4k Satellite Security Research DVB-S2X Standard Evaluation Notes

2015.04.23
Credit: NicholasL
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Author: Nicholas Lemonias Advisory Date: 23/4/2015 4k Satellite Security Research - DVB-S2X Standard Evaluation Notes # . . . . . . . # . . . . . ______ # . . . //////// # . . ________ . . ///////// . . # . |.____. /\ .///////// . # . .// \/ |\ ///////// # . . .// \ | \ ///////// . . . # ||. . .| | ///////// . . # . . || | |//`,///// . # . \\ ./ // / \/ . # . \\.___./ //\` ' ,_\ . . # . . \ //////\ , / \ . . # . ///////// \| ' | . # . . ///////// . \ _ / . # ///////// . # . .///////// . . # . -------- . .. . # . . . . . # ________________________ # ____________------------ -------------_________ -=[ Advanced Information Security Corporation ]=- Abstract ========== During a security evaluation of the Digital Video Broadcasting for Satellite-S2X (Extended) for UHD/4K compatible ecosystems; conducted internally by the Advanced Information Security Group, instances of insecure function use were observed, which could lead to exploitation of these systems. Introduction ========== Ultra High Definition is rapidly growing into the next revolution of virtual reality, beyond HDTV. Ultra HD envisages to deliver a surreal cinematic experience, to the next generation broadcasting world. Ultra High Definition is a digital format that can process and deliver 4k and 8k pixel resolution data. The prolonged encoding rates operate on the basis of an equilibrated analogy of up to 60 fps. Thus the higher the frame rates , the higher are also the demands in data transfer technology. High Bandwidth content utilize hybrid architectures and make use of fiber optic technologies, cable networks, wireless architectures and high powered DTH satellite broadcasting systems. DTH satellites operate at higher frequency rates mostly at the Ka band or higher. The Japanese Government was one of the first to practically implement the UHD 4K System over satellite, in practice. In their experiment prominent environmental predicaments concluded to modifications of modulation methods due to rain attenuation issues. It is pertinent to note, that however no security considerations were mentioned in their experiment. During an internal security evaluation of the extended version of (DVB-S2X), multiple security predicaments were observed. Review of DVB-S2X ================ The DVB-S2X is the extended version of DVB-S2 which was officially presented by the DVB Consortium in 2014. The new standard provides a number of technical enhancements for support of DVB-S2X ecosystems; such as an improvised and faster modulation for the delivery of UHD Services, however during our security evaluation no security considerations are made. Therefore it is pertinent to note that the older versions of DVB/S2 and current DVB/S2X (Extended) do support a fully-fledged Internet Protocol interoperation. The DVB-S2X offers very-low carrier-to-noise and low-carrier to interference ratios, below 10 â??db. (SNR) which makes it suitable for professional and even military deployments. Although, the following enhancements are made: Low roll off and smaller carrier spacing. Advanced Filtering technologies for bandwidth. Forward Error Correction Enhancements with added support for (64, 128, 256APSK) for professional and military applications, for extended requirements, improved spectral efficiency and increased granularity. Bonding mechanisms for streams of TV data. Improvements for Optimal Modulation (MODCOD). A very low SNR MODCOD to support mobile architectures from land, sea and air. Additional modulation enhancements have been provided in the QPSK and BPSK range, in order to enhance atmospheric interference protection mechanisms. The VLSNR MODCOD packet header was modified with the inclusion of a PLH (Physical Layer header) and the addition of a significantly better error correction coding system. Wideband Support for improved signal propagation. During our evaluation it was asserted that the current composition of DVB/S2x fails significantly to adhere to best practice and security fundamentals. There are no security controls entailed for the provision of fundamental security services of Confidentiality, Integrity, Availability, (Non-Repudiation and Data Origin Authentication). Although a two-way scrambling method is entailed, that cannot substitute encryption. This security issue stems from the lack of encryption of plain-text information, as it is received by an L2 source, throughout the encapsulation of information. Current implementations use Standard Internet Security Protocols to bridge the gap. The lightweight architecture of protocols such MPEG-2/MPEG-4, can be subtle to overhead and service degradation; This affects DVB-S2 and S2x compatible ecosystems that transmit information using MPEG-2 over IP / MPEG-4 TS protocol over IP, which make them subtle to eavesdropping attacks. The DVB/S2 and DVB/S2X supports a fully-fledged IP interoperation. Therefore this current composition of DVB/S2X fails to address the inherent security instances at the core of the problem, during its embryonic stages. Security consideration should be made using a rather pedantic layered approach to security. Current designs of HEVC modulation (in DVB/S2X) lack fundamental security services such as those of Confidentiality, Integrity, Availability and Non-Repudiation. It is pertinent to note that the DVB/S2x support for backward compatibility, with MPEG-2 over IP which can be abused by threat-actors. Technological and market transformation from DVB/S2 to DVB-S2x is a lengthy process for manufacturers and satellite service providers alike. 4The importance of confidentiality is paramount for the protection and prevention of unauthorized access to private information. A malicious attacker could take advantage of this lack of security services, to passively wiretap bits of plain-text information. HEVC Fuzzing techniques can be used for the extraction of information that may be contained in HEVC bit-stream structures and access units. Attacks against 4K ecosystems ============================ Man-in the middle attacks Repudiation Attacks Denial of Service attacks against the actual satellite ecosystem (while in orbit) Replaying & Reordering attacks MPEG-2 and H.264/MPEG-4 vulnerabilities =================================== Thus in a MPEG-2 â?? TS transmission, the network identifies the â??TS logical channel, and the PDU units received. For instance a Transport Stream contains multiplexed data , multiple packet sources, entailing the payload from a number of PES data streams. This lack of integrity and data origin authentication in the encapsulated MPEG-2 Transport Stream packets over DVB-S2X can be problematic. Attacks that seek to fabricate, falsify, alter or delete information are feasible due to the lightweight protocol characteristics. Whilst current methodologies suggest that encryption can be provided using standard Internet Security Protocols such as IPSEC, this only bridges the gaps. Another security problem arising from the lack of confidentiality and integrity, is that the plain-text streams contain hardware MAC or NPA addresses of the participating L2 destination. Conclusion ============ However the Internet Protocol Security (IPSEC) provides advantageous considerations in MPEG-2 over IP in satellite infrastructures, and such are: interoperability; it does also present a trade-off between Quality of Service. Satellite security over 4k broadcasting is reliant on standard security protocols to address inherent security issues. Citing an example, an IPsec security gateway in tunnel mode, would reveal disadvantages in terms of network overhead and QoS. ML-IPSEC ========== ML-IPsec attempts to address the problems arising from the use of IPsec, although the issue of mobility is presented, which creates a plethora of other issues to service providers and users alike. SSL Vulnerabilities ================ Ecosystems that make use of SSL , are prone to a variety of attacks. In the light of recent issues; FREAK SSL/TLS, BEAST, Heart Bleed, DoS attacks (NULL pointer dereference / memory exhaustion) are some of the vulnerabilities affecting SSL implementations. References ============ US CERT, (2015). FREAK-SSL Vulnerability. [online] Available at: https://www.us-cert.gov/ncas/current.../FREAK-SSLTLS-Vulnerability [Accessed 23 Apr. 2015]. DVB Consortium, (2015). DVB-S2X. [online] Available at: http://www.dvb.org/resources/public/standards/a83-2_dvb-s2x_den302307-2.pdf [Accessed 23 Apr. 2015]. Securityfocus Website, (2015). OpenSSL Advisory.. [online] Available at: http://www.securityfocus.com/archive/1/535167 [Accessed 23 Apr. 2015]. Us-cert.gov, (2015). OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160) | US-CERT. [online] Available at: https://www.us-cert.gov/ncas/alerts/TA14-098A [Accessed 23 Apr. 2015].


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top