As part of our work on the AMWA NMOS broadcast production APIs we’re looking at how they can be used with the HTTPS protocol. We’ve now taken a big step forward by releasing BBC R&D White Paper 337 on secure HTTPS configurations for APIs used in broadcast production systems.
Composite image above includes 'ssl' (edited) by Mapbox on Flickr, cc licence.
As with an increasing number of websites, the BBC R&D blog now shows you a little green padlock at the top of your screen to show that you are communicating with our website over a connection secured with HTTPS. HTTPS is a secure version of the HTTP protocol originally devised by Tim Berners-Lee as part of his work on the World Wide Web at CERN. HTTPS has become a cornerstone if IT security, and used well it serves to protect some of our most sensitive information as it moves around the web - credit card details, passwords and even the content you are reading now.
We know that security has to be an important consideration for broadcasters, and as such is a key requirement for our IP Studio project - the 2015 attack on TV5Monde served as a sobering reminder that broadcasters are a very real target for cyber-attacks. As we move to an all IP broadcast future we must also make sure that the new technologies we develop are hardened against attacks that could disrupt our operations. One of the reasons behind our choosing to promote the use of web technologies in broadcast centres was that they have tried and tested security mechanisms. Isolating broadcast networks from the outside world is not sufficient – control systems still provide opportunities for attackers to access the network by other means.
Regular followers of our blog will have seen our work on the AMWA NMOS open specifications; HTTP APIs for doing discovery and registration (IS-04) and connection management (IS-05) for IP broadcast devices. These APIs are an important building block for the future broadcast centres. They provide a common mechanism for finding and connecting IP broadcast devices that are non-proprietary, and as such simplifies working with devices from multiple vendors. We've worked closely with manufacturers on these specifications, and they are already seeing use in industry.
Getting HTTPS right can be difficult. A significant issue is that there are many different permutations it can be configured in. HTTPS's security comes from "tunnelling" HTTP through another protocol - historically this may have been a protocol called SSL (Secure Socket Layer), but now should be TLS (Transport layer security) version 1.2. Continuing to use SSL or an older version of TLS leaves HTTPS open to a range of attacks. Add to this a baffling menagerie of different algorithms that can be used for the various operations required for TLS to work and there is significant opportunity of vulnerability and incompatibility unless we consider these issues carefully.
Our first step towards solving this has been the publication of BBC R&D White Paper 337 - "HTTPS Configuration for the NMOS APIs", outlining the BBC's preferred way of using HTTPS with the NMOS APIs, based on current industry best practice. While secure transport using the HTTPS protocol is by no means the entire solution to securing our APIs we believe it is a vital first step which we can then build on.
This white paper is important for anyone currently implementing these APIs, but is also an interesting read for anyone interested in knowing more about how HTTPS works, and how it keeps all our information secure as it delves into the detail of this ubiquitous protocol.
This is a first step in investigating how we secure the broadcast system of the future, but an important one. We’ll be publishing more work in this area soon, so watch this space!
Tweet This - Share on Facebook
BBC R&D - Securing the Future of Broadcast with Public Key Infrastructure
BBC R&D - Discovery and Registration in IP Studio
BBC R&D - HTTPS Configuration for the NMOS APIs: Securing IP Production Control
BBC R&D - Public Key Infrastructure for IP Production for Broadcast
BBC R&D - Media Synchronisation in the IP Studio
AMWA - Advanced Media Workflow Association
BBC R&D - Industry Workshop on Professional Networked Media
NMOS - Networked Media Open Specifications
BBC R&D - IP Studio: 2017 in Review - 2016 in Review
BBC R&D - Industry Workshop on Professional Networked Media
BBC R&D - High Speed Networking: Open Sourcing our Kernel Bypass Work
BBC R&D - Beyond Streams and Files - Storing Frames in the Cloud
BBC R&D - IP Studio Update: Partners and Video Production in the Cloud
IBC 365 - Production and post prepare for next phase of cloud-fit technology
BBC R&D - Running an IP Studio
BBC R&D - Building a Live Television Video Mixing Application for the Browser
BBC R&D - Nearly Live Production
BBC R&D - IP Studio at the UK Network Operators Forum
BBC R&D - Covering the Glasgow 2014 Commonwealth Games using IP Studio
BBC R&D - Investigating the IP future for BBC Northern Ireland
-
Automated Production and Media Management section
This project is part of the Automated Production and Media Management section
