Presentation Title

Security for Professional Media Over Managed IP Networks

Thomas Bause Mason (SMPTE)Director of Standards Development

dir.standards@smpte.org

Presentation Title

The Threat

Presentation Title

The Threat

“According to Microsoft, the potential cost of cyber-crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.”

Presentation Title

The Threat

Break it Steal it Alter it

Presentation Title

Threat Agents

Sophistication

Individual Group

Corporation

State

Presentation Title

Threat Agents

“Malware, which includes viruses and other software intended to disrupt computer users, is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” wrote the analysts, who scoured dozens of sites on the dark web over the past eight months.”

Presentation Title

Threat Vectors

• Backdoor• Denial-of-service attacks (DOS)• Direct-access attacks• Eavesdropping• Multivector, polymorphic attacks• Phishing• Privilege escalation• Social engineering• Spoofing (Email, IP address, MAC, Biometric)• Tampering

Presentation Title

Media Security Efforts

MPAA Content ProtectionGuidelines

Presentation Title

Follow IT Best Practices

• Implement a Formal IS Governance Approach• Stop Data Loss• Detect Insider Threat• Back Up Data• Beware of Social Engineering• Educate and Train Your Users• Outline Clear Use Policies for New Employees and 3rd Parties• Update Software and Systems• Create an Incident Response Playbook• Maintain Compliance

Presentation Title

Vulnerability Exploit (Sony)

2 to 12 months of unauthorized access

47,000 unique Social Security numbers leaked

Employees medical information leaked

30,000 documents leaked on Wikileaks

Vulnerability exploit with worm (100 TB)

$15 Millions in costs

Presentation Title

API Exploit (USPS)

60 Million Users impacted

Client

Client

Client

API USPS.com UserData

Weak Access Control

Client

Presentation Title

Why Security in Broadcast?

SpecializedHardware

SDI

Commercial off the Shelf

(COTS)

IPAgility Flexibility

Scalability

Live Broadcast Infrastructure

Cost Savings

Presentation Title

Security Concerns in Media over IP?

Serial Digital Interface

Specialized System

Walled Garden

IP Networks

Commodity Hardware

Open Architecture

Separate Networks Separate Networks

SDI IP

Presentation Title

Security Challenge

Off-PremiseData Center

(Shared Resources)

Fiber (e.g. 40/100GigE)

TV Studio A(East Coast)

On-PremiseData Center

TV Studio B(East Coast)

TV Studio C(West Coast)

TV Studio D(West Coast)

On-PremiseData Center

3rd Party

Presentation Title

SMPTE’s IP Efforts

SMPTE ST 2022: Contribution Link

SMPTE ST 2110: TV Studio

SMPTE ST 2059: Synchronization (PTP)

Presentation Title

PTP Overview

GrandMaster

Slave

Slave

Slave

Ordinary Clock Ordinary ClockBoundary Clock

Switch

Presentation Title

SMPTE ST 2110

IP Connection

Tx

Rx

* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet

Media

Audio Packet

Video Packet

Rx

Rx

Grand Master*

Switch

Presentation Title

SMPTE ST 2110 (GM Disabled)

IP Connection

Tx

Rx

* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet

Media

Audio Packet

Video Packet

Rx

Rx

Grand Master*

Switch

Presentation Title

SMPTE ST 2110 (Rough Grand Master)

IP Connection

Tx

Rx

* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet

Media

Audio Packet

Video Packet

Rx

Rx

Grand Master*

Switch

GM*

Presentation Title

SMPTE ST 2110 (Router Overload)

IP Connection

Tx

Rx

* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet

Media

Audio Packet

Video Packet

Rx

Rx

Grand Master*

Switch

GM

Presentation Title

EBU Security Efforts

https://tech.ebu.ch/docs/r/r148.pdf

Media Cyber Security

Group

Presentation Title

Joint Taskforce on Networked Media (JT-NM)

Help manage IP transition

Collect user requirements

Identify gaps in technology

Recommend best practices

JT-NM

EBU

SMPTE

AMWA

VSF

NABA

AES

IABM

AIMS

JT-NM

EBU

SMPTE

AMWA

VSF

Coordinate Industry Activities

Presentation Title

JT-NM Security Recommendations

Keep it simple

Focus on low hanging fruit

Call to JT-NM members for API Security

Call to JT-NM members for PTP Security

Recommendation on Vulnerability Scanning

Presentation Title

JT-NM Vulnerability Scanning

IBC IP Showcase Network(50 IP Systems)

OpenVASClient

Methodology Tools

Overall Approach

http://vsf.tv/events_archive/2018-09_IBC2018.shtml

Presentation Title

SMPTE Study Group on Security in SMPTE ST 2059

Harden PTP infrastructure

Harden network against PTP attacks

Prevent overloading router ports

Prevent power down and power up

Network design recommendations

Test and detection methods

Presentation Title

dir.standards@smpte.org