Watermarking solutions are either implemented on the client-side, the server-side, or a mix of both (“hybrid”). Of late, OTT providers have been mostly inclined towards client-side or “hybrid” approaches to maximise user-experience and reduce costs. At the client-side, the logic is either implemented at the firmware or at the SDK level where the OTT client-related information is inserted. This information must always be generated in the form of a randomized ID at the server-side to make its reverse-engineering tougher for an attacker. In the “hybrid” approach, the server preprocesses the content to create different versions and the watermark is then inserted or managed at the edge servers or at the client-side.
When the watermark is placed on the client-side, the watermarking logic is exposed which can be tampered with by using readily available tools such as browser-debugger and bypass watermarking. Attackers can compromise the watermark protection either by reverse-engineering the agent’s exposed JavaScript code or by tampering with the DOM. Hence, it is crucial for content providers to employ tamper-proofing solutions to forensic video watermarking as an additional security measure for DRM protected content. Tamper-proofing a) helps in detecting if a code has been altered and b) causes the program to fail if tampering is evident.
To address the first problem—JavaScript reverse-engineering—the watermarking agent’s JavaScript code needs to be protected. This can be done by JavaScript obfuscation which transforms the code into an unreadable, hard to reverse-engineer format, while still running on the web browser. In addition to obfuscation, anti-tampering and anti-debugging capabilities can be introduced for robust JavaScript protection. They work by breaking the web-player whenever an ill-intentioned user tries to debug or modify the watermarking agent’s logic, thereby preventing any dynamic or static code analysis. The second problem—DOM tampering—can be addressed by monitoring the DOM in real-time in order to detect and block any attempts at removing or modifying the watermark. These include changes to overlays which are achieved by tampering with the DOM (changing its HTML elements or CSS properties). A web page monitoring solution should therefore detect these changes to the watermark irrespective of the delivery mechanism.
