Where media is transferred over an open or an attack-prone network, either complete content or parts of content that can be used to inject maliciously crafted media files can be protected. ISO/IEC 23009-4 may allow out-of-band validation of segment integrity and authenticity, so that, inter alia, a client may be able to detect a mismatch between a received segment and the segment hash or message authentication code. The server side may be unaware of the attack and/or may not be able to localize the attack.