Abstract
This paper defines and maps all possible threats to broadcasting services. Viewers currently use various types of broadcasting services—including cable TV, IPTV, and mobile TV, among others—and broadcast business operators are now developing the appropriate security mechanisms for each medium to safely and reliably provide broadcasting services to their audiences. Unlike mobile TV, which uses of a public network as in an over-the-top configuration, cable TV and IPTV are basically closed networks in terms of network security. However, they also link with external networks to provide additional services (bidirectional services or commerce-related services). Therefore, broadcast business operators of with various types of broadcast media are susceptible to security threats from which their broadcasting services may come to a halt or may be abused by hackers, such as with well-developed APT attacks, as well as other common external attacks. The common vulnerability scoring system for IT security is used to conduct a quantitative evaluation of the risk to security threats for broadcasting services. We also derive the results of a penetration test for the STB through the results presented with respect to a security threat. This result will help address potential security vulnerabilities in broadcasting services.
Similar content being viewed by others
References
EBU Project Group B/CA. (1995). Functional model of a conditional access system, EBU Technical Review.
Tu, F.-K., Laih, C.-S., & Tung, H.-H. (1999). On key distribution management for conditional access system on pay-TV system. IEEE Transactions on Consumer Electronics, 45(1), 151–158.
Tianbo, L., Feng, X., Yong, P., & Jin, X. (2011). Analysis of security standardization for IPTV. In 2011 3rd international conference on advanced computer control, pp. 219–223.
Song, W. J., Kim, W. H., Kim, B. G., Kang, M., & Choi, M. (2003). Contents protection system using smart card interface for digital CATV network based on the OpenCable specification. In 2003 IEEE international conference on consumer electronics, pp. 274–275.
Joh, H., & Malaiya, Y. K. (2010). A framework for software security risk evaluation using the vulnerability lifecycle and CVSS metrics. In 2010 international workshop on risk trust in extended enterprises, pp. 430–434.
Joh, H., & Malaiya, Y. K. (2011). Defining and assessing quantitative security risk measures using vulnerability lifecycle and CVSS metrics. In The 2011 international conference on security and management, pp. 10–16.
Wang, S., Xia, C., Jinghua, & Jia, Q. (2015). Vulnerability evaluation based on CVSS and environmental information statistics. In 2015 4th international conference on computer science and network technology, pp. 1249–1252.
Younis, A., Malaiya, Y. K., & Ray, I. (2016). Evaluating CVSS base score using vulnerability rewards programs. ICT Systems Security and Privacy Protection, 471, 62–75.
Smith, E. S. (1970). The emergence of CATV: A look at the evolution of a revolution. Proceeding of the IEEE, 58(7), 967–982.
Jeffrey, M., Park, S., Lee, K., Adams, G., & Savage, S. (2008). Content security for IPTV. IEEE Communications Magazine, 46(11), 138–146.
Llort, J., Canovas, A., Tomas, J., & Atenas, M. (2012). A network management algorithm and protocol for improving QoE in mobile IPTV. Computer Communication, 35(15), 1855–1870.
STRIDE Threat Model., https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx.
ENISA Threat Landscape 2014. (2014). Overview of current and emerging cyber-threats.
NIST SP 800-30 Rev.1. (2012). Guide for conducting risk assessments.
ITU-T. (2009). Functional requirements and architecture for IPTV security aspects, X.1191.
CVSS v3.0. (2015). Specification document.
CVSS v3.0. (2015). User guide.
CVSS v3.0. (2015). Examples.
http://mychristiantv.com.au/wp-content/uploads/Instal-Life-Update%20STB-USB-2016.pdf.
Acknowledgements
This research was supported by the MSIP(Ministry of Science, ICT and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2017-R0992-16-1006) supervised by the IITP (Institute for Information & communications Technology Promotion).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, J.H., Kim, S.J. Analysis and Security Evaluation of Security Threat on Broadcasting Service. Wireless Pers Commun 95, 4149–4169 (2017). https://doi.org/10.1007/s11277-017-4056-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4056-z