Precision Time Protocol (PTP) is an important element of any IP infrastructure, and the industry has been keen to see a SMPTE report on PTP security, looking at issues and mitigations around the core timing infrastructure. George Jarrett talks to former SMPTE VP of Standards Development Bruce Devlin about this key work.
As Bruce Devlin explains, the SMPTE report came from a combined piece of work from the Joint Task Force on Networked Media (JT-NM). “We were trying to look at it as if there was a bad actor loose; what is fragile, and what can we do about it? One of the thoughts was, if you get rid of the timing system you could actually cause some havoc,” he says. “We decided to look and discover what a bad actor might do, and how you could mitigate against that.”
“That was the basic thinking, but as we have been studying this subject there have been developments behind the scenes within the IEEE, and there have been more developments in the way the security landscape has changed over recent years,” he adds. “As our report approaches completion, the shifting sands of the security landscape are shifting with the report. This is an interesting dynamic.”
The work has identified a number of issues or aspects that require further actions or wider considerations, including in the field of training and awareness.
“Those are absolutely the number one things. Back in the SDI days it was somewhat difficult to attack an SDI plant because it was a very specialist set of engineering, but now we are using plain old switches and plain old networks, and the barrier to entry to these networks has diminished,” says Devlin.
“Remember the adage that anything online can be hacked. The best you can do is make it really difficult for the bad actors so that they spend too many resources attacking you; it is not worth their while both economically and time wise. Because we are using IP protocols which are ubiquitous around the planet, we have to make sure that a bad actor with specialist knowledge of IP protocols cannot do bad things to your PTP network.”
Take the deep dive into IP and PTP
The report looks at all the ‘what ifs’ around the bringing down of a network by attacking the timing system or hitting the GPS network. Regarding better awareness and good practices are the pioneering users of IP aware of this problem?
“The pioneers definitely are, but they have struggled to find sufficient knowledgeable people who can take the deep dive into IP and PTP and networking technologies,” he explains. “Somebody has to have all those skills, and then apply them to technically getting low latency sports, for example, to the viewer in high quality.”
“There are an awful lot of skills that you need to be expert at in order to be able to join all those things together, so trying to find people who are expert in everything is almost impossible,” he adds. “You have to find ways to educate IP and PTP experts in the ways of media, and you have to get the media guys to be experts in the ways of PTP. The pioneers have had to do a lot of that training internally, but as an industry we are starting to identify where the gaps are.”
SMPTE will soon announce training courses for the issues Devlin identified. Back with the technology, the pioneers are starting to see small cures and tonics, like the PTP report and AMWA’s brilliant NMOS initiatives. Is IP gaining flesh?
“As our report approaches completion, the shifting sands of the security landscape are shifting with the report. This is an interesting dynamic,” Bruce Devlin
“Yes. It is exactly that. We have got the core network, getting stuff from A to B at the right time. But now what we are trying to do is to take away all the friction involved in building a versatile 1000-camera network that just works in five territories. That is a big ask,” he says.
“Think about the amount of time it took between the first satellite broadcast and getting the Eurovision network working seamlessly. That was a decade, and we are trying to do all of that with IP in the space of two or three years. This is trying to do it 3x, 4x faster for something that is an order of magnitude more complex.
This is a big ask with a lot of moving parts. “The limiting factor to a large extent is the number of people with the brain cells that cover both domains. They are a bit rare at the moment,” he says.
Kind of de facto
SMPTE’s look into fast metadata exchange is another small frontline. “Indeed. In some ways it seems a bit crazy to take metadata that might have been wrapped in SDI, keep it in the SDI wrapper and pass it over IP. This is kind of de facto at the moment, and for an early adopter scenario that is not as crazy as it sounds because the devices at each end that use that metadata are familiar with the SMPTE standard,” says Devlin.
“What fast metadata exchange (FMX) does is it unwraps the SDI wrapping and presents it like the bare metadata. This is much more efficient, but you then have to make certain that all the devices at each end are aware of this new way of sharing this metadata,” he adds. “It is all a matter of timing, and eventually everything will be FMX. In the short term however, there will be a lot of SDI devices out there.”
There are a lot of people with a lot of SDI plant that is working very well, so does IP bring them a change in their commercial standing?
“Well, not necessarily. What IP brings is an awful lot more versatility, and if you can use that versatility to improve your business you are going to be an early adopter,” he explains. “Look at the unbelievable stuff that Eurosport and Discovery are putting together. They do things that could not be done in SDI, and that is their unique selling point.”
“You have to find ways to educate IP and PTP experts in the ways of media, and you have to get the media guys to be experts in the ways of PTP,” Bruce Devlin
Does proprietary technology fit into the future as a value or a curse?
“Throughout the history of media technology there has always been great proprietary technology, sometimes at the core of what people are doing, sometimes at the edges. I am absolutely convinced that in the world of ST-2110 there’s a whole bunch of proprietary stuff out there that will eventually become the de facto way of doing it, and then the standard way of doing it,” says Devlin.
“The one thing I have learned from all the standards I have been doing since 1997 is that a lot of this stuff comes in waves. It is not a linear incremental progression at all,” he adds. “In terms of IP TV production, we are at the beginning of the wave. Around the edges to do with control and removing friction when you jump between systems there is a lot of proprietary stuff that will become standards over coming years.”
New iterative methodology
As he hands over the VP role to Florian Schleich, Technical Integrations Manager, Production Innovation with Netflix, what is the biggest frustration Devlin is leaving behind after four years?
“It is the gap in working methodology between the software coders, who are building new products, and a lot of the workflows that standards groups and trade associations use to fix interoperability problems. Code writing is really quite sophisticated, very iterative and very agile, and the way we write documents is still a little old fashioned,” he says. “If we could just get some of this new iterative methodology into the way that we get smart people to agree we might end up in a better place.”