» Triple Play; Triple Threats? IPTV Security. Yen-Ming Chen Senior Principal Consultant Foundstone, A division of McAfee

Similar documents
Demonstration of Internet Protocol Television(IPTV) Khai T. Vuong, Dept. of Engineering, Oslo University College.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Internet Protocol Television (IPTV)

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Trends of Interactive TV & Triple Play

VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ======

Securing end devices

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Voice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005

SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMS Infrastructure of audiovisual services Communication procedures

IPTV over Fiber Optics for CPE Installers

IxLoad: Testing Microsoft IPTV

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Information Security. Training

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

VOICE OVER IP SECURITY

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Solutions Focus: IPTV

SS7 & LTE Stack Attack

Security and Risk Analysis of VoIP Networks

NETWORK SECURITY ASPECTS & VULNERABILITIES

Intrusion Prevention: The Future of VoIP Security

Directory and File Transfer Services. Chapter 7

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

What is Web Security? Motivation

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Converged Video Network Security

Review: Lecture 1 - Internet History

CCNA Exploration: Accessing the WAN Chapter 7 Case Study

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

ICTTEN4215A Install and configure internet protocol TV in a service provider network

COB 302 Management Information System (Lesson 8)

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

How Can Telco Exploit the Internet TV Prospect?

Top Ten Cyber Threats

The Opportunity for White-labeled IPTV & OTT TV for MNOs, MSOs and ISPs. Date: 19 January 2014

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

IPTV Overview. Presented by Paul Ashun. TV Platforms Group BBC 2008

E-BUSINESS THREATS AND SOLUTIONS

STB- 2. Installation and Operation Manual

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

diversifeye Application Note

Chapter 2 Introduction

Voice over IP Security

The necessity of multicast for IPTV streaming

Applications that Benefit from IPv6

ANTIK JUICE IPTV DEMO KIT MANUAL

WHITE PAPER. Centrally Monitoring Set-tops and Implementing Whole-Home Video Assurance

Southwest Arkansas Telephone Cooperative Network Management Practices

Traffic load and cost analysis for different IPTV architectures

How to make free phone calls and influence people by the grugq

Promoting Network Security (A Service Provider Perspective)

5 IPTV MONITORING BEST PRACTICES

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Broadband Cable Service Deployment at WorldCall Telecom - Pakistan. Hassan Zaheer Manager Operations Broadband Division

Conducting an IP Telephony Security Assessment

Security aspects of e-tailing. Chapter 7

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Marratech Technology Whitepaper

CS5008: Internet Computing

The Picture must be Clear. IPTV Quality of Experience

Professional Penetration Testing Techniques and Vulnerability Assessment ...

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Who is Watching You? Video Conferencing Security

Smart LNB. White Paper. May 2014

itvfusion 2016 Online Training Syllabus

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Own your LAN with Arp Poison Routing

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Universal plug and play (UPnP) mapping attacks

Evolving Telecommunications to Triple Play:

Securing SIP Trunks APPLICATION NOTE.

Basic Vulnerability Issues for SIP Security

EXPLORER. TFT Filter CONFIGURATION

The Trivial Cisco IP Phones Compromise

Kommunikationsdienste im Internet Möglichkeiten und Risiken

Basics of Internet Security

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Adaptive Bitrate Multicast: Enabling the Delivery of Live Video Streams Via Satellite. We Deliver the Future of Television

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

SmartTV User Interface Development for SmartTV using Web technology and CEA2014. George Sarosi

ADVANTAGES OF AV OVER IP. EMCORE Corporation

Fraud Detection for Next-Generation Networks

Secure Networks for Process Control

Best Practices for Securing IP Telephony

itvsense Probe M-301/M-304

Network Security. Network Packet Analysis

TR-069 Brings Flexibility To DSL Remote Management

Security in Space: Intelsat Information Assurance

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

IPTV Primer. August Media Content Team IRT Workgroup

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Transcription:

» Triple Play; Triple Threats? IPTV Security Yen-Ming Chen Senior Principal Consultant Foundstone, A division of McAfee

Agenda» Triple Play Strategy The Business Case» IPTV Introduction» IPTV Security» Countermeasures» Conclusion 2

Introduction Yen-Ming Chen» Sr. Principal Consultant» Been with Foundstone for 6 years» Contributing author of four security books and numerous published articles.» Master of Science in Information Networking from C.M.U.» Provide security risk assessment from web applications to emerging technologies 3

IP TV Market» Triple-Play Data, Voice and Video on the same network Increase Average Revenue Per Unit (ARPU)» About 2 million IPTV subscriber world wide now» Expect to be 63 Million in 2010 (isuppli)» IPTV generated revenue: $2 Billion now $26 Billion in 2010» IPTV has been there (remember Web TV?); but is getting more momentum now. 4

IPTV Revenue Forecast 5

IPTV» Part of the Triple-Play strategy Service provided on Telecoms own network Easy to control quality» Standalone service provider Use the Internet as their own backbone Watching TV from China in your home at London P2P streaming, Web TV or RTP» Others (short videos, lower resolution) YouTube, Google Video and other vblogs» There are over 350 IPTV Service Providers» 60+ different vendors» We will focus on the first type of IPTV 6

Known Security Problems» Data Service Home computers are turned into Zombies Phishing, Spamming and DoS» Voice over IP (The Grugq will talk about this tomorrow) Conversation eavesdropping Phreaking, free phone calls Device insecurity Denial-of-Service 7

IP TV Overview» Video content offered on your broadband network Subscription Video-On-Demand Interactive applications (web browsing, e-mail, games and others)» Architecture Content Source Delivery and Management Network Home Network 8

IPTV Security Testing» A combination of: Network penetration testing Web application security testing Device security testing Software vulnerability testing» May also include Policy and procedure review 9

IPTV Walkthrough (Home Users)» Home gateway (if any) boots up and authenticates» Set-Top Box boots up and authenticates DHCP, TFTP or NFS to get the latest boot images Authenticate with MAC, random nonce or public/private key» Choose and watch your channel IP Multicast at work (unicast sometimes to reduce delay) IGMP join/leave group to change channel» Purchase your VoD Choose and purchase» Use other interactive applications If available 10

IPTV Architecture Content Source Management and Delivery Network Home Network 11

Content Source» All devices, processes and networks that import and store video contents» Different sources Satellite RF Pre-recorded tapes Cable Others 12

Delivery and Management Network» All devices and network used to deliver video through the network to customers Encoding and Streaming servers On-Demand servers Network backbone» Major functionalities Customer authentication/authorization Customer service Provide video content (normal or ondemand) via Multicast Unicast 13

Home Network» Customer Premise Equipment Anything that connects to a consumer s home network Computer Set-Top Box Home Gateway Game Console Phone Others 14

Attacker s Goals» Take control of a large amount of home networks Service disruption Spreading worms, trojans, virus Broadcast own material (for political or other reasons)» Steal the content For piracy or as simple as P2P TV source For free TV/Video 15

IPTV Security Problems» Home Network» Deliver and Management Network» Content Source 16

Home Network» Understand how authentication and authorization are done As easy as spoofing MAC Address» Security vulnerability on home network devices Device management Device weakness 17

Set-Top Box Communication» Set-Top Box downloaded boot image from a TFTP server» Set-Top Box register itself to a middleware server» Set-Top Box receives channel listing, application directories (other than TV)» IGMP Membership report To indicate the current channel or join a new channel» IGMP LeaveGroup To leave a channel» Poweroff packet 18

Device Management» Most of the devices can be managed by SNMP or TELNET telnet <set-top-box-ip> <telnet-port> DSLFactoryTest> LeaveMGroup multicast group) (Leave s the current DSLFactoryTest> JoinMGroup <multicast-groupaddress>:<mgroup-port> (Join the multicast group for Playboy )» Information transmitted in the clear PIN (for parental control or VoD purchase) Account number 19

Local Access to Device» Plug in USB keyboard/mouse Command shell access Tools on the STB Modify EEPROM Works if the authentication uses STB MAC Address Access to other information DRM-related 20

Weak TCP/IP Stack» Set-Top Boxes have limited memory and CPU resource.» Using isic to test: Every set-top box starts a listener service to take video traffic udpsic s <streaming_server_ip> d <stb_ip>,<listener_port> r 1234 For some set-top boxes, this is Denial-of-Service Useful if you want to perform DoS on each home network from your zombies. 21

Other Vulnerability» Web management interface Data validation problem Other standard web application issues» Weak/default account and passwords Might apply for Web management interface Telnet/SSH SNMP 22

Delivery and Management Network» Access to other servers Middleware problem Streaming/Encoding server problem Other servers 23

Access to Other Servers» Change your IP address to set-top box s IP address range, then you re on!» Scan the network range and you may find: Middleware Server Database Server Other Servers 24

What Can You Find?» Passwords in spreadsheet or configuration files» Web management interface for middleware server» Database servers» Movies for test» And 25

Streaming and Encoding Servers» RTSP Buffer Overflow» Weak TCP/IP Stack 26

Real-Time Streaming Protocol» RFC 2326 (www.rtsp.org)» Used for video-on-demand server to deliver videos.» Sample: DESCRIBE SETUP PLAY GET_PARAMETER 27

Buffer Overflow» DESCRIBE rtsp://vodserver:554/mediacluster?providerid=company&provid erassetid=company00123 RTSP/1.0» Change the URI for the DESCRIBE method to a large chunk of data, you get buffer overflow on the VoD server.» Other location of the implementation might have the same problem PROTOS for RTSP? 28

Weak TCP/IP Stack» Streaming or encoding servers are good at sending data out» They are not good at handling incoming traffic» A nmap full-port scan could degrade the server response from 10ms to 3000ms for example.» An aggressive scan could cause denial-of-service 29

Content Source» Finding the backup» Finding the source Hijacking VSAT connection talk tomorrow!» VOD Manager Web management interface 30

IPTV Security Summary» Privacy» Confidentiality» Integrity» Availability» Interoperability 31

Privacy» How do Telecoms handle customer information? Does any personal identifiable information (PII) goes through the network when you order a movie? Any vulnerability on back-end billing system?» How do Telecoms manage CPEs? Customer Premise Equipments, does it belong to the customer or the service provider? How about Set-Top Box and other related equipments? What s the Acceptable Usage Policy? 32

Confidentiality» Video Content Is Digital Right Management (DRM) being used? How about people stealing content directly from content source? Remember all the backup tapes, laptops losses in 2005? How are recorded contents protected? Set-Top box as a DVR» Authentication and Authorization How does the system perform authentication and authorization?» Other interactive applications 33

Integrity» Can Content be modified? Multicast and unicast security Content source security» Billing system integrity Who should have access to billing system and how is internal fraud being prevented?» Other systems on the network How about their security? 34

Availability» Can someone disrupt your IPTV service? To what scale?» Any of the IPTV device could be vulnerable to Denialof-Service attack? Buffer overflow Weak TCP/IP or protocol stack implementation» If other service is down (Voice and Data) would it take down IPTV too? System dependencies 35

Interoperability» There is currently no common standard on IPTV Other than the use of multicast/unicast May help security as a diversity factor One vulnerability for one telecom may not work for another» Standards on the work ITU (ISO) ISMA.tv Others 36

Countermeasures» Organization» Policies and Processes» Technology 37

Organization» Security team from the beginning Integrate with current security teams Responsible for security program management From planning to deployment to incident response Secure deployment lifecycle Evaluate, Test and Response» Gap analysis Understand security baseline at the beginning Update status as new technologies are involved 38

Program and Procedure» Change management procedure Access control list» Incident response program Recognize Response Evolve» Security evaluation program and procedure Evaluate security in technology and deployment 39

Technology» Product security Secure SDLC Security evaluation» Deployment best practice» Measure security impact to performance» Monitor and management How do you recognize an IPTV fraud?» Bring security into standards Next ITU IPTV workgroup meeting is in October 40

Conclusion» IPTV has been adopted as one of the Triple Play strategy by Telecoms Evolved into Multi Play in the future More interactive applications planned in the future» Risk still exist due to Vulnerabilities in technology Weakness in deployment Incomplete or insecure processes» Countermeasure Organization, process and procedures Secure deployment (mitigating technology risk) 41

» Question and Answer Yen-Ming Chen Senior Principal Consultant Yenming.Chen@Foundstone.Com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information