Next-Generation Token to Fight Piracy and CDN Leeching

Content Delivery Networks (CDNs) are widely used to stream video efficiently across the Internet, but they face persistent challenges from unauthorized access attempts and content piracy, a phenomenon known as CDN leeching. Traditional token-based authentication mechanisms, often relying on long-lived tokens with fixed expiration times, have proven inadequate in addressing these security threats. In response, we propose a novel randomized token rejection mechanism to bolster the security of CDN architectures against unauthorized access attempts. By dynamically adjusting rejection probabilities based on token properties and operational policies, our mechanism enhances CDN resilience while minimizing operational overhead. Furthermore, we present refinements to our approach, including geographic probability of rejection, content-sensitivity, and frequency analysis, to tailor security policies to specific content access patterns. Evaluation results demonstrate the efficacy of our randomized token rejection mechanism in mitigating piracy risks while maintaining operational efficiency. While further research is needed to implement fully transparent token renewal schemes, the current technologies, typically based on the Common Access Token (CAT), already enable the implementation of the randomized token rejection mechanism.

Gwendal Simon | Synamedia | Rennes, France
Gwenaël Doërr | Synamedia | Rennes, France