Triple Play; Triple Threat? — Iptv Security presented at HITBSecConf Malaysia 2006

by Yen Ming Chen,

Tags: Security Analysis Business

Summary : Presentation Title:Presentation Details:The xe2u20acu0153Triple-playxe2u20acx9d strategy (Data, Voice and Video) is set to enable Telecoms to increase their Average Revenue per Unit (ARPU) and revolutionize current home entertainment. IPTV generated revenue is expected to have 102% CAGR from year 2004 xe2u20acu201c 2010. While security issues in Data and Voice of the xe2u20acu0153Triple-Playxe2u20acx9d strategy have been examined in details, not much has been done in the IPTV field. In this presentation, we will look at IPTVxe2u20acu2122s advantages in business, architecture, threats and some of the vulnerabilities that have been seen on the field. The IPTV architecture comprise of the Content Source, Head-End, Delivery and Management network and Consumer Home network. Current security threats (malicious attackers, worms or disasters) could stop the Telecoms from making profit or even losing money. The presentation will present some real-life weaknesses and vulnerabilities and provide countermeasures for Telecoms.Triple Play Strategy
Data
Voice
IPTV
Known Security Problems
Data
Voice
New Addition: IPTV
Architecture
Content Source
Head-End
Delivery and Management network
Home network
IPTV Risk Analysis
Privacy
Confidentiality
Integrity
Availability
Interoperability
IPTV Vulnerabilities
Home network
Set-Top Box
How to steal your neighborxe2u20acu2122s subscription
Home gateway
Delivery and Management network
Access Control List
IGMP/Multicast
Infrastructure Weakness
Head-End
Buffer Overflow
Other Issues
Content Source
Unencrypted content storage
DRM
Countermeasures
People
Process
Technology
Conclusion
Q & AAbout Yen MingYen-Ming leads Foundstone consultants to provide strategic security consulting services to Global 2000 clients. With almost a decade of experience in business development, IT and security, Yen-Ming brings extensive knowledge in both business and technology to his clients. Yen-Ming established the Asian Pacific branch in Singapore for Foundstone and has been instrumental in growing business for Foundstone in APAC. He has performed security assessments for security technologies (ISA server, firewall, and other security products), business applications (financial applications, CRM, and Tax software) and other technologies (multi-functional office equipments and IPTV). He contributed to Four books and numerous articles published on SecurityFocus and other magazines. Hexe2u20acu2122s frequent speaker for conferences like CSI, MISTI and others. He served as a Lead Instructor for Foundstonexe2u20acu2122s Ultimate Hacking series classes. Before joining Foundstone, Yen-Ming worked at Carnegie Mellon University and he created the first intrusion detection system appliance prototype using PicoBSD and Snort. He also wrote the first intrusion detection log correlation and analysis program, snort-stat, for Snort. Yen-Ming held a MS in Information Networking from Carnegie Mellon University and a BS in Mathematics from National Central University.