How to secure HLS videos, with AES 128

Question

I have to stream videos for mobile devices from server using Http Live Streaming. the file contains .m3u8 which has listed files of .ts. so how to secure this files to access only authorised users.

score 2 · Accepted Answer · edited Sep 15 '20 at 09:42

2

Basically you could encrypt every chunk with AES-128. AES-128 encrypts the whole chunk with AES using a 128 bit key, Cipher Block Chaining (CBC) and PKCS7 padding. The CBC will be restarted with each segment using the Initialization Vector (IV).

You could do this with ffmpeg by creating a key file that contains the following contents:

Key URI
Path to Key File
IV (optional)

You could create the key with openssl:

openssl rand 16 > video1.key

The file would then contain the following contents:

http://my-server.com/video1.key
video1.key

And then use ffmpeg by providing the path to the key file:

ffmpeg -i input.mp4 -hls_time 6 -hls_key_info_file keyFile playlist.m3u8

This will create the segments and a manifest which should contain a #EXT-X-KEY:METHOD=AES-128,URI attribute.

#EXT-X-KEY:METHOD=AES-128,URI="http://my-server.com/video1.key"

edited Sep 15 '20 at 09:42

Ryan M

18,333
31
67
74

answered Jan 09 '17 at 12:21

Christopher Mueller

357
3
7

1

Note that this is not particularly secure if it's easy to get the key file, e.g. HTTP GET http://my-server.com/video1.key. Look into DRM for better security. – Peter Tseng Jan 22 '19 at 02:05
Any ideas how to secure the key file? Avoiding to HTTP GET my-server.com/video1.key ? – Petr Beneš Jan 30 '22 at 16:20
@PeterTseng Hello, can you explain DRM? – Petr Beneš Jan 30 '22 at 16:22
Generally speaking, DRM protects the key until it reaches the content decryption module on the client device, i.e. other programs cannot access it, in theory. The main DRM options are FairPlay, Widevine, and PlayReady. Generally you choose depending on the devices you want to support. Implementation is complicated, so often companies will pay for a service that handles the DRM. – Peter Tseng Feb 01 '22 at 10:11

score 0 · Answer 2 · edited May 23 '17 at 11:33

0

I have implemented similar module securing .ts files with AES-128 encryption and decrypting it on server. Hope this helps:

https://stackoverflow.com/a/43446800/2429443

edited May 23 '17 at 11:33

Community

1
1

answered May 03 '17 at 05:47

Junaid Mukhtar

815
9
16

How to secure HLS videos, with AES 128

2 Answers2