Yen Ming Chen (Senior Managing Consultant, Foundstone - A division of McAfee Inc.)
May 19, 2006
Presentation Title: Triple Play; Triple Threat? — IPTV Security
Presentation Details:
The “Triple-play†strategy (Data, Voice and Video) is set to enable Telecoms to increase their Average Revenue per Unit (ARPU) and revolutionize current home entertainment. IPTV generated revenue is expected to have 102% CAGR from year 2004 – 2010. While security issues in Data and Voice of the “Triple-Play†strategy have been examined in details, not much has been done in the IPTV field. In this presentation, we will look at IPTV’s advantages in business, architecture, threats and some of the vulnerabilities that have been seen on the field. The IPTV architecture comprise of the Content Source, Head-End, Delivery and Management network and Consumer Home network. Current security threats (malicious attackers, worms or disasters) could stop the Telecoms from making profit or even losing money. The presentation will present some real-life weaknesses and vulnerabilities and provide countermeasures for Telecoms.
Triple Play Strategy Data Voice IPTV Known Security Problems Data Voice New Addition: IPTV Architecture Content Source Head-End Delivery and Management network Home network IPTV Risk Analysis Privacy Confidentiality Integrity Availability Interoperability IPTV Vulnerabilities Home network Set-Top Box How to steal your neighbor’s subscription Home gateway Delivery and Management network Access Control List IGMP/Multicast Infrastructure Weakness Head-End Buffer Overflow Other Issues Content Source Unencrypted content storage DRM Countermeasures People Process Technology Conclusion Q & A
About Yen Ming
Yen-Ming leads Foundstone consultants to provide strategic security consulting services to Global 2000 clients. With almost a decade of experience in business development, IT and security, Yen-Ming brings extensive knowledge in both business and technology to his clients. Yen-Ming established the Asian Pacific branch in Singapore for Foundstone and has been instrumental in growing business for Foundstone in APAC. He has performed security assessments for security technologies (ISA server, firewall, and other security products), business applications (financial applications, CRM, and Tax software) and other technologies (multi-functional office equipments and IPTV). He contributed to Four books and numerous articles published on SecurityFocus and other magazines. He’s frequent speaker for conferences like CSI, MISTI and others. He served as a Lead Instructor for Foundstone’s Ultimate Hacking series classes. Before joining Foundstone, Yen-Ming worked at Carnegie Mellon University and he created the first intrusion detection system appliance prototype using PicoBSD and Snort. He also wrote the first intrusion detection log correlation and analysis program, snort-stat, for Snort. Yen-Ming held a MS in Information Networking from Carnegie Mellon University and a BS in Mathematics from National Central University.
