Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.6.1505

A Vulnerability Analysis of Paid Live Streaming Services Using Their Android Applications  

Choi, Hyunjae (Sungkyunkwan University)
Kim, Hyoungshick (Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.6, 2016 , pp. 1505-1511 More about this Journal
Abstract
Live streaming is a method to provide media service by sending recoded media to a user's video player. In order to provide video and audio contents in real-time for a large number of users simultaneously, live streaming compatible protocols such as RTMP (Real Time Messaging Protocol), HLS (Http Live Streaming), are required. In this paper, we analyzed vulnerability of paid live streaming services with the captured packets from the applications used by six major OTT (over-the-top) companies in Korea supporting live streaming services. We found that streaming channels were not encrypted and access control mechanisms were not properly used. Thus, guest users can freely use paid live streaming services.
Keywords
Live Streaming; HLS; OTT; Premium channel; vulnerability;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Gi-man Seo, "OTT Understanding and prospects of service," Broadcasting and Media Magazine, 16(1), pp. 91-101, Mar. 2011
2 Etoday News, "http://www.etoday.co.kr/news/section/newsview.php?idxno=1321277," Apr. 2016
3 Parmar H and M. Thornburgh, "Adobe's Real Time Messaging Protocol," Copyright Adobe Systems Incorporated, Dec. 2012.
4 Modi Darshan, "Quality Control in Video Streaming," International Research Journal of Engineering and Technology, vol. 2, pp. 1228-1231, Sep. 2015.
5 Pantos, R and W. May, "HTTP Live Streaming draft-pantos-http-live-streaming-05," Published by the Internet Engineering Task Force, Nov. 2010.
6 Ma, Kevin J and Radim Bartos, "HTTP live streaming bandwidth management using intelligent segment selection," Global Telecommunications Conference, pp. 1-5, Jan. 2011.
7 Riegel, Brian M and James S. Sherry, "Token-based security for links to media streams," U.S. Patent No. 8,640,229, Jan. 2014.
8 Dierks, Tim, and Christopher Allen. "The TLS protocol version 1.0," Published by the Internet Engineering Task Force, Jan. 1999.
9 bitShark, "https://play.google.com/store/apps/details?id=blake.hamilton.bitshark"
10 WireShark, "https://www.wireshark.org"
11 Fiddler, "http://www.telerik.com/fiddler"