ShieldStream is a piracy-proof video streaming backend that protects premium content with enterprise-grade security. Built for hackathons but designed with real-world DRM challenges in mind.
🌍 Why ShieldStream?
Digital piracy costs billions every year.
$75B – Global annual revenue lost to digital piracy (Motion Picture Association)
₹2,000 Cr – Revenue lost by Indian EdTech in 2024 alone (EY–IAMAI Report)
62% – Courses experience unauthorized sharing within weeks of launch (VdoCipher Research)
ShieldStream tackles this by combining AES-128 encryption, short-lived SAS URLs, JWT authentication, and secure backend proxying.
🔐 Key Features 🚀 Production-Ready Backend Security
Secure Upload → Videos uploaded to Azure Blob Storage with automatic HLS segmentation and AES-128 encryption
Rotating JWT Authentication → Short-lived access tokens + one-time refresh tokens (prevents replay attacks)
Time-Limited Access → Dynamic SAS URLs (2 min expiry), HTTPS enforced, prevents link sharing
Proxy Access → Clients never hit Azure directly. All .ts segments and .key files are proxied via backend
Session Validation → Each request validated against MongoDB WatchSession (blocks unauthorized playback)
🎥 Streaming Technology
HLS Streaming → Adaptive bitrate for smooth playback
AES-128 Encrypted Segments → Protects against raw file downloads
No Direct Blob Access → Azure Blob URLs are hidden, only backend serves media
Demo Mode → Falls back to sample video if Azure credentials are missing
🛠️ Tech Stack
Backend → Node.js + Express
Database → MongoDB (User & Session Management)
Storage → Azure Blob Storage
Encryption → AES-128 + short-lived SAS tokens
Streaming → HLS (HTTP Live Streaming)
⚙️ How It Works
Upload → Content uploaded to Azure → converted into .m3u8 + .ts segments with AES-128 key
Backend Proxy → All segment & key requests routed through /api/stream/:id/...
Authentication → JWT + MongoDB sessions validate every playback request
Time-Limited Access → SAS URLs expire in 2 minutes, forcing secure revalidation
Playback → Frontend HLS player streams content seamlessly
📊 Security Highlights
🔑 AES-128 Encrypted Segments & Keys
🔒 Rotating SAS URLs (2 min expiry)
🚫 No Direct Blob Access (all requests proxied via backend)
🧾 JWT + Session Validation in MongoDB
🌐 HTTPS Enforced for all traffic
📂 Backend Status
Authentication → ✅ Active
Encryption → ✅ AES-128
Storage → ✅ Azure Blob
Streaming → ✅ HLS + Proxy
👨💻 Hackathon Ready
✅ Fully working prototype
✅ Real-world inspired DRM security
✅ Clear problem statement & global impact
✅ Scalable architecture
© 2025 ShieldStream. All rights reserved.