ideas wanted for secure display of media resources

Rodney Tamblyn rodneytamblyn at paradise.net.nz
Mon Nov 3 18:50:02 EST 2003 

I have a project which requires display of a significant number of  
media resources.  These comprise QuickTime movies and image files, the  
latter mostly high resolution jpg files in the 500 to 1.5Mb file size  
range.  The project needs to be distributed on CD/DVD-ROM.  My issue is  
that I need to be able to keep the resources reasonably secure.  I'm  
planning to store the resources in encrypted Valentina database(s) on  
the CD-ROMs.  The problem comes when I retrieve the data for display.

Here's some ideas I've had so far:
(1) read media resources from Valentina DB and write out to temporary  
files.  This will work fine, however there's nothing to stop the user  
from copying the files out of the temporary file store.   To get around  
this I can delete files as soon as they are not being used.  For  
images, an interesting option is to write the image file out to disk,  
display it (set the filename of image x to <file>) then delete the  
file.  Revolution will continue to display the image as it is loaded  
into memory.  However this approach obviously wouldn't work for movies.
(2) create a small http server application that retrieves the media  
from the database.  Serve media to display application which displays  
within a movie object by setting filepath to a URL.  QuickTime would  
download the media data from the server and store it in secure cache.   
I tried (as a test) creating a stack that served a movie via http (say  
127.0.0.1/test.mov) , then created a movie in the same stack and set  
its URL to 127.0.0.1  Unfortunately this crashed Metacard - it seems  
you can't write data to a socket and that is being retrieved via a  
player in the same stack.  It would be necessary to run the http server  
as a separate process.  By utilizing information hidden in header  
packets it would be possible to ensure that the server only accepted  
requests from the client application.  However this would not stop a  
truely determined hacker from using packet capture to retrieve the data  
(eg ethereal).  While this approach should work, but it's a cludge and   
is flawed from a security viewpoint. Would require using Player objects  
for all media types (?) as I am not sure whether an image object would  
use the QuickTime cache to store URL-loaded files (I think it uses  
libURL to download them to a temporary file).
(3) encrypt movies using Sorenson Pro, with a media key.  Revolution  
does not support management of QuickTime Media Key so I would have to  
write an external to do this.  Would require recompressing movies,  
which is not very practical in my situation.
(4) read images into stack file.  Retrieve stack from database to  
variable and open it (stack file not written to disk).  Transfer image  
for display (put image 1 of stack x into image y of stack z), then  
close stack and empty the stack variable. Of course you could just set  
the imageData directly from the database, but imageData is  
uncompressed, this way you can store the image in binary format.  The  
approach is a bit of a cludge, and memory inefficient, and wouldn't  
help with managing QuickTime movies which would typically be too large  
for this approach to work.
(5) write an external to display images and QuickTime movies.   
Disadvantages: cost and risk to project.  I'd probably rather bite the  
bullet and do it in another authoring tool like Director.

I'm sure that I am making this too complex.  My gut instinct is that  
writing the files to temp files and managing this carefully would make  
it sufficiently difficult to retrieve them to dissuade most users from  
trying. However I can't pretend to the client that this is secure.

One solution to this problem would be to support writing to movie and  
picture controls.  If you think this would be a good way to go, please  
vote for these feature suggestions.  For more information see:
http://www.runrev.com/revolution/developers/bugdatabase/ 
show_bug.cgi?id=860
http://www.runrev.com/revolution/developers/bugdatabase/ 
show_bug.cgi?id=861

If anyone knows a good secure way of managing and displaying media  
assets within Revolution please let me know.

--
Rodney Tamblyn
44 Melville Street
Dunedin
New Zealand
+64 3 4778606
http://rodney.weblogs.com/

More information about the use-livecode mailing list