SlideShare a Scribd company logo
1 of 31
Developing a PP for Smart TV 
Security Analysis aNd Evaluation(SANE) Lab. 
ICCC 2014 
Minsu Park*, Heesoo Kang, Jaeki Kim, Seungjin Lee, Seungjoo Kim** 
minsoon2@korea.ac.kr, kukulux@gmail.com, jack2@korea.ac.kr, beist@grayhash.com, skim71@korea.ac.kr CIST (Center for Information Security Technologies), Korea University *1st Author, **Corresponding Author
2 
Author 
Minsu Park 
E-mail : minsoon2@korea.ac.kr 
Facebook : @bucktae 
Minsu Park received his B.S degree in Computer Network from Silla University of Korea, in 2010 and also received his M.S degree in Information Security from Korea University of Korea, in 2013. He is currently working toward the Ph.D. degree in In-formation Security, Korea University, Korea. His research interests include Information Assurance, IoT Security, Digital Forensic and Usable Security.
3 
Author 
Heesoo Kang 
E-mail : kukulux@gmail.com 
Facebook : @kukulux 
Heesoo Kang received his B.S. (2013) in computer science from Chung Ang University in Korea. Now he is enroll in the M.S. at Korea University. His research interests include smart device security, security evaluation, and mobile security. 
Jaeki Kim 
E-mail : jack2@korea.ac.kr 
Facebook : @2runjack2 
Jaeki Kim received his B.S. (2013) in Computer Engineering from Hanyang University ERICA in Korea. and, He served as Security Technology Team of the INetCop for 1 years. also, He participated a program for the training next-generation's best IT security leaders, called 'Best of the Best' 2nd (2013). His research interests include Android Security and Embedded devices Security. He is now a graduate student at CIST SANE LAB, Korea University.
4 
Author 
SeungJin Lee 
E-mail : beist@grayhash.com 
Twitter : @beist 
Facebook : @beistlab 
SeungJin Lee has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does consulting for big companies in Korea and is now a graduate student at CIST SANE LAB, Korea University.
5 
Author 
Seungjoo Kim 
E-mail : skim71@korea.ac.kr 
Homepage : www.kimlab.net 
Facebook, Twitter : @skim71 
Prof. Seungjoo Kim received his B.S., M.S. and Ph.D. from Sungkyunkwan University (SKKU) of Korea, in 1994, 1996 and 1999, respectively. Prior to joining the faculty at Korea University (KU) in 2011, He served as Assistant & Associate Professor at SKKU for 7 years. Before that, He served as Director of the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team of the Korea Internet & Security Agency (KISA) for 5 years. He is currently a Professor in the Graduate School of Information Security Technologies (CIST). Also, He is a Founder and Advisory director of a hacker group, HARU and an international security & hacking conference, SECUINSIDE. Prof. Seungjoo Kim’s research interests are mainly on cryptography, Cyber Physical Security, IoT Security, and HCI Security. He is a corresponding author.
6 
Acknowledgement 
This work was supported by the ICT R&D program of MSIP/IITP. [2014(10043959), Development of EAL4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices]
7 
Contents 
Smart TV 
Smart TV Security 
TOE 
Smart TV Threat Analysis 
Smart TV SFR 
Conclusion 
Reference
8 
Smart TV 
Television set with integrated Internet capabilities
9 
Smart TV 
Property 
IPTV 
Smart TV 
Transmission 
Media 
Premium networks 
General Internet 
QoS 
(Quality of Service) 
Guarantee 
Difficult to guarantee 
Real-time broadcasting 
O 
O 
Web Surfing 
△ 
O 
Type 
Closed 
Open 
Smart TV is different to existing TV
10 
Smart TV 
Lots of H/W devices. (Network Device, CPU, ETC) 
Act like Computer
11 
Smart TV Security 
Several vulnerabilities are found. 
Unencrypted 
Network packet 
Malicious 
Media file 
Browser 
Vulnerability 
Private data 
leakage 
Remote-control App 
Daemon 
Kernel Vulnerability
12 
Smart TV Security 
But, How to check security assessment ? 
?
13 
Smart TV Security 
So, We need to make security assessment. 
!
14 
TOE 
SMART TV 
TOE
15 
Smart TV Threat Analysis 
Title 
Jounal / Conference 
Author 
Smart TV Hacking: Crash Testing Your Home Entertainment 
Codenomicon 
Technical report (2012) 
R Kuipers, E Starck, 
H Heikkinen 
SmartTV Security - For Fun and NonProfit 
TrustWave (2012) 
Joaquim Espinhara, 
Ulisses Albuquerque 
Hacking, surveilling and deceiving victims on Smart TV 
Blackhat USA (2013) 
SeungJin Lee, 
Seungjoo Kim 
Smart TV Hacking (Research Project 1) 
University of Amsterdam (2013) 
Nikos Sidiropoulos, 
Periklis Stefopoulos 
HOW HACKERS ARE OUTSMARTING SMART TV’S AND WHY IT 
MATTERS TO YOU 
RSA Conference EUROPE (2013) 
Raimund Genes 
The Outer Limits: Hacking A Smart TV 
Toorcon 15 (2013) 
Aaron Grattafiori 
Watch and be Watched: Compromising All Smart TV Generations 
CCNC. IEEE. (2014) 
B Michéle, A Karpow 
Approach of Secure Smart-TV authentication using extended API 
Life Science Journal 11.7s ( 2014) 
JK Moon, JM Kim, 
BH Hong 
Forensic analysis of smart TV: A current issue and call to arms 
Digital Investigation 
Sutherland, Iain, 
Huw Read, 
Konstantinos Xynos 
A Review of Smart TV Forensics: Present State & Future Challenges 
DIPECC2013 
Al Falayleh, Mousa 
Study on smart TV Forensics 
KIISC 
Heesoo Kang, 
Minsu Park, 
Seungjoo Kim 
Related Works
16 
Smart TV Threat Analysis 
CVE Database 
Latest Threats 
from Papers, Articles, Blog 
SDK 
H/W 
OS
17 
Smart TV Threat Analysis 
CVE Database 
1 
3 
2 
127 
908 
43 
Latest Threats from Papers, Articles, Blog 
SDK (129) 
Smart TV Vulnerabilities 
OS (911) 
H/W (44)
18 
Smart TV Threat Analysis 
TOE 
Threats 
CVE 
SDK 
T.UNAUTHORIZED_APP 
T.UNAUTHORIZED_UPDATE 
129 
OS 
T.NETWORK_EAVESDROP 
T.NETWORK_ATTACK 
T.PERSISTENT_ACCESS 
T.UNAUTHORIZED_UPDATE 
T.PUBLIC_DATA_ACCESS 
T.PRIVATE_DATA_ACCESS 
911 
H/W 
T.PHYSICAL_ATTACK 
44
19 
Smart TV Threat Analysis
20 
Property 
Smart TV 
Smart phone 
Laptop 
Similar to Computer 
O 
O 
O 
Store 
private data 
O 
O 
O 
Support SDK & User Application 
O 
O 
X 
Contain Network Module 
O 
△ (not support Ethernet) 
O 
External Input 
O 
O 
O 
Smart TV SFR 
And Smart TV use web platform. 
Smart TV is similar to Smart phone, Laptop
21 
Mobile Device PP 
Web Browser PP 
Laptop PP 
Consider following protection profiles. 
Smart TV SFR
22 
Mobile Device PP 
Web Browser PP 
Laptop PP 
Smart TV SFR 
We couldn’t find Laptop PP.
23 
Smart TV SFR 
SDK (129) 
Smart TV Vulnerabilities 
OS (911) 
H/W (44) 
0 
249 
0 
67 
627 
10 
Mobile Device PP 
Web Browser PP
24 
Smart TV SFR 
65% 
23% 
Mobile Device PP 
Web Browser PP 
Smart TV vulnerabilities 
Mobile Device PP can remove 65% of Smart TV CVE. 
Web Browser PP can remove 23% of Smart TV CVE.
25 
Smart TV SFR 
Category 
Explanation 
Permission 
CVEs caused by improper permission check. 
Improper Data 
CVEs caused by garbage, malicious data, Etc. 
DoS 
CVEs caused by excessive request. 
Error Handling 
CVEs caused by mishandled error. 
Resource Management 
CVEs caused by memory consumption, deadlock, ETC. 
Buffer Overflow 
CVEs caused by Buffer Overflow attack. 
Crafted App 
CVEs caused by crafted application 
Sensitive Data disclosure 
CVEs caused by insufficient protection for sensitive data 
Authentication 
CVEs caused by weak authentication mechanism 
Arbitrary Code 
CVEs caused by arbitrary code from remote attacker
26 
Smart TV SFR 
Web Browser PP 
Mobile Device PP 
Smart TV vulnerabilities 
DoS 
Crafted App 
Buffer Overflow 
Sensitive data disclosure 
Authentication 
Arbitrary code 
Error handling 
Resource Management 
Improper Data 
Permission
27 
Smart TV SFR 
TOE 
Threats 
SFR 
SDK 
T.UNAUTHORIZED_APP 
T.UNAUTHORIZED_UPDATE 
FAU_GEN.1, FAU_SEL.1, FAU_STG_EXT.1, FPT_AEX_EXT.2, FPT_AEX_EXT.3, FPT_AEX_EXT.4, FPT_BBD_EXT.1… 
OS 
T.NETWORK_EAVESDROP 
T.NETWORK_ATTACK 
T.PERSISTENT_ACCESS 
T.UNAUTHORIZED_UPDATE 
T.PUBLIC_DATA_ACCESS 
T.PRIVATE_DATA_ACCESS 
FPT_AEX_EXT.2, FPT_AEX_EXT.3, FPT_AEX_EXT.4, FPT_BBD_EXT.1, 
FCS_CKM_EXT.1, FCS_CKM_EXT.2, FCS_CKM_EXT.3, FCS_CKM_EXT.4, FCS_DTLS_EXT.1, FCS_HTTPS_EXT.1, 
FMT_MOF.1(*), FMT_POL_EXT.1, FMT_SMF.1, FMT_SMF_EXT.1, FRU_RSA.1, FDP_IFC.1, FPT_FLS.1, FMT_MTD.1, FMT_MTD.2… 
H/W 
T.PHYSICAL_ATTACK 
FTP_ITC_EXT.1, FAU_STG_EXT.1..
28 
Smart TV SFR
29 
Conclusion 
Previous PP can not solve to Smart TV Security 
So Smart TV need extended SFR to remove all of the CVE 
In the Future, we will research about Protection Profile for various Smart CE
30 
Thank you 
minsoon2@korea.ac.kr
31 
Reference 
1.Kuipers, Rikke, Eeva Starck, and Hannu Heikkinen. "Smart TV Hacking: Crash Testing Your Home Entertainment." http://www.codenomicon.com/resources/whitepapers/codenomicon-wp-smart-tv-fuzzing.pdf, 2012. 
2.Joaquim Espinhara, Ulisses Albuquerque jespinhara. "SmartTV Security for Fun & Non-Profit." Silver Bullet 2012. 
3.SeungJin Lee, Seungjoo Kim. "Hacking, surveilling and deceiving victims on Smart TV." Blackhat USA 2013. 
4.Nikos Sidiropoulos, Periklis Stefopoulos. "Smart TV Hacking (Research Project 1)." University of Amsterdam, 2013. 
5.Raimund Genes. "HOW HACKERS ARE OUTSMARTING SMART TV’S AND WHY IT MATTERS TO YOU", RSA Conference EUROPE, 2013. 
6.Grattafiori. "The Outer Limits: Hacking A Smart TV." Toorcon 15, 2013. 
7.Michéle. Benjamin, and Andrew Karpow. "Watch and be Watched: Compromising All Smart TV Generations." Proceedings of the 11th Consumer Communications Networking Conference (to appear), CCNC. IEEE. 2014. 
8.Moon, Jeong-Kyung, Jin-Mook Kim, and Bong-Hwa Hong. "Approach of Secure Smart TV authentication using extended API." Life Science Journal 11.7s, 2014. 
9.Sutherland, Iain, Huw Read, and Konstantinos Xynos. "Forensic analysis of smart TV: A current issue and call to arms." Digital Investigation 2014. 
10.Al Falayleh, Mousa. "A Review of Smart TV Forensics: Present State & Future Challenges." The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC2013). The Society of Digital Information and Wireless Communication, 2013. 
11.Common Criteria Recognition Arrangement, "Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 4", Sep. 2012. 
12.Protection Profile for Mobile Device Fundamentals. Version 1.1, 2014. 
13.Protection Profile for Web Browsers. Version 1.0, 2014. 
14.CVE - Common Vulnerabilities and Exposures (CVE) Web page, https://cve.mitre.org. 
15.CVE security vulnerability database. Security vulnerabilities datasource Web page, http://www.cvedetails.com.

More Related Content

What's hot

Dual Authentication For Bluetooth Connection
Dual Authentication For Bluetooth ConnectionDual Authentication For Bluetooth Connection
Dual Authentication For Bluetooth ConnectionIJERA Editor
 
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painfDEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painfFelipe Prado
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
 
IRJET - Mirroring of Source and Sink Devices in Android Screen Casting
IRJET - Mirroring of Source and Sink Devices in Android Screen CastingIRJET - Mirroring of Source and Sink Devices in Android Screen Casting
IRJET - Mirroring of Source and Sink Devices in Android Screen CastingIRJET Journal
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacementTELKOMNIKA JOURNAL
 
IRJET- Voice Recognition -Butler Bot
IRJET-  	  Voice Recognition -Butler BotIRJET-  	  Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler BotIRJET Journal
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”iosrjce
 
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesSecurity threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesIJNSA Journal
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryptionAlireza Ghahrood
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Smart Surveillance Monitoring System using Raspberry pi and pir sensor
Smart Surveillance Monitoring System using Raspberry  pi and pir sensorSmart Surveillance Monitoring System using Raspberry  pi and pir sensor
Smart Surveillance Monitoring System using Raspberry pi and pir sensorAM Publications
 
OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016joebursell
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin
 
Ijarcet vol-2-issue-7-2389-2397
Ijarcet vol-2-issue-7-2389-2397Ijarcet vol-2-issue-7-2389-2397
Ijarcet vol-2-issue-7-2389-2397Editor IJARCET
 

What's hot (19)

IOIO Card
IOIO CardIOIO Card
IOIO Card
 
Dual Authentication For Bluetooth Connection
Dual Authentication For Bluetooth ConnectionDual Authentication For Bluetooth Connection
Dual Authentication For Bluetooth Connection
 
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painfDEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
DEFCON 23 - Matteo Becarro Matteo Collura - extracting the painf
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
 
IRJET - Mirroring of Source and Sink Devices in Android Screen Casting
IRJET - Mirroring of Source and Sink Devices in Android Screen CastingIRJET - Mirroring of Source and Sink Devices in Android Screen Casting
IRJET - Mirroring of Source and Sink Devices in Android Screen Casting
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware
 
2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement2FYSH: two-factor authentication you should have for password replacement
2FYSH: two-factor authentication you should have for password replacement
 
P01761113118
P01761113118P01761113118
P01761113118
 
V3I6-0108
V3I6-0108V3I6-0108
V3I6-0108
 
IRJET- Voice Recognition -Butler Bot
IRJET-  	  Voice Recognition -Butler BotIRJET-  	  Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler Bot
 
“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”“Design and Detection of Mobile Botnet Attacks”
“Design and Detection of Mobile Botnet Attacks”
 
Security threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devicesSecurity threats analysis in bluetooth enabled mobile devices
Security threats analysis in bluetooth enabled mobile devices
 
Cscu module 04 data encryption
Cscu module 04 data encryptionCscu module 04 data encryption
Cscu module 04 data encryption
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
Smart Surveillance Monitoring System using Raspberry pi and pir sensor
Smart Surveillance Monitoring System using Raspberry  pi and pir sensorSmart Surveillance Monitoring System using Raspberry  pi and pir sensor
Smart Surveillance Monitoring System using Raspberry pi and pir sensor
 
OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016OWASP Cambridge Chapter Meeting 13/12/2016
OWASP Cambridge Chapter Meeting 13/12/2016
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhofer
 
Ijarcet vol-2-issue-7-2389-2397
Ijarcet vol-2-issue-7-2389-2397Ijarcet vol-2-issue-7-2389-2397
Ijarcet vol-2-issue-7-2389-2397
 

Viewers also liked

보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)Seungjoo Kim
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
 
성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -Seungjoo Kim
 
PP for E-Certificate Issuance System
PP for E-Certificate Issuance SystemPP for E-Certificate Issuance System
PP for E-Certificate Issuance SystemSeungjoo Kim
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
 
Problem and Improvement of the Composition Documents for Smart Card Composed ...
Problem and Improvement of the Composition Documents for Smart Card Composed ...Problem and Improvement of the Composition Documents for Smart Card Composed ...
Problem and Improvement of the Composition Documents for Smart Card Composed ...Seungjoo Kim
 
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 годаАлексей Арешев
 
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 годаАлексей Арешев
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
Writing the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New ZealandWriting the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New ZealandMartin McMorrow
 

Viewers also liked (13)

보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
 
성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -
 
PP for E-Certificate Issuance System
PP for E-Certificate Issuance SystemPP for E-Certificate Issuance System
PP for E-Certificate Issuance System
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
 
Problem and Improvement of the Composition Documents for Smart Card Composed ...
Problem and Improvement of the Composition Documents for Smart Card Composed ...Problem and Improvement of the Composition Documents for Smart Card Composed ...
Problem and Improvement of the Composition Documents for Smart Card Composed ...
 
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 года
 
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 года
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
Sketch root locus
Sketch root locusSketch root locus
Sketch root locus
 
Writing the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New ZealandWriting the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New Zealand
 
іс тәжірибе
іс тәжірибеіс тәжірибе
іс тәжірибе
 
алгебра 8 (рабочая тетрадь)
алгебра 8 (рабочая тетрадь)алгебра 8 (рабочая тетрадь)
алгебра 8 (рабочая тетрадь)
 

Similar to Developing a Protection Profile for Smart TV

전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-JM code group
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011EASTWEST Public Relations
 
IRJET- Android Device Attacks and Threats
IRJET-  	  Android Device Attacks and ThreatsIRJET-  	  Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
DEBJIT Doira ......... ..................
DEBJIT Doira ......... ..................DEBJIT Doira ......... ..................
DEBJIT Doira ......... ..................ARKARAJSAHA1
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android applicationIAEME Publication
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
Mobile security trends
Mobile security trendsMobile security trends
Mobile security trendsKen Huang
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...IJCSIS Research Publications
 
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...IRJET Journal
 
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...IRJET Journal
 
Securing Wireless IoT Networks from Backdoor Stealthy Attacks
Securing Wireless IoT Networks from Backdoor Stealthy AttacksSecuring Wireless IoT Networks from Backdoor Stealthy Attacks
Securing Wireless IoT Networks from Backdoor Stealthy AttacksJunaid Farooq
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Presentation on iot- Internet of Things
Presentation on iot- Internet of ThingsPresentation on iot- Internet of Things
Presentation on iot- Internet of ThingsJIGAR MAKHIJA
 

Similar to Developing a Protection Profile for Smart TV (20)

전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
 
IRJET- Android Device Attacks and Threats
IRJET-  	  Android Device Attacks and ThreatsIRJET-  	  Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
DEBJIT Doira ......... ..................
DEBJIT Doira ......... ..................DEBJIT Doira ......... ..................
DEBJIT Doira ......... ..................
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOT
 
Mobile security trends
Mobile security trendsMobile security trends
Mobile security trends
 
IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdf
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
 
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
 
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
Effects of Backdoor Awareness on Cyber Hygiene Culture of Nigeria’s Civil Ser...
 
Securing Wireless IoT Networks from Backdoor Stealthy Attacks
Securing Wireless IoT Networks from Backdoor Stealthy AttacksSecuring Wireless IoT Networks from Backdoor Stealthy Attacks
Securing Wireless IoT Networks from Backdoor Stealthy Attacks
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Presentation on iot- Internet of Things
Presentation on iot- Internet of ThingsPresentation on iot- Internet of Things
Presentation on iot- Internet of Things
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 

More from Seungjoo Kim

블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리Seungjoo Kim
 
[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. SyllabusSeungjoo Kim
 
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...Seungjoo Kim
 
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...Seungjoo Kim
 
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto BlockchainSeungjoo Kim
 
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart ContractSeungjoo Kim
 
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and MetaverseSeungjoo Kim
 
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other AltcoinsSeungjoo Kim
 
[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark CoinsSeungjoo Kim
 
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...Seungjoo Kim
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
 
Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Seungjoo Kim
 
Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Seungjoo Kim
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
 
How South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsHow South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsSeungjoo Kim
 
Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Seungjoo Kim
 
Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Seungjoo Kim
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
 

More from Seungjoo Kim (20)

블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리
 
[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus
 
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
 
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
 
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
 
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
 
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
 
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
 
[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins
 
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
 
Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)
 
Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
 
How South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsHow South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber Threats
 
Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?
 
Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCL
 

Recently uploaded

ALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdfALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdfMadan Karki
 
Supermarket billing system project report..pdf
Supermarket billing system project report..pdfSupermarket billing system project report..pdf
Supermarket billing system project report..pdfKamal Acharya
 
Lesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsxLesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsxmichaelprrior
 
Theory for How to calculation capacitor bank
Theory for How to calculation capacitor bankTheory for How to calculation capacitor bank
Theory for How to calculation capacitor banktawat puangthong
 
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfInstruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfEr.Sonali Nasikkar
 
Multivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptxMultivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptxalijaker017
 
Introduction to Arduino Programming: Features of Arduino
Introduction to Arduino Programming: Features of ArduinoIntroduction to Arduino Programming: Features of Arduino
Introduction to Arduino Programming: Features of ArduinoAbhimanyu Sangale
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfJNTUA
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesRashidFaridChishti
 
How to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdfHow to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdftawat puangthong
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualBalamuruganV28
 
Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1T.D. Shashikala
 
Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...
Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...
Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...jiyav969
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsMathias Magdowski
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site  Visit Report."United Nations Park" Site  Visit Report.
"United Nations Park" Site Visit Report.MdManikurRahman
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdfAlexander Litvinenko
 
Microkernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemMicrokernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemSampad Kar
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxKarpagam Institute of Teechnology
 
Insurance management system project report.pdf
Insurance management system project report.pdfInsurance management system project report.pdf
Insurance management system project report.pdfKamal Acharya
 
Geometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdfGeometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdfJNTUA
 

Recently uploaded (20)

ALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdfALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdf
 
Supermarket billing system project report..pdf
Supermarket billing system project report..pdfSupermarket billing system project report..pdf
Supermarket billing system project report..pdf
 
Lesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsxLesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsx
 
Theory for How to calculation capacitor bank
Theory for How to calculation capacitor bankTheory for How to calculation capacitor bank
Theory for How to calculation capacitor bank
 
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfInstruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
 
Multivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptxMultivibrator and its types defination and usges.pptx
Multivibrator and its types defination and usges.pptx
 
Introduction to Arduino Programming: Features of Arduino
Introduction to Arduino Programming: Features of ArduinoIntroduction to Arduino Programming: Features of Arduino
Introduction to Arduino Programming: Features of Arduino
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdf
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
 
How to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdfHow to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdf
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
 
Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1
 
Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...
Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...
Vip ℂall Girls Karkardooma Phone No 9999965857 High Profile ℂall Girl Delhi N...
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site  Visit Report."United Nations Park" Site  Visit Report.
"United Nations Park" Site Visit Report.
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
Microkernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemMicrokernel in Operating System | Operating System
Microkernel in Operating System | Operating System
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
Insurance management system project report.pdf
Insurance management system project report.pdfInsurance management system project report.pdf
Insurance management system project report.pdf
 
Geometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdfGeometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdf
 

Developing a Protection Profile for Smart TV

  • 1. Developing a PP for Smart TV Security Analysis aNd Evaluation(SANE) Lab. ICCC 2014 Minsu Park*, Heesoo Kang, Jaeki Kim, Seungjin Lee, Seungjoo Kim** minsoon2@korea.ac.kr, kukulux@gmail.com, jack2@korea.ac.kr, beist@grayhash.com, skim71@korea.ac.kr CIST (Center for Information Security Technologies), Korea University *1st Author, **Corresponding Author
  • 2. 2 Author Minsu Park E-mail : minsoon2@korea.ac.kr Facebook : @bucktae Minsu Park received his B.S degree in Computer Network from Silla University of Korea, in 2010 and also received his M.S degree in Information Security from Korea University of Korea, in 2013. He is currently working toward the Ph.D. degree in In-formation Security, Korea University, Korea. His research interests include Information Assurance, IoT Security, Digital Forensic and Usable Security.
  • 3. 3 Author Heesoo Kang E-mail : kukulux@gmail.com Facebook : @kukulux Heesoo Kang received his B.S. (2013) in computer science from Chung Ang University in Korea. Now he is enroll in the M.S. at Korea University. His research interests include smart device security, security evaluation, and mobile security. Jaeki Kim E-mail : jack2@korea.ac.kr Facebook : @2runjack2 Jaeki Kim received his B.S. (2013) in Computer Engineering from Hanyang University ERICA in Korea. and, He served as Security Technology Team of the INetCop for 1 years. also, He participated a program for the training next-generation's best IT security leaders, called 'Best of the Best' 2nd (2013). His research interests include Android Security and Embedded devices Security. He is now a graduate student at CIST SANE LAB, Korea University.
  • 4. 4 Author SeungJin Lee E-mail : beist@grayhash.com Twitter : @beist Facebook : @beistlab SeungJin Lee has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does consulting for big companies in Korea and is now a graduate student at CIST SANE LAB, Korea University.
  • 5. 5 Author Seungjoo Kim E-mail : skim71@korea.ac.kr Homepage : www.kimlab.net Facebook, Twitter : @skim71 Prof. Seungjoo Kim received his B.S., M.S. and Ph.D. from Sungkyunkwan University (SKKU) of Korea, in 1994, 1996 and 1999, respectively. Prior to joining the faculty at Korea University (KU) in 2011, He served as Assistant & Associate Professor at SKKU for 7 years. Before that, He served as Director of the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team of the Korea Internet & Security Agency (KISA) for 5 years. He is currently a Professor in the Graduate School of Information Security Technologies (CIST). Also, He is a Founder and Advisory director of a hacker group, HARU and an international security & hacking conference, SECUINSIDE. Prof. Seungjoo Kim’s research interests are mainly on cryptography, Cyber Physical Security, IoT Security, and HCI Security. He is a corresponding author.
  • 6. 6 Acknowledgement This work was supported by the ICT R&D program of MSIP/IITP. [2014(10043959), Development of EAL4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices]
  • 7. 7 Contents Smart TV Smart TV Security TOE Smart TV Threat Analysis Smart TV SFR Conclusion Reference
  • 8. 8 Smart TV Television set with integrated Internet capabilities
  • 9. 9 Smart TV Property IPTV Smart TV Transmission Media Premium networks General Internet QoS (Quality of Service) Guarantee Difficult to guarantee Real-time broadcasting O O Web Surfing △ O Type Closed Open Smart TV is different to existing TV
  • 10. 10 Smart TV Lots of H/W devices. (Network Device, CPU, ETC) Act like Computer
  • 11. 11 Smart TV Security Several vulnerabilities are found. Unencrypted Network packet Malicious Media file Browser Vulnerability Private data leakage Remote-control App Daemon Kernel Vulnerability
  • 12. 12 Smart TV Security But, How to check security assessment ? ?
  • 13. 13 Smart TV Security So, We need to make security assessment. !
  • 14. 14 TOE SMART TV TOE
  • 15. 15 Smart TV Threat Analysis Title Jounal / Conference Author Smart TV Hacking: Crash Testing Your Home Entertainment Codenomicon Technical report (2012) R Kuipers, E Starck, H Heikkinen SmartTV Security - For Fun and NonProfit TrustWave (2012) Joaquim Espinhara, Ulisses Albuquerque Hacking, surveilling and deceiving victims on Smart TV Blackhat USA (2013) SeungJin Lee, Seungjoo Kim Smart TV Hacking (Research Project 1) University of Amsterdam (2013) Nikos Sidiropoulos, Periklis Stefopoulos HOW HACKERS ARE OUTSMARTING SMART TV’S AND WHY IT MATTERS TO YOU RSA Conference EUROPE (2013) Raimund Genes The Outer Limits: Hacking A Smart TV Toorcon 15 (2013) Aaron Grattafiori Watch and be Watched: Compromising All Smart TV Generations CCNC. IEEE. (2014) B Michéle, A Karpow Approach of Secure Smart-TV authentication using extended API Life Science Journal 11.7s ( 2014) JK Moon, JM Kim, BH Hong Forensic analysis of smart TV: A current issue and call to arms Digital Investigation Sutherland, Iain, Huw Read, Konstantinos Xynos A Review of Smart TV Forensics: Present State & Future Challenges DIPECC2013 Al Falayleh, Mousa Study on smart TV Forensics KIISC Heesoo Kang, Minsu Park, Seungjoo Kim Related Works
  • 16. 16 Smart TV Threat Analysis CVE Database Latest Threats from Papers, Articles, Blog SDK H/W OS
  • 17. 17 Smart TV Threat Analysis CVE Database 1 3 2 127 908 43 Latest Threats from Papers, Articles, Blog SDK (129) Smart TV Vulnerabilities OS (911) H/W (44)
  • 18. 18 Smart TV Threat Analysis TOE Threats CVE SDK T.UNAUTHORIZED_APP T.UNAUTHORIZED_UPDATE 129 OS T.NETWORK_EAVESDROP T.NETWORK_ATTACK T.PERSISTENT_ACCESS T.UNAUTHORIZED_UPDATE T.PUBLIC_DATA_ACCESS T.PRIVATE_DATA_ACCESS 911 H/W T.PHYSICAL_ATTACK 44
  • 19. 19 Smart TV Threat Analysis
  • 20. 20 Property Smart TV Smart phone Laptop Similar to Computer O O O Store private data O O O Support SDK & User Application O O X Contain Network Module O △ (not support Ethernet) O External Input O O O Smart TV SFR And Smart TV use web platform. Smart TV is similar to Smart phone, Laptop
  • 21. 21 Mobile Device PP Web Browser PP Laptop PP Consider following protection profiles. Smart TV SFR
  • 22. 22 Mobile Device PP Web Browser PP Laptop PP Smart TV SFR We couldn’t find Laptop PP.
  • 23. 23 Smart TV SFR SDK (129) Smart TV Vulnerabilities OS (911) H/W (44) 0 249 0 67 627 10 Mobile Device PP Web Browser PP
  • 24. 24 Smart TV SFR 65% 23% Mobile Device PP Web Browser PP Smart TV vulnerabilities Mobile Device PP can remove 65% of Smart TV CVE. Web Browser PP can remove 23% of Smart TV CVE.
  • 25. 25 Smart TV SFR Category Explanation Permission CVEs caused by improper permission check. Improper Data CVEs caused by garbage, malicious data, Etc. DoS CVEs caused by excessive request. Error Handling CVEs caused by mishandled error. Resource Management CVEs caused by memory consumption, deadlock, ETC. Buffer Overflow CVEs caused by Buffer Overflow attack. Crafted App CVEs caused by crafted application Sensitive Data disclosure CVEs caused by insufficient protection for sensitive data Authentication CVEs caused by weak authentication mechanism Arbitrary Code CVEs caused by arbitrary code from remote attacker
  • 26. 26 Smart TV SFR Web Browser PP Mobile Device PP Smart TV vulnerabilities DoS Crafted App Buffer Overflow Sensitive data disclosure Authentication Arbitrary code Error handling Resource Management Improper Data Permission
  • 27. 27 Smart TV SFR TOE Threats SFR SDK T.UNAUTHORIZED_APP T.UNAUTHORIZED_UPDATE FAU_GEN.1, FAU_SEL.1, FAU_STG_EXT.1, FPT_AEX_EXT.2, FPT_AEX_EXT.3, FPT_AEX_EXT.4, FPT_BBD_EXT.1… OS T.NETWORK_EAVESDROP T.NETWORK_ATTACK T.PERSISTENT_ACCESS T.UNAUTHORIZED_UPDATE T.PUBLIC_DATA_ACCESS T.PRIVATE_DATA_ACCESS FPT_AEX_EXT.2, FPT_AEX_EXT.3, FPT_AEX_EXT.4, FPT_BBD_EXT.1, FCS_CKM_EXT.1, FCS_CKM_EXT.2, FCS_CKM_EXT.3, FCS_CKM_EXT.4, FCS_DTLS_EXT.1, FCS_HTTPS_EXT.1, FMT_MOF.1(*), FMT_POL_EXT.1, FMT_SMF.1, FMT_SMF_EXT.1, FRU_RSA.1, FDP_IFC.1, FPT_FLS.1, FMT_MTD.1, FMT_MTD.2… H/W T.PHYSICAL_ATTACK FTP_ITC_EXT.1, FAU_STG_EXT.1..
  • 28. 28 Smart TV SFR
  • 29. 29 Conclusion Previous PP can not solve to Smart TV Security So Smart TV need extended SFR to remove all of the CVE In the Future, we will research about Protection Profile for various Smart CE
  • 30. 30 Thank you minsoon2@korea.ac.kr
  • 31. 31 Reference 1.Kuipers, Rikke, Eeva Starck, and Hannu Heikkinen. "Smart TV Hacking: Crash Testing Your Home Entertainment." http://www.codenomicon.com/resources/whitepapers/codenomicon-wp-smart-tv-fuzzing.pdf, 2012. 2.Joaquim Espinhara, Ulisses Albuquerque jespinhara. "SmartTV Security for Fun & Non-Profit." Silver Bullet 2012. 3.SeungJin Lee, Seungjoo Kim. "Hacking, surveilling and deceiving victims on Smart TV." Blackhat USA 2013. 4.Nikos Sidiropoulos, Periklis Stefopoulos. "Smart TV Hacking (Research Project 1)." University of Amsterdam, 2013. 5.Raimund Genes. "HOW HACKERS ARE OUTSMARTING SMART TV’S AND WHY IT MATTERS TO YOU", RSA Conference EUROPE, 2013. 6.Grattafiori. "The Outer Limits: Hacking A Smart TV." Toorcon 15, 2013. 7.Michéle. Benjamin, and Andrew Karpow. "Watch and be Watched: Compromising All Smart TV Generations." Proceedings of the 11th Consumer Communications Networking Conference (to appear), CCNC. IEEE. 2014. 8.Moon, Jeong-Kyung, Jin-Mook Kim, and Bong-Hwa Hong. "Approach of Secure Smart TV authentication using extended API." Life Science Journal 11.7s, 2014. 9.Sutherland, Iain, Huw Read, and Konstantinos Xynos. "Forensic analysis of smart TV: A current issue and call to arms." Digital Investigation 2014. 10.Al Falayleh, Mousa. "A Review of Smart TV Forensics: Present State & Future Challenges." The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC2013). The Society of Digital Information and Wireless Communication, 2013. 11.Common Criteria Recognition Arrangement, "Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 4", Sep. 2012. 12.Protection Profile for Mobile Device Fundamentals. Version 1.1, 2014. 13.Protection Profile for Web Browsers. Version 1.0, 2014. 14.CVE - Common Vulnerabilities and Exposures (CVE) Web page, https://cve.mitre.org. 15.CVE security vulnerability database. Security vulnerabilities datasource Web page, http://www.cvedetails.com.