x
Optical/IP

IPTV Security: Content Is King

LAS VEGAS -- NAB2005 -- IPTV content streams -- like other IP services, such as VOIP -- are subject to spoofing, spamming, content theft, and other types of hacks, broadcast industry folks here say.

In contrast to the analog world, where tampering with the content meant using black-market hardware to unscramble a signal, IPTV encryption takes place on the software level. So hacking into a system is really just a matter of writing some malicious code. And that's got some carriers and content providers worried (see LR's TIC: Get Me Video).

Several kinds of IP-based attacks are possible on IPTV networks. In the IPTV world, for example, spoofing is possible, but there's no precedent yet, according to Jim Veres, VP of advanced engineering for Widevine Technologies Inc.

“Hackers can spoof an IPTV network by trying to pretend they are a headend and flowing content down to your set-top box that might not be appropriate,” Veras says. “The question is how does somebody make money doing that -- although I don’t understand why people do denial-of-service attacks either.”

The good news, sort of, is that because digital video content has saleable value, most IPTV security efforts to date have focused on theft prevention.

“Once one person has managed to pirate a piece of content, it can go from one user to a million users in a very short period of time,” says Brian Baker, Widevine's CEO. Pirated video content is often passed to other users over peer-to-peer networks such as Kazaa, he says.

Because of the piracy problems that have occurred since the digitization of video, content providers -- including everybody from CNN to the Hollywood studios -- naturally have a good deal of skepticism about distributing their content over end-to-end IP networks (see Video May Drive the IP Star).

Enter the IPTV conditional access (CA) and digital rights management (DRM) companies -- many of which are on hand here. Conditional access solutions encrypt video files or streams and assign "soft" decryption keys for use by the set-top box that's receiving the content. Digital rights management solutions set usage rules around the video content dictating how many times the file may be watched or copied, for example (see Comcast, Moto Playing Nice With Devices).

A few dominant players have emerged in the IPTV CA and DRM space, and that seems just fine with vendors here. “To be honest, I wish it were just one or two because it takes a lot of time and a lot of money to integrate this software into the set-top box,” says Federico Sanchez, Motorola Inc.'s (NYSE: MOT) product manager for IPTV set-top boxes.

“The top five telcos in the world have already made up their minds on which middleware and which DRM systems they want to use. I tend to see, in no specific order, Widevine, Microsoft, and Verimatrix requests when I see RFPs.”

Other content security players include NDS Inc., Nagravision SA, Conax AS, and Irdeto Access.

The bottom line is that service providers -- cable and telecom operators alike -- have to prove to content creators that the content will be secure on their networks, otherwise the creators withhold the content.

Even the DRM makers themselves sometimes aren't safe. A famous example: In 2001, hackers violated Microsoft’s own DRM solution to steal a closed-circuit, Microsoft company meeting broadcast wherein Steve Balmer danced and shouted in what is now called the “Monkey Boy” speech.

“There were incidents a few years ago where people were trying to hack in and shut them down, but third-party software got better, and routers got better, and you don’t hear as much about that now as you did three years ago,” Widevine's Veres says.

Veres, a former Microsoft employee, says he is unaware of any denial-of-service attacks having been perpetrated on an IPTV system to date, but he's not holding his breath. “On the Internet, anything is possible,” he says.

— Mark Sullivan, Reporter, Light Reading




CALLING ALL SECURITY APPLIANCE MANUFACTURERS:
Make sure your company and products are listed free of charge in Light Reading's Security Appliances Directory, now in progress, by completing this questionnaire.




CALLING ALL SUPPLIERS OF IP SERVICE SOFTWARE:
Make sure your company and products are listed free of charge in Light Reading's IP Services Software Directory, which already lists products from more than 100 companies, by completing this questionnaire.

BigBrother 12/5/2012 | 3:18:23 AM
re: IPTV Security: Content Is King If there is no mechanism to stop Terrorists from sending their messages or Spammers to create ads down the pipes, Spammers will do that to make money. They don't even have to live in the same country to do the spoofing.
OldPOTS 12/5/2012 | 3:18:16 AM
re: IPTV Security: Content Is King USTA is running adds in my area that customers don't care how TV is delivered only that the delivery methods; cable, satellite and telcos DSL/FTTU should be treated equally. Tell your represenatives.

Great marketing, but I contend that those overlaying adds/spams will change their minds quickly.

I am still an Analog sub on cable, in spite of their numerous attempts to slam me to 'digital'. I just want reasonably priced and hassle free TV USTA.

OldPOTS
OldPOTS 12/5/2012 | 3:18:16 AM
re: IPTV Security: Content Is King I recently saw an application to add AIN of a phone call over the TV picture using the Set-top-box. Marketeers and Hackers will be next with Adds and Spams without much trouble.

Think of those numerous Supper Bowl Spam-Adds you'd get.
That means I don't care how well you protect the content with IPTV CA and DRM when I can advertise over it for free.

What kind of network security do you think we really need?? Can it be achived?

OldPOTS
bitguy 12/5/2012 | 3:18:15 AM
re: IPTV Security: Content Is King Preventing spoofing a headend should be relatively easy - only accept multicast from the network side of the access mux, from a dedicated video VLAN/PVC. Anything other than an IGMP request gets dropped. Any DSLAM vendor who has a clue will implement something like this for video.

I think a DOS attack against the access mux (IGMP) is probably the most likely to succeed, given that channel change has to take place as close to the sub as possible, and IGMP is the channel change method. Rate limiting IGMP requests to 1 per second per sub or something similar would probably elimiate that problem.

Spoofing someone elses STB with a PC for example - possible but difficult, given that the DSLAM should authenticate via MAC address (spoofable) and the middleware should provide another level of authentication / key management should make it difficult to steal the content.

Any other suggestions?
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE