Hardening security of SMPTE ST 2110 networks | EBU Technology & Innovation

Dear user,

Last month, the EBU switched to a new authentication method, Microsoft Entra, and decommissioned the former one (sso.ebu.ch).

What this means for most EBU Members ?

Employees of most EBU Members should now use a federated login to authenticate. This means your organization acts as the identity provider. You no longer need 2 separate accounts or 2 separate passwords. Your work credentials give you access to EBU content.

What to do on the next screen ?

If you already have an EBU account, enter your professional email address and select Next. You will see the EBU logo change to your organization’s logo. Enter your usual work password and, if prompted, accept the sharing of information with the EBU.

What if we are using shared mailboxes ?

The new authentication mechanism does not work with shared mailboxes. If you usually access EBU websites using a shared account, you must create a new individual user account. Scroll down to view the instructions.

If federated login does not work ?

For some EBU Members, as well as the general public, federated login will not work. Login remains possible with your existing account. 3 different cases may occur:

Case 1: If your email address is linked to a Microsoft account, you will be redirected to https://login.live.com. Log in using your usual Microsoft credentials.
Case 2: If your email address is linked to a Google account, you will be redirected to https://accounts.google.com. Log in using your usual Google credentials.
Case 3: If your email address is not linked to either service, you will receive a temporary password by email each time you log in.

What to do if none of the above seems to work ?

Please read the instructions below carefully, as the choice you make during your first login cannot be changed later.

To create a new account, select No account? Create one.

You will have 3 options:

Microsoft: Recommended for users working for EBU Member organizations.
Google: Create an account using your existing Google account.
Other valid email address: A temporary password will be sent to your inbox each time you log in.

If you still cannot log in after following these instructions, contact [email protected].

This webinar provides actionable recommendations for building secure, next-generation media facilities. Endrit Vorfaj demonstrates ways that an attacker could compromise live video and audio streams in ST 2110 networks, and evaluates effective mitigation strategies, such as network segmentation and securing the systems that manage device connections.

The industry's shift to IP-based infrastructures, such as ones based on the SMPTE ST 2110 suite of standards, brings efficiency and scalability. But it also exposes critical broadcast operations to a new range of cybersecurity vulnerabilities inherent to IP networks, including stream hijacking, data tampering, and denial-of-service attacks that can take a station off-air.

Endrit's key finding is that conventional IT security solutions often fail to meet the strict real-time performance demands of live broadcasting. Endrit shows that tailored approaches that bridge the gap between broadcast engineering and cybersecurity, including secure control protocols, can provide robust protection without introducing harmful latency.

Speaker

Endrit Vorfaj (Security Research Assistant, Max Planck Institute)

Endrit is a fresh graduate of the joint master’s program in Cybersecurity at EPFL and ETHZ, currently working as a Security Research Assistant at the Max Planck Institute for Security and Privacy in Germany. His work builds on his Master’s thesis at EBU, where he investigated the security challenges of IP-based media facilities, with a focus on the SMPTE ST 2110 suite of standards. At MPI-SP, Endrit further develops key components, particularly around NMOS IS-10 and the application of encryption in broadcast networks.

Presentations

ST 2110 security

09 Oct 2025

Hardening security of SMPTE ST 2110 networks

Upcoming EBU Events