Secure Streaming/Authentication.

[rpowers]

I've done some searching and I've read on there that security have never really been a top concern for the VLC project team. I'm just hoping perhaps someone can give me ideas.

We're working on a remote monitoring/control system for one of our sites, and currently, we're just streaming two webcams using VLC's http streaming. At our firewall, we only allow traffic to the streaming servers from one specific user's home IP address. This works, but the problem is, his IP changes very often (he has DSL). It isn't practical to update firewall rules every time he tries to connect and monitor the systems.

I'm quite sure VLC is the right software for the job, simply because it's very simple to setup a stream (two streams from a Windows machine, just run the shortcut and it starts up VLC, and sets up the streaming.), and simple to view the stream (a shortcut, again, will open it up.).

I've been researching the web-embedded methods for streaming, and I have not been able to make them function, and frankly, I'm not sure that they can provide the security or authentication needed.

The details:
We have one user who will primarily view the streams. He uses DSL at home and his IP address changes regularly, so hard-coding a single IP is not possible. There are two streams, and the server's IP and port are static. The server is behind a hardware firewall - if you have any ideas as to how to use this to our advantage, please tell me.

One thought I had was to have the user use a dynamic hostname service and try to have the firewall resolve via that hostname for the allowance rule.

Thanks,
Just hoping someone has had to do this before. I may look into hacking up the source code to provide basic authentication, but that would be a large process for me.

[xtophe]

There have been some development lately about TLS/https/...
Try to ask courmish on irc

[rpowers]

I might be asking for compile help. I had a thought about how to make it semi-authenticated. Custom build VLC with modifications to the HTTP protocol syntax such that you need a specific copy of the client (which only the intended user would be furnished with). I'm working on trying to compile it in CygWin, but that's a post for another day.

Thanks anyway.

[anuragphadke]

How about authentication via keys, ie. before receiving the specific stream, the client sends his ID to the server, and only on a match the server starts streaming it to the client. This can be done over http/s (as firewalls normally don't block it). I don't think it will take anything more than a few socket calls.

[rossmac]

Can I suggest that you consider streaming your video via OpenVPN (openvpn.net).
- Software is free.
- It's simple to set up.
- You can run it as service under windows (or as a daemon under Linux,
I think - I'm running windows).
- You can have the VPN permanently up
(run it as a service on both client and server ends)
- There is a GUI application that can be used to initiate and take down
a connection, if you prefer manual operation
- It supports either very simple private key cryptography or more
flexible (but more complex) public key cryptography
- I have streamed music through an OpenVPN link, but I can't say
I have tried video, caveat emptier

If you want to try it with windows I can probably provide some assistance. With Linux the user mailing list is probably the place to get assistance.

/Ross