RTMPe Streaming: How does Secure RTMP Streaming work?




rtmp Stream, rtmpe streaming

RTMP Stream: The Technology

Real Time Messaging Protocol is used to stream multimedia data – audio and video  – between Flash Media Server and Flash Player. The chief utility of RTMP stream is in the optimization of the audio and video data transfer between the server and player. Its major use comes in Dynamic live streaming, and because of the encryption service RTMPE (which, despite of its security flaws, has a wide use) . In this blog post I expand upon – 
  • Use as Streaming protocol – How RTMP evolved as a widely used real time streaming protocol
  • Differences from other streaming protocols, strengths – In what aspects it differs from newer streaming protocols such as  HLS & HDS.
  • Use Cases – We also discuss certain RTMP use cases.
  • RTMPE – Utility of Encrypted RTMP and the flaws in its security services.
  • Flaws in Security & Streaming reliability

RTMP transfer across media server, CDN and flash player

Is RTMP Stream Optimal for Low Latency Transmission ?

RTMP stream does not use either of the 80/443 ports(HTTP/HTTPS) ports, but instead uses the 1935 port. An exclusive port for video packet transmission signifies that the RTMP stream protocol is suitable for transmission of low latency content – essentially live streaming of video content, and streaming of media without buffering. However, by using this port RTMP stream becomes vulnerable to being blocked by certain corporate firewalls.
RTMP stream is theoretically optimal for low latency streaming as the RTMP pointer is always in sync with the media server at the exact point of stream. This means that if their is signal interruption for say 5 seconds, the flash player will not display the signal for 5 seconds, but would resume at the real time when the signal over the network resumes. The stream should therefore never lag inspite of poor network, although the quality of video may suffer.
RTMP Stream: VOD across media server, CDN, Flash Player

Adaptive Streaming through RTMP

RTMPE is suitable for live streaming as it does not download any video packets except at the time of streaming – there is no buffering of content as would occur with a progressive media player. The bitrate can be dynamically decided to optimize user experience over the available network. Dynamic streams consist of multiple single streams of the same content, all of different quality. RTMP stream relies on dynamically adaptive content transfer to maintain video playback at periods of uneven network quality

RTMP stream is distinct from Progressive Streaming Players

Progressive media players, a category that includes popular video players Youtube, Vimeo & VdoCipher, allow video portion of the future video part to be downloaded as well. Essentially it allows for a future buffer in player. Progressive Streaming is now a common feature across all popular video hosting services across the internet. The shifting of video metadata from the end of media file to the front allows this possibility. Thus, before the download of complete media file, the media player has all the information that it requires to start playback.
In progressive streaming, the media is stored in the temporary directory of the associated web browser. This is the concept on which most downloaders or download software/plugins work. They are able to fetch this data which is coming into the browser.
With RTMP there is no storage in a temporary directory, and instead a continued direct streaming between the two servers. It is conceptually live and does not have any future buffer even for recorded videos.

Encrypted RTMPE & Security

Encrypted RTMP (RTMPE) wraps the RTMP stream session in a lightweight encryption layer. Through Encrypted RTMPE, the streaming protocol provides low-level stream encryptions for high-traffic sites. RTMPE uses Anonymous Diffie-Hellman key exchange method. In this algorithm two parties – the media server and the flash player – establish a shared secret key over an insecure channel. However, the initial point of secret key sharing is unsecure. The media server cannot verify the identity of the media player. This leaves the player vulnerable to man-in-the-middle attacks at session initializations.
RTMPS is an RTMPE over a secure TLS/SSL connection. The underlying algorithm of RTMPE remains the same, but a secure SSL connection precludes a man-in-the-middle attack from unknown third parties. However there is still the case in which the client can grants access to a third party.  Through  this user can download the stream content.  In that case the video download is easy, leaving the content provider vulnerable to the potential piracy from end users for illegal distribution.
Security
RTMP Stream Encryption
As explained, RTMP stream never has a block of data, only a pointer to the current live data. Owing to this no local storage of data RTMPE occurs. RTMPE can therefore, with an additional layer of security, be a means for video transmission locally. As discussed, RTMPE was quite different from other streaming players in concept of its streaming protocol. Thus, not many downloaders or plugins are built to grab it. Thus, it has a certain level of protection sometimes pitched with it.

RTMPDump to Download RTMP Videos

RTMP dump is an RTMP toolkit to connect to Flash Media servers just like normal flash players. It stores the data from the RTMP connection, sometimes used to capture the stream from the server. This allows local saving of the video file. This opens a means by which TV shows and videos on demand being streamed via this can be downloaded to cause piracy.

RTMP Stream and Content Delivery Networks(CDN)

RTMP also requires direct constant connection with a Flash Media Server throughout the period of playback, as there is no local storage. Every flash client has to maintain state with the media server all the time.  This results in higher CDN cost. 
Currently, CDNs have started to phase out RTMP. Although CDNs Akamai and Amazon Cloudfront have committed to supporting its streaming, they accept that usage traffic has declined considerably over the previous years. Limelight supports RTMP for video ingestion from content provider to CDN server, which routs to the video user through HTTP. 

Alternative to RTMP – High Secure & Smoother Streaming

As seen above, it has primary two problems –
1. Poor streaming due to no future buffer and constant server to player connections.
2. Downloadable through RTMPdump compromises security from piracy.
VdoCipher encryption through backend OTP
VdoCipher offers completely encrypted data transfer, viewer specific watermarking and backend authentication. This ensures highest security from any downloader or plugin looking to hack content. The OTP given to the specific viewer is authenticated at backend, precluding access from anyone except the intended video user.
VdoCipher has a progressive buffer-conserving player. On seeking the video to past or future timeline, the buffer remains conserved, thereby demanding lower bandwidth. Our video player is optimised for serving at both low and high bandwidth – VdoCipher serves viewers in tier II and tier III cities in India, we also have major clients across Africa. Our streaming has been highly effective even at lower connection speeds.
For a full version 5 GB free trial , please visit VdoCipher.
Ref – 1
Video Streaming Hosting VdoCipher

Comments

Post a Comment