Hierarchical Hashing for End-to-End Integrity in HLS Video-on-Demand (VOD)
摘要
HTTP Live Streaming (HLS) is a widely used protocol for adaptive bitrate video delivery, but it has a major security weakness: manifest files (.m3u8) are stored in plaintext. These files control playback, segment order, and access to decryption keys, so they can be modified when served from an untrusted Content Delivery Network (CDN). This allows attackers to inject malicious segments or redirect clients to fake URIs. Existing defenses such as PKI signatures, DRM, or the exclusive use of TLS are limited, complex, or do not protect the manifest itself. We propose a hierarchical hashing method to provide end-to-end (E2E) integrity for HLS streams. SHA-256 hashes are computed and added at every level, from media segments to variant and master playlists, forming a chain of trust. The chain is linked by a single root hash, requiring no hash database on the server. The root hash is delivered to the client through a secure channel so all content can be verified before playback. Our prototype shows very low overhead: 10–20 ms per segment on the client and only 1–3% additional time during packaging. The design is simple, CDN-agnostic, and easy to integrate with existing players. It is practical for video-on-demand (VOD) scenarios such as e-learning, corporate video, and digital libraries, where simplicity and maintainability are as important as security and integrity, and it aligns with the software quality attributes defined in ISO/IEC 25010.