Design and implementation of a secure media content delivery broker architecture

With the current evolution of applications towards distributed deployment on heterogeneous systems, possibly owned by different business players, subsystems typically interact through XML-messages (although alternatives exist) to ensure proper operation of the application. In this context the Web service technology is becoming the main player. Despite the impressive efforts to standardize Web services in all its aspects, there still is a lack of clarity in the area of security. Therefore, this paper compares security mechanisms on transport and message layer. Since Media Content Delivery (MCD) uses many services, each requiring a different security, it is difficult to build trust in the MCD architecture and thus a broker service is used with specialized algorithms to optimize the selection and security of services. The results show that secure Web services perform better using transport layer security. Nevertheless, since non-repudation is of high importance in MCD architectures and cannot be achieved by transport layer security, a combination of transport and message layer security will be used and motivated to secure the MCD broker architecture presented in this paper. Combining SSL and WSS, a trade-off is achieved between performance and security functionality, resulting in an optimally secure architecture at low performance penalty. A proof-of-concept architecture has been built to evaluate the security countermeasures for video content delivery.