Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Media Distribution Management Platform and IPTV over Internet 2  Tereza Cristina Melo de Brito Carvalho  [email_address] ....
IPTV over Internet 2  Tereza Cristina Melo de Brito Carvalho  [email_address] Regina Melo Silveira  [email_address] LARC –...
Team <ul><li>Marcio Augusto Lima e Silva </li></ul><ul><li>[email_address] </li></ul><ul><li>Flávio Urschei </li></ul><ul>...
Agenda <ul><li>Introduction </li></ul><ul><li>Scenario </li></ul><ul><li>Requirements </li></ul><ul><li>IPTV Architecture ...
Introduction <ul><li>What is IPTV? </li></ul><ul><ul><li>TV Channels over the Internet ?  </li></ul></ul><ul><ul><li>Video...
Scenario <ul><li>High Definition Streamings (HDTV) </li></ul><ul><ul><li>Typically, 25 Mbps per TV Channel for MPEG2 encod...
Scenario <ul><li>IPTV requires high levels of Quality of Service (QoS) and Quality of Experience (QoE) at least on par wit...
Scenario <ul><li>Currently, FTTH (Fiber-To-The-Home) services seems to be only alternative for the fulfillment of IPTV (HD...
Requirements <ul><li>Security </li></ul><ul><ul><li>Content protection : protection of the intellectual property of the co...
Requirements <ul><li>Quality of Experience (simple and convenient handling) </li></ul><ul><ul><li>Multi-channel </li></ul>...
IPTV Architecture
Architecture Entities <ul><li>Head-End : provides IPTV services (Broadcast TV and VoD) </li></ul><ul><li>Transport Network...
IPTV Architecture: Head-End  <ul><li>Broadcast TV Head-End system:  </li></ul><ul><ul><li>Receives an analog or digital si...
IPTV Architecture: Head-End <ul><li>VoD (Video-On-Demand) Head-End System: </li></ul><ul><ul><li>Encapsulates video stream...
IPTV Architecture: Transport Network <ul><li>Core Network </li></ul><ul><ul><li>High capacity optical network with technol...
IPTV Architecture: Customer Premise <ul><li>Provides broadband network termination functionalities </li></ul><ul><li>It is...
Multicast X Overlay <ul><li>Overlay tries to provide multicast functionalities on application layer </li></ul><ul><ul><li>...
Final Considerations <ul><li>IPTV over Internet2  </li></ul><ul><ul><li>HDTV over Internet with stringent QoS and QoE requ...
A Platform for Media Distribution Management Regina Melo Silveira [email_address] LARC- Laboratory of Computer Network Arc...
Agenda <ul><li>Introduction </li></ul><ul><li>Our Challenge </li></ul><ul><li>Related Work </li></ul><ul><li>Proposal </li...
Introduction <ul><li>Huge number of multimedia applications (documentation, advertisement, entertainment …); </li></ul><ul...
Introduction <ul><li>Multimedia services management includes: </li></ul><ul><li>(i) multimedia content storage, retrieval ...
Our Challenge <ul><li>To develop a  Platform for   Media Distribution Management  respecting the following requirements: <...
Related Work <ul><li>MUFFINS -  MUltimedia Framework For INteroperability in Secure  – IST </li></ul><ul><li>PERSEO -  Per...
Proposal <ul><li>4 (four)  users types   </li></ul><ul><ul><li>Client,  </li></ul></ul><ul><ul><li>Content Provider,  </li...
Proposal – Conceptual Model
Proposal – Physical Model
Main Functionalities <ul><li>Video Upload and Indexation  </li></ul><ul><li>Live events Transmission registration </li></u...
 
General View – Overlay Network Services Layer Server Layer Network Layer
 
 
Work in Progress <ul><li>Testing prototype </li></ul><ul><li>New functionalities and optimization </li></ul><ul><ul><li>Vi...
Final Considerations <ul><li>Our project proposed/implemented: </li></ul><ul><ul><li>Common infrastructure for multimedia ...
Acknowledgements <ul><li>Financial Support  </li></ul><ul><ul><li>RNP (National Education and Research Network) </li></ul>...
Applying Security in IPTV Environment Tereza Cristina Melo de Brito Carvalho  [email_address] LARC – PCS/EP – University o...
Team <ul><li>Christiane Marie Schweitzer  </li></ul><ul><li>[email_address] </li></ul><ul><li>Daniel Pires  </li></ul><ul>...
Agenda <ul><li>Security Context (Application Layer and Network Layer) </li></ul><ul><li>Threats (Service and Content)  </l...
Security Context <ul><li>Application Level Security </li></ul><ul><ul><li>On STB (Set-Top Box) video client, video service...
Security Context <ul><li>Network Level Security </li></ul><ul><ul><li>On the content delivery architecture    confidentia...
Security Threats in Multimedia Communications [ITU-T 2003]
Threats <ul><li>Service </li></ul><ul><ul><li>Illegal service usage </li></ul></ul><ul><ul><li>Disruption of service  </li...
Threats: Illegal service usage  <ul><li>Rogue subscription:  An attacker gains access to broadband video services without ...
Threats : Disruption of service  <ul><li>Attack against other subscribers </li></ul><ul><ul><li>The attacker attempts to d...
Threats: Content <ul><li>An insider stealing content from the service core </li></ul><ul><ul><li>The thief is an insider, ...
IPTV Security <ul><li>Privacy </li></ul><ul><li>Confidentiality </li></ul><ul><li>Integrity  </li></ul><ul><li>Availabilit...
IPTV Security: Privacy <ul><li>The  Service Provider must handle customer information, without any personal identifiable i...
IPTV Security: Confidentiality <ul><li>Video Content </li></ul><ul><ul><li>The video must be transported encrypted </li></...
IPTV Security: Integrity <ul><li>The content cannot be modified </li></ul><ul><ul><li>Multicast and unicast security </li>...
IPTV Security: Availability <ul><li>Can someone disrupt your IPTV service? - To what scale? </li></ul><ul><ul><li>Any of t...
IPTV Security: Interoperability <ul><li>There is currently no common standard on IPTV </li></ul><ul><ul><li>Other than the...
Security Architecture [ITU-T/IPTV]
Countermeasures <ul><li>Protection of content </li></ul><ul><li>Transport infrastructure protection </li></ul><ul><li>Home...
Countermeasures: Protection of Content <ul><li>DRM state-of-the-art mechanisms </li></ul><ul><ul><li>To protect the conten...
Transport Infrastructure Protection <ul><li>To restrict traffic dependency on the user’s subscription </li></ul><ul><li>IG...
Transport Infrastructure Protection <ul><li>Efficient traffic filtering mechanisms need to be provided to keep the communi...
Home Network Protection <ul><li>Secure storage for security sensitive information on the STB is required to avoid cloning ...
Secure Operation of the Infrastructure <ul><li>Appropriate patch and vulnerability management on the service delivery plat...
IPTV Policies <ul><li>Security policies  </li></ul><ul><ul><li>DRM Specific ones and infrastructure.  </li></ul></ul><ul><...
IPTV Security Policies <ul><li>Content owners are extremely reluctant to provide content to a distributor that doesn’t hav...
IPTV Security Policies - examples <ul><li>DRM Specific Policies   </li></ul><ul><ul><li>Can be intended as content usage p...
IPTV Security Policies - examples <ul><li>Infrastructure Policies </li></ul><ul><ul><li>C an be intended as service polici...
IPTV QoS Policies - examples <ul><li>Interaction Policy  </li></ul><ul><ul><li>The service must provide a specified QoE le...
IPTV QoS Policies - examples <ul><li>Infrastructure Policy  </li></ul><ul><ul><li>The network must have bandwidth guarante...
Final Considerations <ul><li>IPTV Security = Content + Service + Transport Security </li></ul><ul><li>DRM System is not en...
Acknowledgments
Upcoming SlideShare
Loading in …5
×

20061207-media-carvalhoregina.ppt

409 views

Published on

  • Be the first to comment

  • Be the first to like this

20061207-media-carvalhoregina.ppt

  1. 1. Media Distribution Management Platform and IPTV over Internet 2 Tereza Cristina Melo de Brito Carvalho [email_address] . usp . br Regina Melo Silveira [email_address] . usp . br LARC- Laboratory of Computer Network Architecture EPUSP – Escola Politecnica University of Sao Paulo - Brazil
  2. 2. IPTV over Internet 2 Tereza Cristina Melo de Brito Carvalho [email_address] Regina Melo Silveira [email_address] LARC – PCS/EP – University of São Paulo Ericsson Research Sweden
  3. 3. Team <ul><li>Marcio Augusto Lima e Silva </li></ul><ul><li>[email_address] </li></ul><ul><li>Flávio Urschei </li></ul><ul><li>[email_address] </li></ul><ul><li>Daniel Pires </li></ul><ul><li>[email_address] </li></ul><ul><li>Christiane Marie Schweitzer </li></ul><ul><li>[email_address] </li></ul><ul><li>Diego Sanchez Gallo </li></ul><ul><li>[email_address] </li></ul><ul><li>Regina Melo Silveira </li></ul><ul><li>[email_address] </li></ul><ul><li>Tereza Cristina Melo de Brito Carvalho </li></ul><ul><li>[email_address] </li></ul><ul><li>Wilson Vicente Ruggiero </li></ul><ul><li>[email_address] </li></ul><ul><li>Ayodele Damola </li></ul><ul><li>[email_address] </li></ul>
  4. 4. Agenda <ul><li>Introduction </li></ul><ul><li>Scenario </li></ul><ul><li>Requirements </li></ul><ul><li>IPTV Architecture </li></ul><ul><li>IPTV over Internet2 </li></ul><ul><li>Final Considerations </li></ul><ul><li>Acknowledgments </li></ul>
  5. 5. Introduction <ul><li>What is IPTV? </li></ul><ul><ul><li>TV Channels over the Internet ? </li></ul></ul><ul><ul><li>Video streams encapsulated in IP packets over a “service provider” network ? </li></ul></ul><ul><li>Will Internet support a High Definition IPTV Service? </li></ul><ul><li>“ Internet no ready for its future roles” </li></ul><ul><ul><li>(Bill St. Arnaud) </li></ul></ul>
  6. 6. Scenario <ul><li>High Definition Streamings (HDTV) </li></ul><ul><ul><li>Typically, 25 Mbps per TV Channel for MPEG2 encoding </li></ul></ul><ul><li>Multiple different channels sent simultaneously to multiple different receivers at a same location </li></ul><ul><ul><li>A home with three TV sets would require at least 3 x 25 Mbps. </li></ul></ul>
  7. 7. Scenario <ul><li>IPTV requires high levels of Quality of Service (QoS) and Quality of Experience (QoE) at least on par with analog or digital TV broadcast system </li></ul><ul><li>Access networks technologies like xDSL will not support high definition IPTV services </li></ul><ul><ul><li>VDSL has bandwidth and distance limitations. It achieves 50Mbps at 300m. </li></ul></ul>
  8. 8. Scenario <ul><li>Currently, FTTH (Fiber-To-The-Home) services seems to be only alternative for the fulfillment of IPTV (HDTV) needs </li></ul><ul><li>PON (Passive Optical Network) presents itself as the most viable FTTH technology, both from economical and operational standpoint </li></ul><ul><ul><li>WDM-PON can provide 100Mbps fiber connection far beyond 300m – around tens of kilometers) </li></ul></ul>
  9. 9. Requirements <ul><li>Security </li></ul><ul><ul><li>Content protection : protection of the intellectual property of the content owner, while allowing fair use for the final user. </li></ul></ul><ul><ul><li>Service protection : authentication, confidentiality and access control </li></ul></ul>
  10. 10. Requirements <ul><li>Quality of Experience (simple and convenient handling) </li></ul><ul><ul><li>Multi-channel </li></ul></ul><ul><ul><li>Zapping </li></ul></ul><ul><li>Infrastructure </li></ul><ul><ul><li>Availability (at least on par with analog or digital TV broadcast system) </li></ul></ul><ul><ul><li>Accessibility (diversity of devices – e.g. PCs, Set-Top-Boxes) </li></ul></ul><ul><ul><li>Network/Application scalability </li></ul></ul>
  11. 11. IPTV Architecture
  12. 12. Architecture Entities <ul><li>Head-End : provides IPTV services (Broadcast TV and VoD) </li></ul><ul><li>Transport Network : delivers video streams to customers </li></ul><ul><li>Customer Premises : broadband network termination </li></ul>
  13. 13. IPTV Architecture: Head-End <ul><li>Broadcast TV Head-End system: </li></ul><ul><ul><li>Receives an analog or digital signal via satellite or other mean, typically with multiple transport streams </li></ul></ul><ul><ul><li>Converts it to a series of single program streams </li></ul></ul><ul><ul><li>Encodes or transcodes the signals (e.g. to MPEG-4 format) </li></ul></ul><ul><ul><li>Encapsulates streams in IP packets for transmission </li></ul></ul><ul><ul><li>Sends streams to a specific IP multicast group </li></ul></ul>
  14. 14. IPTV Architecture: Head-End <ul><li>VoD (Video-On-Demand) Head-End System: </li></ul><ul><ul><li>Encapsulates video streams in IP packets </li></ul></ul><ul><ul><li>Sends streams to users </li></ul></ul>
  15. 15. IPTV Architecture: Transport Network <ul><li>Core Network </li></ul><ul><ul><li>High capacity optical network with technologies such as IP over DWDM and MPLS/GMPLS </li></ul></ul><ul><li>Edge Network </li></ul><ul><ul><li>Multicast enabled network that connects the core network to the access network </li></ul></ul><ul><li>Access Network </li></ul><ul><ul><li>It is a FTTH-PON (Fiber-To-The-Home Passive Optical Network) </li></ul></ul>
  16. 16. IPTV Architecture: Customer Premise <ul><li>Provides broadband network termination functionalities </li></ul><ul><li>It is the IPTV service client </li></ul><ul><li>The heterogeneous technologies existing in a home network devices lead to the need for a robust Home Gateway to connect it providing the necessary services </li></ul>
  17. 17. Multicast X Overlay <ul><li>Overlay tries to provide multicast functionalities on application layer </li></ul><ul><ul><li>It is still a immature solution to provide a reliable and QoE enabled service for High-definition content with scalability </li></ul></ul><ul><li>Multicast is proven to be a more efficient distribution scheme with scalability </li></ul><ul><li>This work proposes an auto-contained, controlled private network </li></ul><ul><ul><li>Internet does (still) not provide the required levels of availability, scalability, QoE and QoS </li></ul></ul>
  18. 18. Final Considerations <ul><li>IPTV over Internet2 </li></ul><ul><ul><li>HDTV over Internet with stringent QoS and QoE requirements it is not possible in the current infrastructure. </li></ul></ul><ul><ul><li>Due to QoE requirements (e.g. zapping), a bandwidth of hundreds of Mbps per service user (per subscriber) is required. </li></ul></ul>
  19. 19. A Platform for Media Distribution Management Regina Melo Silveira [email_address] LARC- Laboratory of Computer Network Architecture EPUSP – Escola Politecnica University of Sao Paulo - Brazil
  20. 20. Agenda <ul><li>Introduction </li></ul><ul><li>Our Challenge </li></ul><ul><li>Related Work </li></ul><ul><li>Proposal </li></ul><ul><ul><li>Conceptual Model </li></ul></ul><ul><ul><li>Physical Model </li></ul></ul><ul><li>Main Functionalities </li></ul><ul><li>General View </li></ul><ul><li>Work in Progress </li></ul><ul><li>Final Considerations </li></ul>
  21. 21. Introduction <ul><li>Huge number of multimedia applications (documentation, advertisement, entertainment …); </li></ul><ul><li>New multimedia services (broadcast, telecommunications, CATV); </li></ul><ul><li>Convergence - services integration with access network independence; </li></ul><ul><li>Progressive demand of storage, distribution and consume management allowing largely media utilization and re-use. </li></ul>
  22. 22. Introduction <ul><li>Multimedia services management includes: </li></ul><ul><li>(i) multimedia content storage, retrieval and search; </li></ul><ul><li>(ii) users and groups of users access control and authentication; </li></ul><ul><li>(iii) system distribution, adaptation, configuration and monitoring (server and clients) to multimedia content delivery and consumption; </li></ul><ul><li>(iv) network elements management. </li></ul>
  23. 23. Our Challenge <ul><li>To develop a Platform for Media Distribution Management respecting the following requirements: </li></ul><ul><ul><li>Use open standards (ISMA, MPEG-7, MPEG-21); </li></ul></ul><ul><ul><li>Define integrated interfaces for different multimedia services already implanted at RNP network; </li></ul></ul><ul><ul><li>Prototype development and tests at RNP network. </li></ul></ul><ul><li>At the prototype uses two multimedia distribution services developed by LAVID/UFPB: </li></ul><ul><ul><li>dvod - video on demand </li></ul></ul><ul><ul><li>dlive – live video </li></ul></ul>
  24. 24. Related Work <ul><li>MUFFINS - MUltimedia Framework For INteroperability in Secure – IST </li></ul><ul><li>PERSEO - Personalised Multichannel Services for Advanced Multimedia Stream Management – IST </li></ul><ul><li>CODAC - Modeling and Querying Content Description and Quality Adaptation Capabilities of Audio-Visual Data - Klagenfurt University – Austria </li></ul><ul><li>ADMITS - Adaptation in Distributed Multimedia IT Systems - Klagenfurt University – Austria </li></ul><ul><li>DANAE - Dynamic and distributed Adaptation of scalable multimedia coNtent in a context Aware Environment – IST </li></ul><ul><li>iTVP - Interactive TV Services over IP Networks - PSNC – PIONNER </li></ul><ul><li>Rich Content Infrastructure and Middleware for Media - IBM </li></ul>
  25. 25. Proposal <ul><li>4 (four) users types </li></ul><ul><ul><li>Client, </li></ul></ul><ul><ul><li>Content Provider, </li></ul></ul><ul><ul><li>Administrator, </li></ul></ul><ul><ul><li>Manager. </li></ul></ul><ul><li>4 (four) sub-systems </li></ul><ul><ul><li>Portal; </li></ul></ul><ul><ul><li>Access control, storage and retrieval, </li></ul></ul><ul><ul><li>Manager (Coordinator and Monitor), </li></ul></ul><ul><ul><li>Transmitter (Multimedia delivery service). </li></ul></ul><ul><li>3 (three) management levels </li></ul><ul><ul><li>Service, </li></ul></ul><ul><ul><li>Server, </li></ul></ul><ul><ul><li>Network. </li></ul></ul>
  26. 26. Proposal – Conceptual Model
  27. 27. Proposal – Physical Model
  28. 28. Main Functionalities <ul><li>Video Upload and Indexation </li></ul><ul><li>Live events Transmission registration </li></ul><ul><li>Media search </li></ul><ul><li>Media catalogue (Personalized) </li></ul><ul><li>Media Visualization (Personalized) </li></ul><ul><li>Users, groups and projects management </li></ul><ul><li>Applications/services (sections) management </li></ul><ul><li>Servers management </li></ul><ul><li>Network elements management </li></ul>
  29. 30. General View – Overlay Network Services Layer Server Layer Network Layer
  30. 33. Work in Progress <ul><li>Testing prototype </li></ul><ul><li>New functionalities and optimization </li></ul><ul><ul><li>Video replication </li></ul></ul><ul><ul><li>Access control and distributed metadata </li></ul></ul><ul><ul><li>Multicast Overlay proposal adoption (for example, Overlay Multicast Control Protocol from IETF); </li></ul></ul><ul><ul><li>Adoption of management data models based on XML from Global Grid Fórum </li></ul></ul><ul><ul><li>Use of components model for Manager dynamic configuration update </li></ul></ul><ul><li>Integration with measurement infrastructure and new services. </li></ul>
  31. 34. Final Considerations <ul><li>Our project proposed/implemented: </li></ul><ul><ul><li>Common infrastructure for multimedia services; </li></ul></ul><ul><ul><li>Architecture based on open standards allow uniform interfaces for all the applications; </li></ul></ul><ul><ul><li>Web-based Management system; </li></ul></ul><ul><ul><li>Resources Optimization; </li></ul></ul><ul><ul><li>Flexibility and scalability. </li></ul></ul><ul><li>Service will be personalized for different context: </li></ul><ul><ul><li>schools, hospitals e community and educational TVs. </li></ul></ul>
  32. 35. Acknowledgements <ul><li>Financial Support </li></ul><ul><ul><li>RNP (National Education and Research Network) </li></ul></ul><ul><li>Collaboration </li></ul><ul><ul><li>Prof. Guido Lemos de Souza Filho – LAVID/DI/UFPB </li></ul></ul><ul><ul><li>Prof. José Augusto Suruagy Monteiro – UNIFACS </li></ul></ul>
  33. 36. Applying Security in IPTV Environment Tereza Cristina Melo de Brito Carvalho [email_address] LARC – PCS/EP – University of São Paulo Ericsson Research Sweden
  34. 37. Team <ul><li>Christiane Marie Schweitzer </li></ul><ul><li>[email_address] </li></ul><ul><li>Daniel Pires </li></ul><ul><li>[email_address] </li></ul><ul><li>Diego Sanchez Gallo </li></ul><ul><li>[email_address] </li></ul><ul><li>Flávio Urschei </li></ul><ul><li>[email_address] </li></ul><ul><li>Marcio Augusto Lima e Silva </li></ul><ul><li>[email_address] </li></ul><ul><li>Regina Melo Silveira </li></ul><ul><li>[email_address] </li></ul><ul><li>Tereza Cristina Melo de Brito Carvalho </li></ul><ul><li>[email_address] </li></ul><ul><li>Wilson Vicente Ruggiero </li></ul><ul><li>[email_address] </li></ul><ul><li>Ayodele Damola </li></ul><ul><li>[email_address] </li></ul>
  35. 38. Agenda <ul><li>Security Context (Application Layer and Network Layer) </li></ul><ul><li>Threats (Service and Content) </li></ul><ul><li>IPTV Security </li></ul><ul><li>Countermeasures </li></ul><ul><li>IPTV Policies </li></ul><ul><li>Final Considerations </li></ul>
  36. 39. Security Context <ul><li>Application Level Security </li></ul><ul><ul><li>On STB (Set-Top Box) video client, video services and content store. </li></ul></ul><ul><ul><li>Refereed as digital rights management (DRM) systems, enclosing conditional access, copy protection, encryption and watermarking. </li></ul></ul>
  37. 40. Security Context <ul><li>Network Level Security </li></ul><ul><ul><li>On the content delivery architecture  confidentiality, integrity and availability of the data flows </li></ul></ul><ul><ul><ul><li>prevention, </li></ul></ul></ul><ul><ul><ul><li>detection and </li></ul></ul></ul><ul><ul><ul><li>reaction. </li></ul></ul></ul>
  38. 41. Security Threats in Multimedia Communications [ITU-T 2003]
  39. 42. Threats <ul><li>Service </li></ul><ul><ul><li>Illegal service usage </li></ul></ul><ul><ul><li>Disruption of service </li></ul></ul><ul><li>Content </li></ul><ul><ul><li>An insider stealing content from the service core </li></ul></ul><ul><ul><li>A subscriber stealing content from the service core </li></ul></ul><ul><ul><li>A subscriber stealing content from the STB </li></ul></ul>
  40. 43. Threats: Illegal service usage <ul><li>Rogue subscription: An attacker gains access to broadband video services without a subscription. </li></ul><ul><li>Escalation of subscription: An attacker gains access to video services that are beyond the parameters of his/her subscription. </li></ul>
  41. 44. Threats : Disruption of service <ul><li>Attack against other subscribers </li></ul><ul><ul><li>The attacker attempts to disrupt the service for a specific subscriber or group of subscribers by directly acting on equipment that resides on the victim’s home network. </li></ul></ul><ul><li>Attack against the access and transport infrastructure </li></ul><ul><ul><li>The attacker attempts to disrupt the service by degrading the performance of one or several components of the architecture (access node, Broadband Service Aggregators, Broadband Service Routers, etc). </li></ul></ul><ul><li>Attack against the video service core </li></ul><ul><ul><li>The attacker directly targets the components that render the video services, such as the VoD servers. </li></ul></ul>
  42. 45. Threats: Content <ul><li>An insider stealing content from the service core </li></ul><ul><ul><li>The thief is an insider, i.e., a service provider’s employee, who has easy access to the stored content. </li></ul></ul><ul><li>A subscriber stealing content from the service core </li></ul><ul><ul><li>Weaknesses in the broadband TV architecture allow the attacker (from his/her home network) to compromise the servers that host the content. </li></ul></ul><ul><li>A subscriber stealing content from the STB </li></ul><ul><ul><li>The attacker is a subscriber who wants to use the content acquired beyond his/her fair right of usage. </li></ul></ul>
  43. 46. IPTV Security <ul><li>Privacy </li></ul><ul><li>Confidentiality </li></ul><ul><li>Integrity </li></ul><ul><li>Availability </li></ul><ul><li>Interoperability </li></ul>
  44. 47. IPTV Security: Privacy <ul><li>The Service Provider must handle customer information, without any personal identifiable information </li></ul><ul><li>The Service Provider must manage CPEs (Customer Premise Equipments) and it must not know if it belong to a customer, or how many equipments this customer has at home. </li></ul>
  45. 48. IPTV Security: Confidentiality <ul><li>Video Content </li></ul><ul><ul><li>The video must be transported encrypted </li></ul></ul><ul><ul><li>The content must be recorded protected </li></ul></ul><ul><ul><ul><li>Authentication and authorization guarantees </li></ul></ul></ul>
  46. 49. IPTV Security: Integrity <ul><li>The content cannot be modified </li></ul><ul><ul><li>Multicast and unicast security </li></ul></ul><ul><ul><li>Content source security </li></ul></ul><ul><li>Billing system integrity </li></ul><ul><ul><li>Just authorized person should have access to billing system </li></ul></ul>
  47. 50. IPTV Security: Availability <ul><li>Can someone disrupt your IPTV service? - To what scale? </li></ul><ul><ul><li>Any of the IPTV device could be vulnerable to Denial-of-Service attack </li></ul></ul><ul><ul><li>Buffer overflow </li></ul></ul><ul><ul><li>Weak TCP/IP or protocol stack implementation </li></ul></ul><ul><li>If other service is down (Voice and Data) would it take down IPTV too? </li></ul><ul><ul><li>System dependencies </li></ul></ul>
  48. 51. IPTV Security: Interoperability <ul><li>There is currently no common standard on IPTV </li></ul><ul><ul><li>Other than the use of multicast/unicast </li></ul></ul><ul><ul><li>May help security as a ‘diversity factor’ </li></ul></ul><ul><ul><li>One vulnerability for one service provider may not work for another </li></ul></ul><ul><li>Standards on the work </li></ul><ul><ul><li>ITU (ISO) </li></ul></ul><ul><ul><li>ISMA.tv </li></ul></ul><ul><ul><li>Others </li></ul></ul>
  49. 52. Security Architecture [ITU-T/IPTV]
  50. 53. Countermeasures <ul><li>Protection of content </li></ul><ul><li>Transport infrastructure protection </li></ul><ul><li>Home network protection </li></ul><ul><li>Secure operation of the infrastructure </li></ul>
  51. 54. Countermeasures: Protection of Content <ul><li>DRM state-of-the-art mechanisms </li></ul><ul><ul><li>To protect the content delivered to the subscriber </li></ul></ul><ul><ul><li>To apply appropriate content/service usage policies enforcement mechanisms in the STB. </li></ul></ul><ul><li>Content stored on the service delivery must be encrypted </li></ul>
  52. 55. Transport Infrastructure Protection <ul><li>To restrict traffic dependency on the user’s subscription </li></ul><ul><li>IGMP proxies on the access node must have some awareness of the user subscription and refuse to forward any channel outside of the user’s subscription </li></ul><ul><li>Subscriber traffic should be segregated to disable residential bridging </li></ul>
  53. 56. Transport Infrastructure Protection <ul><li>Efficient traffic filtering mechanisms need to be provided to keep the communication flow between home network and service delivery platform to a strict minimum </li></ul><ul><li>The infrastructure must provide a way to enforce QoS parameters on a per subscriber basis in order to mitigate the effect on the infrastructure of abusive usage of bandwidth by a specific subscriber </li></ul><ul><li>The access node must provide a number of protection mechanisms against MAC and IGMP-based attacks. </li></ul>
  54. 57. Home Network Protection <ul><li>Secure storage for security sensitive information on the STB is required to avoid cloning and disclosure of this information </li></ul><ul><li>Secure provisioning mechanisms of the STB are needed for the service provider to be able to support these systems </li></ul>
  55. 58. Secure Operation of the Infrastructure <ul><li>Appropriate patch and vulnerability management on the service delivery platform. </li></ul><ul><li>Adding IDS or IPS mechanisms in order to detect and prevent attempts by the subscriber or any other attacker to compromise the content delivery infrastructure. </li></ul><ul><li>Efficient revocation mechanisms are needed for authentication information and key material used in the STB to access services. </li></ul>
  56. 59. IPTV Policies <ul><li>Security policies </li></ul><ul><ul><li>DRM Specific ones and infrastructure. </li></ul></ul><ul><li>QoS policies </li></ul><ul><ul><li>Adaptability and performance both provided media and services. </li></ul></ul>
  57. 60. IPTV Security Policies <ul><li>Content owners are extremely reluctant to provide content to a distributor that doesn’t have an effective DRM system because a chance that a perfect digital copy of the content could be used to create copies for illegal resale. </li></ul><ul><li>This control needs to prevent copying not only at the distributor facility, but also on any device that a user may use to play back the content, such as a set-top-box or a PC. </li></ul>
  58. 61. IPTV Security Policies - examples <ul><li>DRM Specific Policies </li></ul><ul><ul><li>Can be intended as content usage policies, regarding the content owner media rights. </li></ul></ul><ul><ul><ul><li>The content can not be modified by Service Provider </li></ul></ul></ul><ul><ul><ul><li>Samples from the content can not be performed by Service Provider </li></ul></ul></ul><ul><ul><ul><li>The content can not be replicated </li></ul></ul></ul><ul><ul><ul><li>The content can be replicated </li></ul></ul></ul><ul><ul><ul><li>The content can be displayed five times </li></ul></ul></ul><ul><ul><ul><li>The content can not be saved </li></ul></ul></ul><ul><ul><ul><li>The content can be saved </li></ul></ul></ul>
  59. 62. IPTV Security Policies - examples <ul><li>Infrastructure Policies </li></ul><ul><ul><li>C an be intended as service policies, regarding the security or QoS issues on the content delivery/transport architecture </li></ul></ul><ul><ul><ul><li>All content MUST BE encrypted. </li></ul></ul></ul><ul><ul><ul><li>All content MUST BE watermarked. </li></ul></ul></ul><ul><ul><ul><li>All content users MUST BE identified. </li></ul></ul></ul>
  60. 63. IPTV QoS Policies - examples <ul><li>Interaction Policy </li></ul><ul><ul><li>The service must provide a specified QoE level. </li></ul></ul><ul><ul><li>The service must adapt itself to the user device capabilities. </li></ul></ul><ul><ul><li>The service must adapt the provided content to the device resolution (e.g. HDTV 1920x1080 to low resolutions). </li></ul></ul>
  61. 64. IPTV QoS Policies - examples <ul><li>Infrastructure Policy </li></ul><ul><ul><li>The network must have bandwidth guarantees. </li></ul></ul><ul><ul><li>The network must have delay guarantees. </li></ul></ul><ul><ul><li>The network must have jitter guarantees. </li></ul></ul><ul><ul><li>The network must have loss guarantees. </li></ul></ul>
  62. 65. Final Considerations <ul><li>IPTV Security = Content + Service + Transport Security </li></ul><ul><li>DRM System is not enough, but it is a good start </li></ul><ul><li>Encryption and Authentication must be priority </li></ul>
  63. 66. Acknowledgments

×