IAB Tech Lab announces ads.cert 2.0 authentication protocols

Thursday, September 30th, 2021 
IAB Tech Lab logo

IAB Tech Lab Announces ads.cert 2.0 Authentication Protocols to Combat Ad Fraud Across the Digital Advertising Ecosystem

  • Adds Level of Security Across Various Aspects of Omnichannel Advertising for Buyers and Sellers, including SSAI for CTV Ads
  • Now Available for Public Comment until October 30th

NEW YORK — IAB Tech Lab, the digital advertising technical standards-setting body, announced today the ads.cert 2.0, a standard introduced to enhance security in the digital advertising ecosystem by using industry-standard cryptographic security protocols. In particular, the protocols secure buying and selling of programmatic Connected TV (CTV) ad inventory, which is where a number of recent ad fraud attempts have focused on. The updated ads.cert 2.0 will be open for public comment for 30 days, until October 30th.

Developed by the IAB Tech Lab’s Cryptographic Security Foundations Working Group, ads.cert 2.0 establishes a common framework and guidelines for safe and transparent transactions across ad buying and selling through a number of security protocols.

  • The “ads.cert Call Signs” protocol defines a mechanism that enables businesses to be able to formally identify other businesses involved in any one transaction. It does this by using DNS records to publish public keys and metadata about the businesses involved.
  • The “ads.cert Authenticated Connections” protocol adds origin authentication and tamper resistance to any request made server-to-server, such as bid request, creative fetches, impression pings, and billing notifications.
  • The “ads.cert Authenticated Delivery” protocol will authenticate the data in a bid request and enables buyers to identify if any of the bid parameters had been tampered with or changed from the original source.
  • The “ads.cert Authenticated Devices” protocol will support attestation from the manufacturer about the legitimacy of the device the ad is being served on.

The current release includes specifications for “Call Signs” and “Authenticated Connections” protocols. For CTV specifically, ads.cert will address Server-Side Ad Insertion (SSAI) related ad fraud. Applying the Authenticated Connections protocols to SSAI billing notifications helps ensure that the sources of invoices for CTV inventory can be confirmed.

“ads.cert is intended to provide a consistent security framework for all use cases within digital advertising,” said Amit Shetty, Vice President, Programmatic Products & Partnership, IAB Tech Lab. “Ad dollars to CTV continue to accelerate and where the money goes, the fraudsters follow, which is why we have focused on CTV in this release. We recommend that all SSAI providers immediately implement “Authenticated Connections’ and all publishers and buyers require authenticated connections for buying CTV media.”

“As an industry, we must move quickly in adopting tools that help safeguard all inventory and advertising investments,” said Rob Hazan, Senior Director of Product, Index Exchange and Co-Chair of the IAB Tech Lab Security Foundations Working Group. “Standards like the ads.cert 2.0 provide a common framework and open source tools to combat the increasingly frequent ad fraud attempts we’re seeing in CTV, and are a critical component in securing the programmatic supply chain.”

An open source implementation has also been released on IAB Tech Lab’s github repository to ease adoption of the protocol.

Links: IAB Tech Lab