Products
Products
Video Hosting
Upload and manage your videos in a centralized video library.
Image Hosting
Upload and manage all your images in a centralized library.
Galleries
Choose from 100+templates to showcase your media in style.
Video Messaging
Record, and send personalized video messages.
CincoTube
Create your own community video hub your team, students or fans.
Pages
Create dedicated webpages to share your videos and images.
Live
Create dedicated webpages to share your videos and images.
For Developers
Video API
Build a unique video experience.
DeepUploader
Collect and store user content from anywhere with our file uploader.
Solutions
Solutions
Enterprise
Supercharge your business with secure, internal communication.
Townhall
Webinars
Team Collaboration
Learning & Development
Creative Professionals
Get creative with a built in-suite of editing and marketing tools.
eCommerce
Boost sales with interactive video and easy-embedding.
Townhall
Webinars
Team Collaboration
Learning & Development
eLearning & Training
Host and share course materials in a centralized portal.
Sales & Marketing
Attract, engage and convert with interactive tools and analytics.
"Cincopa helped my Enterprise organization collaborate better through video."
Book a Demo
Resources
Resources
Blog
Learn about the latest industry trends, tips & tricks.
Help Centre
Get access to help articles FAQs, and all things Cincopa.
Partners
Check out our valued list of partners.
Product Updates
Stay up-to-date with our latest greatest features.
Ebooks, Guides & More
Customer Stories
Hear how we've helped businesses succeed.
Boost Campaign Performance Through Video
Discover how to boost your next campaign by using video.
Download Now
Pricing
Watch a Demo
Demo
Login
Start Free Trial
Hosting encrypted video streams ensures the security and privacy of sensitive video content, especially in industries such as entertainment, education, and healthcare. AWS Key Management Service (KMS) can be used to encrypt video files before storing them in Amazon S3 to protect the content during storage and delivery. AWS KMS Overview AWS KMS is a managed service for creating and controlling cryptographic keys. It supports symmetric (AES-256) and asymmetric (RSA, ECC) encryption, with keys stored in Hardware Security Modules (HSMs) for compliance with FIPS 140-2. KMS integrates with AWS services like S3, EBS, and Lambda for seamless encryption workflows. For video streaming, KMS can secure content at rest and in transit by encrypting HLS or DASH manifests and media segments. Key Components for Encrypted Video Streaming To host encrypted video streams, three primary components are required: Customer Master Key (CMK) for encryption/decryption, Media Storage Solution (S3) for encrypted content, and Content Delivery Mechanism (CloudFront) . The CMK can be symmetric (faster encryption) or asymmetric (secure key distribution). AWS Elemental MediaConvert or MediaPackage can apply encryption during transcoding or packaging. Step 1: Set Up AWS KMS for Video File Encryption AWS KMS enables the creation of Customer-Managed Keys (CMKs) that are used for encrypting video files stored in Amazon S3. These keys can be symmetric or asymmetric, depending on the level of encryption required. For video streaming, symmetric keys are typically used as they provide both encryption and decryption capabilities in a single key. Creating a Customer-Managed Key (CMK) in AWS KMS Create a Key : Navigate to the AWS KMS dashboard and create a new customer-managed key (CMK) with the appropriate permissions. Define Key Policies : Set up the key policies to grant specific users or services permission to use the key for encryption and decryption. Enable Automatic Key Rotation : Optionally, enable automatic key rotation to enhance security. Explanation : aws kms create-key --description 'Video Encryption Key' --key-usage ENCRYPT_DECRYPT --origin AWS_KMS Explanation: This command creates a CMK that can be used for both encryption and decryption of video files. It’s crucial to define appropriate key policies for AWS services (e.g., S3, CloudFront) and users to access and manage these keys securely. Step 2: Encrypt Video Files with AWS KMS Before Uploading to S3 Once the CMK is created, you can use AWS KMS to encrypt your video files before uploading them to S3. The aws s3 cp command can specify the use of a KMS key during the upload process. Encrypt Video Files During Upload to S3 aws s3 cp video.mp4 s3://your-video-bucket/ --sse aws:kms --sse-kms-key-id arn:aws:kms:region:account-id:key/key-id Explanation: --sse aws:kms: Specifies the use of AWS KMS encryption during the file upload. --sse-kms-key-id: References the ARN of the KMS key created in Step 1. Step 3: Configure CloudFront to Serve Encrypted Video Streams After uploading the encrypted video files to S3, configure Amazon CloudFront to deliver the video streams securely. CloudFront can be set up to use AWS KMS for encryption at the edge when the video is served to end users. This ensures that the video content remains encrypted in transit. Setting Up CloudFront for Encrypted Video Delivery Create a CloudFront Distribution : Set up a CloudFront distribution for your S3 bucket where encrypted videos are stored. Enable Secure Sockets Layer (SSL) : Use HTTPS for secure delivery of video streams. Specify the KMS Key for Secure Delivery : Configure the CloudFront distribution to decrypt video files using the same KMS key used for S3 encryption. Explanation : aws cloudfront create-distribution --origin-domain-name your-video-bucket.s3.amazonaws.com --viewer-certificate ACMCertificateArn=your-certificate-arn --enabled --default-root-object video.mp4 Explanation: This sets up a CloudFront distribution to serve the encrypted video streams from the S3 bucket. The SSL configuration ensures secure transmission of video files to end users. Step 4: Secure Access to Encrypted Video Files To prevent unauthorized access to encrypted video files, AWS IAM roles and CloudFront signed URLs can be used to control access to the video streams. Only authenticated users should be allowed to access the video content. Using CloudFront Signed URLs for Secure Access CloudFront signed URLs can be generated to restrict access to video content. These signed URLs allow the user to access the encrypted video stream for a limited period, ensuring that only authorized users can view the video. Explanation : aws cloudfront sign --url 'https://d1234.cloudfront.net/video.mp4' --key-pair-id your-key-id --private-key file://private-key.pem --expires 1616182304 Explanation: AWS CloudFront sign generates a signed URL for the specified video. The URL can be set to expire after a given period, ensuring temporary access. Step 5: Decrypting the Video for Playback When a user accesses the video stream through CloudFront, the decryption happens automatically as long as the appropriate KMS permissions are in place. The content is decrypted in real-time as it is streamed to the user's device, ensuring a seamless playback experience. Automatic Decryption During Playback CloudFront handles decryption automatically for videos that are encrypted using AWS KMS. When the signed URL is used to request the video, CloudFront decrypts the content using the KMS key and serves it to the user. Explanation : No additional action is required by the user or client-side application to decrypt the video stream. CloudFront and S3 manage the decryption process transparently. Best Practices for Secure Video Streaming Key Management : Regularly rotate encryption keys to minimize security risks. Ensure that only authorized users and services have access to the keys. Use HTTPS : Always use HTTPS for secure transmission of video content to protect it from man-in-the-middle attacks. Limit Access with Signed URLs : Use CloudFront signed URLs to restrict access to video content and control how long users can view the videos. Monitor Access : Use CloudWatch metrics and logging to monitor access to video streams and identify any potential security issues. Test Across Devices : Ensure compatibility and performance across different devices to provide a consistent viewing experience.
Video Hosting
Image Hosting
Galleries
Video Messaging
CincoTube
Pages
Live
