Security analysis of multimedia communication protocols in traditional and emerging models

Date

2015

Authors

Tekeoglu, Ali

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Multimedia Streaming has been increasingly popular during the last two decades parallel to advancements in the internet infrastructure; such as increase in bandwidth, availability and multimedia compression technology. Creating and accessing multimedia content over the internet became ubiquitous with the rise of interest in mobile devices. Better compression standards to provide higher resolution and new streaming protocols for more efficient transmission of the multimedia content to end users have been developed. On the other hand, security and privacy issues arose each time a new technology, architecture or protocol is introduced, thus security and privacy implications need to be studied in order prevent malicious usage. In this dissertation, we have investigated the security and privacy of multimedia streaming in different models using a proposed security analysis framework. Our framework comprises of three steps in which we setup a network testbed, design and run specific experiments and analyze the results to identify problems and propose solutions. First, the security analysis framework is applied to a traditional Client-Proxy-Server streaming architecture, in which a streaming client requests multimedia content from a streaming server via proxy server. We proposed a practical and efficient solution to the problem of counting number of active nodes behind a network address translation device, which we encountered in our previous work. Next, we explored the security and privacy issues in emerging multimedia streaming architectures following our security analysis framework. Android based HDMI sticks such as; Chromecast from Google, Amazon's FireTV Stick and Roku's Streaming Stick became quite popular in local-home networks, however the security implications of these devices have not been studied before. Finally, same analysis framework is applied to study the security and privacy issues related to cloud based wireless IP Cameras. These cameras makes it easier to access multimedia stream from anywhere on the internet, however there are multiple security and privacy issues. A Streaming Server is vulnerable to Denial of Service (DoS) attack when a client exploits the RTSP protocol to keep the connection with the server alive for an extended period of time. We have demonstrated the attack against different open source streaming servers and showed that its possible to bring down a server and disrupt the quality of service to other legitimate users. We have proposed a method to discover malicious clients when they abuse the system, and to allocate each legitimate client reasonable bandwidth. While implementing this approach, we have came across to the problem of not being able to tell how many clients are online behind a Network Address Translation (NAT) device. It is required to know number of clients behind an IP address, in order to allocate appropriate bandwidth to a set of machines using the same IP address of a NAT device. For this reason, we have presented an approach to determine approximately the number of active nodes behind a NAT device and evaluated it in real and simulated networks. With the recent wide-spread use of Internet-of-Things (IoT) devices that stream multimedia over the internet with cloud infrastructure support, HDMI Sticks and IP Cameras become popular. HDMI Sticks turn a traditional TV or a simple LCD screen into a smart screen. With embedded wireless cards, they integrate into a home-network and stream multimedia content from the cloud. These devices are controlled with a smaller screen device such as a tablet or a mobile phone with the help of a mobile app. In an experimental network test-bed, we have captured and inspected the network communications between the controller device, HDMI stick and the cloud multimedia content servers. Our findings bring out privacy and security issues with these multimedia streaming IoT devices such as; several open-ports, servers on these ports running vulnerable versions, possible DoS attacks on the ports, local DoS attacks on the mobile apps utilizing the protocols used etc. Similarly, in the recent years, decreased cost of cloud storage and increased available bandwidth for home-network users enabled wireless IP Cameras that are backed with cloud video recording. Instead of storing the recorded multimedia locally, the captured multimedia is streamed to a third-party cloud storage, and hosted there. The benefits include on-demand surveillance from anywhere on the world over the internet, ease of setup and use. However, the multimedia content is not always secure on the cloud while in transit and at rest. Our test-bed evaluated two popular devices; NetCam from Belkin and DropCam from Nest and experimental results find several privacy and security issues with these devices. Specifically, unencrypted multimedia streams, usage of vulnerable versions of SSL/TLS, open ports and default login credentials, raise concerns.

Description

This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.

Keywords

Cybersecurity, IoT Security, Multimedia Security, Multimedia Streaming Protocols, Network Security, Security and Privacy

Citation

Department

Computer Science