lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CA+CewVAixOQ1XYcooF=CbKct4QYT=KAEnqUK-XuyDsEpx_Ez3A@mail.gmail.com>
Date: Fri, 24 Apr 2015 16:32:35 +0100
From: "Nicholas Lemonias." <lem.nikolas@...glemail.com>
To: bugtraq@...urityfocus.com
Subject: 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X
 Security Evaluation Draft Notes - Advanced Information Security Corporation

Author: Nicholas Lemonias

Advisory Date: 23/4/2015

4k Satellite Security Research - DVB-S2X Standard Evaluation Notes
#             .       .                   .       .      .     .      .
#            .    .         .    .            .     ______
#        .           .             .               ////////
#                  .    .   ________   .  .      /////////     .    .
#             .            |.____.  /\        ./////////    .
#      .                 .//      \/  |\     /////////
#         .       .    .//          \ |  \ /////////       .     .   .
#                      ||.    .    .| |  ///////// .     .
#       .    .         ||           | |//`,/////                .
#               .       \\        ./ //  /  \/   .
#    .                    \\.___./ //\` '   ,_\     .     .
#            .           .     \ //////\ , /   \                 .    .
#                         .    ///////// \|  '  |    .
#        .        .          ///////// .   \ _ /          .
#                          /////////                              .
#                   .   ./////////     .     .
#           .           --------   .                  ..             .
#   .               .        .         .                       .
#                          ________________________
#  ____________------------                        -------------_________
-=[ Advanced Information Security Corporation ]=-

Abstract
==========
During a security evaluation of the Digital Video Broadcasting for
Satellite-S2X (Extended) for UHD/4K compatible ecosystems; conducted
internally by the Advanced Information Security
Group, instances of insecure function use were observed, which could
lead to exploitation of these systems.

Introduction
==========
Ultra High Definition is rapidly growing into the next revolution of
virtual reality,
beyond HDTV. Ultra HD envisages to deliver a surreal cinematic
experience, to the next generation broadcasting world. Ultra High
Definition is a digital format that can process and deliver 4k and 8k
pixel resolution data.

The prolonged encoding rates operate on the basis of an equilibrated
analogy of up to 60 fps. Thus the higher the frame rates , the higher
are also the demands in data transfer technology.

High Bandwidth content utilize hybrid architectures and make use of
fiber optic technologies, cable networks, wireless architectures and
high powered DTH satellite broadcasting systems. DTH satellites
operate at higher frequency rates mostly at the Ka band or higher.

The Japanese Government was one of the first to practically implement
the UHD 4K System over satellite, in practice. In their experiment
prominent environmental predicaments concluded to modifications of
modulation methods due to rain attenuation issues. It is pertinent to
note, that however no security considerations were mentioned in their
experiment.

During an internal security evaluation of the extended version of
(DVB-S2X), multiple security predicaments were observed.

Review of DVB-S2X
================
The DVB-S2X is the extended version of DVB-S2 which was officially
presented by the DVB Consortium in 2014.

The new standard provides a number of technical enhancements for
support of DVB-S2X ecosystems; such as an improved and faster
modulation for the delivery of UHD Services. However during our
security evaluation no security considerations are made.

Therefore it is pertinent to note that the older versions of DVB/S2
and current DVB/S2X (Extended) do support a fully-fledged Internet
Protocol interoperation.

The DVB-S2X offers very-low carrier-to-noise and low-carrier to
interference ratios, below 10 â??db. (SNR) which makes it suitable for
professional , and military deployments.

Although, the following enhancements are made, no security
considerations are noted:

â?¢ Low roll off and smaller carrier spacing.
â?¢ Advanced Filtering technologies for bandwidth.
â?¢ Forward Error Correction Enhancements with added support for (64,
128, 256APSK) for professional and military applications, for extended
requirements, improved spectral efficiency and increased granularity.
â?¢ Bonding mechanisms for streams of TV data.
â?¢ Improvements for Optimal Modulation (MODCOD).
â?¢ A very low SNR MODCOD to support mobile architectures from land, sea
and air. Additional modulation enhancements have been provided in the
QPSK and BPSK range, in order to enhance atmospheric interference
protection mechanisms.
â?¢ The VLSNR MODCOD packet header was modified with the inclusion of a
PLH (Physical Layer header) and the addition of a significantly better
error correction coding system.
â?¢ Wideband Support for improved signal propagation.

During our evaluation it was asserted that the current composition of
DVB/S2x fails significantly to adhere to best practice and security
fundamentals.

There are no security controls entailed for the
provision of fundamental security services of Confidentiality,
Integrity, Availability,  Non-Repudiation and Data Origin
Authentication.

Although a two-way scrambling method is entailed,
that cannot substitute encryption.

This security issue stems from the lack of encryption of plain-text
information, as it is received by an L2 source, throughout the
encapsulation of information. Current implementations use Standard
Internet Security Protocols to bridge the gap.

The lightweight architecture of protocols such MPEG-2/MPEG-4, can be
subtle to overhead and service degradation;

This affects DVB-S2 and S2x compatible ecosystems that transmit
information using MPEG-2 over IP / MPEG-4 TS protocol over IP, which
makes them subtle to eavesdropping attacks.

Therefore this current composition of DVB/S2X fails to address the
inherent security gaps right at the core of the problem, during its
embryonic stages.

Security consideration should be made using a rather pedantic layered
approach to security.

Current designs of HEVC modulation (in DVB/S2X) lack fundamental
security services such as those of Confidentiality, Integrity,
Availability and Non-Repudiation.

It is pertinent to note that the DVB/S2x support for backward
compatibility, with MPEG-2 over IP is a feature that can be abused by
threat-actors.

Technological and market transformation from the DVB/S2 era to DVB-S2x will
be a lengthy process for manufacturers, and satellite service providers
alike.

The importance of confidentiality is paramount for the protection and
prevention of unauthorized access to private information.

A malicious attacker could take advantage of this lack of security
sevices, to passively wiretap bits of plain-text information.
HEVC fuzzing techniques can be used for the extraction of information that
may be contained in HEVC bit-stream structures and access units.

Attacks against 4K ecosystems
============================

Man-in the middle attacks

Repudiation Attacks

DoS attacks against the actual satellite ecosystem, while in orbit.

Replaying & Reordering attacks


MPEG-2 and H.264/MPEG-4 vulnerabilities
===================================

Thus in a MPEG-2 TS transmission, the network identifies the "TS"
logical channelS, and the PDU units received.

For instance a Transport Stream contains multiplexed data , multiple
packet sources entailing the payload from a number of PES data
streams.

The lack of integrity and data origin authentication in
encapsulated MPEG-2 Transport Stream packets over DVB-S2X , is subtle
to passive and active attacks.

Attacks that seek to fabricate, falsify, alter or delete information
are feasible due to the lightweight protocol characteristics.

Whilst current methodologies suggest that encryption can be provided
using standard Internet Security Protocols such as IPSEC, this only
bridges the gaps.

Another security problem arising from the lack of confidentiality and
integrity, is that the plain-text streams contain hardware MAC or NPA
addresses, of the participating L2 destinations.

Conclusion
============
However the Internet Protocol Security (IPSEC) provides advantageous
considerations in MPEG-2 over IP in satellite infrastructures, and
such as that of interoperability, it does also present a trade-off in
Quality of Service.

Satellite security over 4k broadcasting is reliant on standard
security protocols to address inherent security issues.

Citing an example, an IPsec security gateway in tunnel mode, would
reveal disadvantages in terms of network overhead and QoS.

ML-IPSEC
==========
ML-IPsec attempts to address the problems arising from the use of
IPsec, although the issue of mobility is presented, which creates a
plethora of other issues to service providers and users alike.

SSL Vulnerabilities
================
Ecosystems that make use of SSL , are prone to a variety of attacks.
In the light of recent issues, FREAK SSL/TLS, BEAST, Heart Bleed, DoS
attacks (NULL pointer dereference / memory exhaustion) are some of the
vulnerabilities affecting SSL implementations.

References
============
US CERT, (2015). FREAK-SSL Vulnerability. [online] Available at:
https://www.us-cert.gov/ncas/current.../FREAK-SSLTLS-Vulnerability
[Accessed 23 Apr. 2015].

DVB Consortium, (2015). DVB-S2X. [online] Available at:
http://www.dvb.org/resources/public/standards/a83-2_dvb-s2x_den302307-2.pdf
[Accessed 23 Apr. 2015].

Securityfocus Website, (2015). OpenSSL Advisory.. [online] Available
at: http://www.securityfocus.com/archive/1/535167 [Accessed 23 Apr.
2015].

Us-cert.gov, (2015). OpenSSL 'Heartbleed' vulnerability
(CVE-2014-0160) | US-CERT. [online] Available at:
https://www.us-cert.gov/ncas/alerts/TA14-098A [Accessed 23 Apr. 2015].

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ