As part of our work on the AMWA NMOS broadcast production APIs we’re looking at how they can be used with the HTTPS protocol. We’ve now taken a big step forward by releasing 91Èȱ¬ R&D White Paper 337 on secure HTTPS configurations for APIs used in broadcast production systems.
Composite image above includes 'ssl' (edited) by on Flickr, .
As with an increasing number of websites, the 91Èȱ¬ R&D blog now shows you a little green padlock at the top of your screen to show that you are communicating with our website over a connection secured with . HTTPS is a secure version of the HTTP protocol originally devised by as part of his work on the . HTTPS has become a cornerstone if IT security, and used well it serves to protect some of our most sensitive information as it moves around the web - credit card details, passwords and even the content you are reading now.
We know that security has to be an important consideration for broadcasters, and as such is a key requirement for our IP Studio project - the served as a sobering reminder that broadcasters are a very real target for cyber-attacks. As we move to an all IP broadcast future we must also make sure that the new technologies we develop are hardened against attacks that could disrupt our operations. One of the reasons behind our choosing to promote the use of web technologies in broadcast centres was that they have tried and tested security mechanisms. Isolating broadcast networks from the outside world is not sufficient – control systems still provide opportunities for attackers to access the network by other means.
Regular followers of our blog will have seen our work on the AMWA NMOS open specifications; HTTP APIs for doing and for IP broadcast devices. These APIs are an important building block for the future broadcast centres. They provide a common mechanism for finding and connecting IP broadcast devices that are non-proprietary, and as such simplifies working with devices from multiple vendors. We've worked closely with manufacturers on these specifications, and .
Getting HTTPS right can be difficult. A significant issue is that there are many different permutations it can be configured in. HTTPS's security comes from "tunnelling" HTTP through another protocol - historically this may have been a protocol called SSL (Secure Socket Layer), but now should be TLS (Transport layer security) version 1.2. Continuing to use SSL or an older version of TLS leaves HTTPS open to a range of attacks. Add to this a baffling menagerie of different algorithms that can be used for the various operations required for TLS to work and there is significant opportunity of vulnerability and incompatibility unless we consider these issues carefully.
Our first step towards solving this has been the publication of 91Èȱ¬ R&D White Paper 337 - "HTTPS Configuration for the NMOS APIs", outlining the 91Èȱ¬'s preferred way of using HTTPS with the NMOS APIs, based on current industry best practice. While secure transport using the HTTPS protocol is by no means the entire solution to securing our APIs we believe it is a vital first step which we can then build on.
This white paper is important for anyone currently implementing these APIs, but is also an interesting read for anyone interested in knowing more about how HTTPS works, and how it keeps all our information secure as it delves into the detail of this ubiquitous protocol.
This is a first step in investigating how we secure the broadcast system of the future, but an important one. We’ll be publishing more work in this area soon, so watch this space!
-
91Èȱ¬ R&D - Securing the Future of Broadcast with Public Key Infrastructure
91Èȱ¬ R&D - Discovery and Registration in IP Studio
91Èȱ¬ R&D - HTTPS Configuration for the NMOS APIs: Securing IP Production Control
91Èȱ¬ R&D - Public Key Infrastructure for IP Production for Broadcast
91Èȱ¬ R&D - Media Synchronisation in the IP Studio
91Èȱ¬ R&D - Industry Workshop on Professional Networked Media
91Èȱ¬ R&D - IP Studio: 2017 in Review - 2016 in Review
91Èȱ¬ R&D - Industry Workshop on Professional Networked Media
91Èȱ¬ R&D - High Speed Networking: Open Sourcing our Kernel Bypass Work
91Èȱ¬ R&D - Beyond Streams and Files - Storing Frames in the Cloud
91Èȱ¬ R&D - IP Studio Update: Partners and Video Production in the Cloud
91Èȱ¬ R&D - Running an IP Studio
91Èȱ¬ R&D - Building a Live Television Video Mixing Application for the Browser
91Èȱ¬ R&D - Nearly Live Production
91Èȱ¬ R&D - IP Studio at the UK Network Operators Forum
91Èȱ¬ R&D - Covering the Glasgow 2014 Commonwealth Games using IP Studio
91Èȱ¬ R&D - Investigating the IP future for 91Èȱ¬ Northern Ireland
-
Automated Production and Media Management section
This project is part of the Automated Production and Media Management section