[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Yen Ming Chen (Senior Managing Consultant, Foundstone - A division of McAfee Inc.)

Filed under: Main Page — Administrator @ 10:41 am

May 19, 2006

Presentation Title: Triple Play; Triple Threat? — IPTV Security
Presentation Details:

The “Triple-play” strategy (Data, Voice and Video) is set to enable Telecoms to increase their Average Revenue per Unit (ARPU) and revolutionize current home entertainment. IPTV generated revenue is expected to have 102% CAGR from year 2004 – 2010. While security issues in Data and Voice of the “Triple-Play” strategy have been examined in details, not much has been done in the IPTV field. In this presentation, we will look at IPTV’s advantages in business, architecture, threats and some of the vulnerabilities that have been seen on the field. The IPTV architecture comprise of the Content Source, Head-End, Delivery and Management network and Consumer Home network. Current security threats (malicious attackers, worms or disasters) could stop the Telecoms from making profit or even losing money. The presentation will present some real-life weaknesses and vulnerabilities and provide countermeasures for Telecoms.

Triple Play Strategy
	Data
	Voice
	IPTV
Known Security Problems
	Data
	Voice
New Addition: IPTV
	Architecture
		Content Source
		Head-End
		Delivery and Management network
		Home network
IPTV Risk Analysis
	Privacy
	Confidentiality
	Integrity
	Availability
	Interoperability
IPTV Vulnerabilities
	Home network
		Set-Top Box
			How to steal your neighbor’s subscription
		Home gateway
	Delivery and Management network
		Access Control List
		IGMP/Multicast
		Infrastructure Weakness
	Head-End
		Buffer Overflow
		Other Issues
	Content Source
		Unencrypted content storage
		DRM
Countermeasures
	People
	Process
	Technology
Conclusion
Q & A

About Yen Ming

Yen-Ming leads Foundstone consultants to provide strategic security consulting services to Global 2000 clients. With almost a decade of experience in business development, IT and security, Yen-Ming brings extensive knowledge in both business and technology to his clients. Yen-Ming established the Asian Pacific branch in Singapore for Foundstone and has been instrumental in growing business for Foundstone in APAC. He has performed security assessments for security technologies (ISA server, firewall, and other security products), business applications (financial applications, CRM, and Tax software) and other technologies (multi-functional office equipments and IPTV). He contributed to Four books and numerous articles published on SecurityFocus and other magazines. He’s frequent speaker for conferences like CSI, MISTI and others. He served as a Lead Instructor for Foundstone’s Ultimate Hacking series classes. Before joining Foundstone, Yen-Ming worked at Carnegie Mellon University and he created the first intrusion detection system appliance prototype using PicoBSD and Snort. He also wrote the first intrusion detection log correlation and analysis program, snort-stat, for Snort. Yen-Ming held a MS in Information Networking from Carnegie Mellon University and a BS in Mathematics from National Central University.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors


Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner


Internet Bandwidth Sponsor


AIMS - Malaysia's Telecommunications Hub

Official Hotel


Westin Kuala Lumpur

CTF Sponsor


Ascendsys

CTF Prize Sponsor


Scan Associates Berhad.


Our Speakers Are Supported By:


Bellua Asia Pacific


Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


HERT


ISECOM - Insititue for Security and Open Methodologies


IT Underground


Chaos Computer Club (Germany)


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


SyScan


Special Interest Group in Security & Information InteGrity Singapore