Security on over the top TV services
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2011 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10451/7998 |
Resumo: | Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011 |
| id |
RCAP_e51571292eb5a9fe0802f06f848c2215 |
|---|---|
| oai_identifier_str |
oai:repositorio.ul.pt:10451/7998 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Security on over the top TV servicesInternetVídeoSegurançaOTTIPTVTeses de mestrado - 2011Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011The widespread availability of high bandwidth internet access on fixed and mobile networks in conjuction with the availability of mobile devices powerful enough to play streamed high quality vídeo, has created the demand for services that deliver television and vídeo contente over the internet to television sets, personal computers and mobile devices. This demand has lead to the appearance of over-the-top TV and video service providers that deliver video over the internet, using networks not operated by them. Video delivery in an open environment, like the internet, requires operators to implement security mechanisms to protect their valuable content from illicit access and distribution. In this thesis, we investigate security properties needed to securely deliver OTT video services. In order to assess the security mechanisms employed to enforce authentication, authorization, digital rights management and geographical restrictions, we survey three prominent OTT service providers. Due to their size and choice of technologies, we selected Netflix, Hulu and Comcast. We studied the interactions between the client applications and the providers’ servers by inspecting the traffic of messages exchanged. For each of the security mechanisms analyzed, experiments were designed to find flaws and test their effectiveness. The most important of the identified security issues are related to the handling and transmission of HTTP cookies when using web browser-based clients. These vulnerabilities are common to all surveyed providers and can be exploited by adversaries to steal authentication cookies and impersonate the customer, allowing illicit access to video assets and private information of the customer. A cookie stealing and session hijacking attack is described and mitigation strategies are presented for OTT service providers, users and wireless network access point administrators. These consist in the use of SSL to protect authentication tokens, the use HTTPS only or VPN services, and the use of WPA2 to protect wireless networks, respectively. An interesting result, observed with the analyzed mobile client for Android devices, is that it uses SSL to protect the transmission of HTTP cookies used for authentication. Thus it is not vulnerable to the described attack.Christin, NicolasNeves, Nuno Fuentecilla Maia Ferreira, 1969-Repositório da Universidade de LisboaPereira, Carlos Filipe Zambujo Lopes2013-03-15T16:20:47Z20112011-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/7998enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T15:51:36Zoai:repositorio.ul.pt:10451/7998Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:32:39.496849Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Security on over the top TV services |
| title |
Security on over the top TV services |
| spellingShingle |
Security on over the top TV services Pereira, Carlos Filipe Zambujo Lopes Internet Vídeo Segurança OTT IPTV Teses de mestrado - 2011 |
| title_short |
Security on over the top TV services |
| title_full |
Security on over the top TV services |
| title_fullStr |
Security on over the top TV services |
| title_full_unstemmed |
Security on over the top TV services |
| title_sort |
Security on over the top TV services |
| author |
Pereira, Carlos Filipe Zambujo Lopes |
| author_facet |
Pereira, Carlos Filipe Zambujo Lopes |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Christin, Nicolas Neves, Nuno Fuentecilla Maia Ferreira, 1969- Repositório da Universidade de Lisboa |
| dc.contributor.author.fl_str_mv |
Pereira, Carlos Filipe Zambujo Lopes |
| dc.subject.por.fl_str_mv |
Internet Vídeo Segurança OTT IPTV Teses de mestrado - 2011 |
| topic |
Internet Vídeo Segurança OTT IPTV Teses de mestrado - 2011 |
| description |
Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011 |
| publishDate |
2011 |
| dc.date.none.fl_str_mv |
2011 2011-01-01T00:00:00Z 2013-03-15T16:20:47Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/7998 |
| url |
http://hdl.handle.net/10451/7998 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799134219803295744 |