Protected Streaming is a
DRM
DRM may refer to:
Government, military and politics
* Defense reform movement, U.S. campaign inspired by Col. John Boyd
* Democratic Republic of Madagascar, a former socialist state (1975–1992) on Madagascar
* Direction du renseignement milita ...
technology by
Adobe. The aim of the technology is to protect digital content (video or audio) from unauthorized use.
Protected Streaming consists of many different techniques; basically there are two main components:
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...
and
SWF verification.
This technique is used by the
Hulu desktop player and the
RTÉ Player
RTÉ Player is an on demand video service provided by Irish public media broadcaster RTÉ.
The service provides live and recorded RTÉ television programmes, and content exclusive to the player as well as content from other international broad ...
. Fifa.com also uses this technique to serve the videos on the official site. Some videos on YouTube also use RTMPE, including those uploaded there by BBC Worldwide.
Encryption
Streamed content is encrypted by the
Flash Media Server
Adobe Media Server (AMS) is a proprietary data and media server from Adobe Systems (originally a Macromedia product). This server works with the Flash Player and HTML5 runtime to create media driven, multiuser RIAs ( Rich Internet Applications ...
"on the fly", so that the source file itself does not need to be encrypted (a significant difference from
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...
's DRM). For transmission ("streaming"), a special protocol is required, either
RTMPE
Real-Time Messaging Protocol (RTMP) is a communication protocol for streaming audio, video, and data over the Internet. Originally developed as a proprietary protocol by Macromedia for streaming between Flash Player and the Flash Communication Se ...
or
RTMPS.
RTMPS uses
SSL-encryption. In contrast, RTMPE is designed to be simpler than RTMPS, by removing the need to acquire a SSL Certificate. RTMPE makes use of well-known industry standard cryptographic primitives, consisting of
Diffie–Hellman key exchange and HMACSHA256, generating a pair of
RC4
In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
keys, one of which is then used to encrypt the media data sent by the server (the audio or video stream), while the other key is used to encrypt any data sent to the server. RTMPE caused less
CPU-load than RTMPS on the Flash Media Server.
Adobe fixed the security issue in January 2009, but did not fix the security holes in the design of the RTMPE algorithm itself. Analysis of the algorithm shows that it relies on
security through obscurity
Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component.
History
An early opponent of security through o ...
. For example, this renders RTMPE vulnerable to
Man in the Middle attacks.
Tools which have a copy of the well-known constants extracted from the
Adobe Flash Player
Adobe Flash Player (known in Internet Explorer, Firefox, and Google Chrome as Shockwave Flash) is computer software for viewing multimedia contents, executing rich Internet applications, and streaming audio and video content created on the ...
are able to capture RTMPE streams, a form of the
trusted client
In computing, a trusted client is a device or program controlled by the user of a service, but with restrictions designed to prevent its use in ways not authorized by the provider of the service. That is, the client is a device that vendors trust ...
problem. Adobe issued
DMCA takedown
The Online Copyright Infringement Liability Limitation Act (OCILLA) is United States federal law that creates a conditional 'safe harbor' for online service providers (OSP) (a group which includes internet service providers (ISP) and other Inter ...
s on RTMPE recording tools, including
rtmpdump, to try to limit their distribution. In the case of
rtmpdump, however, this led to a
Streisand effect.
SWF verification
The Adobe Flash Player uses a well-known constant, appended to information derived from the SWF file (a hash of the file and its size), as input to HMACSHA256. The HMACSHA256 key is the last 32 bytes of the server's first handshake packet. The Flash Media Server uses this to limit access to those clients which have access to the SWF file (or have been given a copy of the hash and the size of the SWF file).
All officially allowed clients (which are in fact *.swf files) need to be placed on the Flash Media Server streaming the file. Any other client requesting a connection will receive a "connection reject".
The combination of both techniques is intended to ensure streams cannot be sniffed and stored into a local file, as SWF verification is intended to prevent third party clients from accessing the content. However, it does not achieve this goal. Third party clients are free to write the decrypted content to a local file simply by knowing the hash of the SWF file and its size. In practice, therefore, Adobe's own implementation of the Macromedia Flash Player is the only client which does not allow saving to a local file.
The only possible way to restrict connections to a Flash Media Server is to use a list of known hosts, to avoid the whole player (the Flash client) being placed on an unauthorised website. Even this has no real benefit for mass-distributed files, as any one of the known hosts could take a copy of the data and re-distribute it at will. Thus "known host" security is only useful when the known hosts can be trusted not to re-distribute the data.
Notes
References
Whitepaper by Adobertmpdump 2.1+ (Source code and binaries)Source code of rtmpdump v1.6 by Andrej StepanchukRTMPE specification generated from the rtmpdump source code
RTMFP encryption mechanism (DRAFT) reverse engineered from scratch
{{Adobe Flash
Multimedia
Network protocols