do you avoid that without needing an IT degree or spending a ton of money? The answer is secure live streaming with RTMPS.
The easiest way to keep live streaming content safe from spoofing and spying is to use secure live streaming with RTMPS. RTMPS is the secure version of RTMP. Basically, it’s RTMP over TLS. The RTMPS streaming protocol allows you to stream securely by encrypting the stream between the encoder and the CDN, but not only that. RTMPS also protects against domain impersonation. A handshake is used between the sender (you) and the receiver (a CDN like Facebook) to authenticate that you’re really sending your content to the right destination. But to use secure live streaming with RTMPS, both the video encoder that’s streaming the content and the CDN location you’re streaming to must support it.
Secure live streaming with RTMPS on Facebook and CMSs like Kaltura and Panopto
Most private CDNs and Content Management Systems like Kaltura and Panopto already support secure live streaming with RTMPS, but not all CDNs do. For instance, YouTube, Twitter, and Vimeo Live currently only support RTMP for live streaming. They may offer other security options, like unlisting or making a live stream private, but those security measures apply only after your content crosses the Internet and reaches the CDN – and if that stream is RTMP, it’s vulnerable.
Of the popular free live streaming platforms, only Facebook has an option to Use a secure connection (SSL) when you’re creating a live streaming event to enable secure live streaming with RTMPS. However, it’s only a matter of time before all live streaming platforms will be required to offer secure live streaming with RTMPS. And that day may come sooner than later.
Wrap it up!
If you’re streaming events like corporate town hall meetings, UX studies, or anything that’s highly confidential, you definitely need the added security you get from using hardware video encoders like the Epiphan Pearl Mini or Pearl-2. They offer custom RTMPS streaming, as well as 802.1x network security and HTTPS for secure administration and easy, IT friendly networking.
For more details about the security features on our Pearl family of encoders, see this security white paper.