edit-icon download-icon

Using Alibaba Cloud for live streaming, what measures can I take to protect live security?

Last Updated: Apr 11, 2018

Preparations

  • Activate Alibaba Cloud live streaming service

    Alibaba Cloud live streaming service receives live streams and provides a live playback address. Before starting a live streaming activity, you must activate Alibaba Cloud live streaming service. Click Buy Now on ApsaraVideo Live details page.

  • If you can use Alibaba Cloud live streaming service already but have not performed live streaming yet, you must perform streaming operation first.

System architecture

From the following chart, we can control the live streaming security from three aspects.

2

  • Authenticate the streaming address

  • Manage the live stream

  • Authenticate the playback address

Live authentication

Streaming authentication and playback authentication have the same method. Both belong to live streaming authentication.

Authentication principle

The user configures a key for the CDN domain name, and performs hash algorithm with a string composed of an uri used for visiting Alibaba Cloud, a timestamp and a key to generate a hash. This hash and timestamp is part of the request parameter. If the following two requirements are met, the URL can be visited.

  • Timestamp do not exceed the current time.

  • The server side calculates the hash value with the same method, and the hash value is the same with the hash value in the request parameter.

Authentication algorithm

  • Unauthenticated URL:http:// DomainName/AppName/StreamName.flv.

  • Authenticated URL:http:// DomainName/Filename?auth_key=timestamp-rand-0-md5hash.

Parameter description

  • timestamp: The expiration time. A positive integer with a fixed length of 10 digits. Time in seconds from January 1, 1970. This 10-digit integer is used to control the expiration time.

  • rand: Random number, generally set to 0.

  • md5hash: The verifying hash by using md5 algorithm, the algorithm is (assuing the sercret key 123456: md5hash=md5(timestamp-rand-0-123456).

Authetication example

A user set a secret key (xyz) for the domain name a.com and the expected valid time is 2017-07-28 05:43:20. The user wants to use the addressrtmp://video-center.alivecdn.com/live/abc?vhost=a.comfor live streaming. Therefore the corresponding authetication logic is:

Streaming
  • Obtain the live streaming uri:/live/abc

  • Obtain the timestamp: The unixtimestamp of expiration time 2017-07-28 05:43:200 is 1501191800.

  • Combine the encrypted string:/live/abc-1501191800-0-0-xyz.

  • Calculate the encrypted string: md5 (“/live/abc-1501191800-0-0-xyz”) = 7856896499b661b1123dca82d7406aa3.

  • Splice the encrypted streaming URL:rtmp://video- center.alivecdn.com/live/abc?vhost=a.com?auth_key=1501191800-0-0-7856896499b661b1123dca82d7406aa3.

Playback

Playback authentication address adopts the similar algorithm to the streaming authentication address. Take the playback address httpflv as an example.

  • Unauthenticated URL is:http:// a.com/live/abc.flv.

  • Obtain playback URL:/live/abc.flv.

  • Obtain timestamp: The unixtimestamp of expiration time 2017-07-28 05:43:200 is 1501191800.

  • Combine the encrypted string:/live/abc.flv-1501191800-0-0-xyz.

  • Calculate the encrypted string: md5(“/live/abc.flv-1501191800-0-0-xyz”) = b022238fd0cd1c8efae2ba84fc0c9119.

  • Splice the encrypted streaming URL:http://a.com/live/abc.flv?auth_key=1501191800-0-0-b022238fd0cd1c8efae2ba84fc0c9119.

  • Setting method: you can directly performs setting operation on the ApsaraVideo Live console. Use the authetication calculator on the control to easily generate autheticattion URL. For more information, see Live authetication.

Live streams control

Live stream management is aimed at live push streams. In the live streaming process, when finding that the live streaming content is illegal, you can stop the live streaming. Besides, you can ban the live streams through live streams control.

Log on to the ApsaraVideo Live console. In Streams, you can see Add to black list. Once the stream is added to the blacklist, this stream cannot be pushed and does not receive push streams.

2

Thank you! We've received your feedback.