Developing a PP(Protection Profile) for Smart TV @ ICCC 2014 (International Common Criteria Conference), which is a major conference for the community of experts involved in security evaluation (September 9, 2014)

1. Developing a PP for Smart TV
Security Analysis aNd Evaluation(SANE) Lab.
ICCC 2014
Minsu Park*, Heesoo Kang, Jaeki Kim, Seungjin Lee, Seungjoo Kim**
minsoon2@korea.ac.kr, kukulux@gmail.com, jack2@korea.ac.kr, beist@grayhash.com, skim71@korea.ac.kr CIST (Center for Information Security Technologies), Korea University *1st Author, **Corresponding Author

2. 2
Author
Minsu Park
E-mail : minsoon2@korea.ac.kr
Facebook : @bucktae
Minsu Park received his B.S degree in Computer Network from Silla University of Korea, in 2010 and also received his M.S degree in Information Security from Korea University of Korea, in 2013. He is currently working toward the Ph.D. degree in In-formation Security, Korea University, Korea. His research interests include Information Assurance, IoT Security, Digital Forensic and Usable Security.

3. 3
Author
Heesoo Kang
E-mail : kukulux@gmail.com
Facebook : @kukulux
Heesoo Kang received his B.S. (2013) in computer science from Chung Ang University in Korea. Now he is enroll in the M.S. at Korea University. His research interests include smart device security, security evaluation, and mobile security.
Jaeki Kim
E-mail : jack2@korea.ac.kr
Facebook : @2runjack2
Jaeki Kim received his B.S. (2013) in Computer Engineering from Hanyang University ERICA in Korea. and, He served as Security Technology Team of the INetCop for 1 years. also, He participated a program for the training next-generation's best IT security leaders, called 'Best of the Best' 2nd (2013). His research interests include Android Security and Embedded devices Security. He is now a graduate student at CIST SANE LAB, Korea University.

4. 4
Author
SeungJin Lee
E-mail : beist@grayhash.com
Twitter : @beist
Facebook : @beistlab
SeungJin Lee has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does consulting for big companies in Korea and is now a graduate student at CIST SANE LAB, Korea University.

5. 5
Author
Seungjoo Kim
E-mail : skim71@korea.ac.kr
Homepage : www.kimlab.net
Facebook, Twitter : @skim71
Prof. Seungjoo Kim received his B.S., M.S. and Ph.D. from Sungkyunkwan University (SKKU) of Korea, in 1994, 1996 and 1999, respectively. Prior to joining the faculty at Korea University (KU) in 2011, He served as Assistant & Associate Professor at SKKU for 7 years. Before that, He served as Director of the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team of the Korea Internet & Security Agency (KISA) for 5 years. He is currently a Professor in the Graduate School of Information Security Technologies (CIST). Also, He is a Founder and Advisory director of a hacker group, HARU and an international security & hacking conference, SECUINSIDE. Prof. Seungjoo Kim’s research interests are mainly on cryptography, Cyber Physical Security, IoT Security, and HCI Security. He is a corresponding author.

6. 6
Acknowledgement
This work was supported by the ICT R&D program of MSIP/IITP. [2014(10043959), Development of EAL4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices]

7. 7
Contents
Smart TV
Smart TV Security
TOE
Smart TV Threat Analysis
Smart TV SFR
Conclusion
Reference

8. 8
Smart TV
Television set with integrated Internet capabilities

9. 9
Smart TV
Property
IPTV
Smart TV
Transmission
Media
Premium networks
General Internet
QoS
(Quality of Service)
Guarantee
Difficult to guarantee
Real-time broadcasting
O
O
Web Surfing
△
O
Type
Closed
Open
Smart TV is different to existing TV

10. 10
Smart TV
Lots of H/W devices. (Network Device, CPU, ETC)
Act like Computer

11. 11
Smart TV Security
Several vulnerabilities are found.
Unencrypted
Network packet
Malicious
Media file
Browser
Vulnerability
Private data
leakage
Remote-control App
Daemon
Kernel Vulnerability

12. 12
Smart TV Security
But, How to check security assessment ?
?

13. 13
Smart TV Security
So, We need to make security assessment.
!

14. 14
TOE
SMART TV
TOE

15. 15
Smart TV Threat Analysis
Title
Jounal / Conference
Author
Smart TV Hacking: Crash Testing Your Home Entertainment
Codenomicon
Technical report (2012)
R Kuipers, E Starck,
H Heikkinen
SmartTV Security - For Fun and NonProfit
TrustWave (2012)
Joaquim Espinhara,
Ulisses Albuquerque
Hacking, surveilling and deceiving victims on Smart TV
Blackhat USA (2013)
SeungJin Lee,
Seungjoo Kim
Smart TV Hacking (Research Project 1)
University of Amsterdam (2013)
Nikos Sidiropoulos,
Periklis Stefopoulos
HOW HACKERS ARE OUTSMARTING SMART TV’S AND WHY IT
MATTERS TO YOU
RSA Conference EUROPE (2013)
Raimund Genes
The Outer Limits: Hacking A Smart TV
Toorcon 15 (2013)
Aaron Grattafiori
Watch and be Watched: Compromising All Smart TV Generations
CCNC. IEEE. (2014)
B Michéle, A Karpow
Approach of Secure Smart-TV authentication using extended API
Life Science Journal 11.7s ( 2014)
JK Moon, JM Kim,
BH Hong
Forensic analysis of smart TV: A current issue and call to arms
Digital Investigation
Sutherland, Iain,
Huw Read,
Konstantinos Xynos
A Review of Smart TV Forensics: Present State & Future Challenges
DIPECC2013
Al Falayleh, Mousa
Study on smart TV Forensics
KIISC
Heesoo Kang,
Minsu Park,
Seungjoo Kim
Related Works

16. 16
Smart TV Threat Analysis
CVE Database
Latest Threats
from Papers, Articles, Blog
SDK
H/W
OS

17. 17
Smart TV Threat Analysis
CVE Database
1
3
2
127
908
43
Latest Threats from Papers, Articles, Blog
SDK (129)
Smart TV Vulnerabilities
OS (911)
H/W (44)

18. 18
Smart TV Threat Analysis
TOE
Threats
CVE
SDK
T.UNAUTHORIZED_APP
T.UNAUTHORIZED_UPDATE
129
OS
T.NETWORK_EAVESDROP
T.NETWORK_ATTACK
T.PERSISTENT_ACCESS
T.UNAUTHORIZED_UPDATE
T.PUBLIC_DATA_ACCESS
T.PRIVATE_DATA_ACCESS
911
H/W
T.PHYSICAL_ATTACK
44

19. 19
Smart TV Threat Analysis

20. 20
Property
Smart TV
Smart phone
Laptop
Similar to Computer
O
O
O
Store
private data
O
O
O
Support SDK & User Application
O
O
X
Contain Network Module
O
△ (not support Ethernet)
O
External Input
O
O
O
Smart TV SFR
And Smart TV use web platform.
Smart TV is similar to Smart phone, Laptop

21. 21
Mobile Device PP
Web Browser PP
Laptop PP
Consider following protection profiles.
Smart TV SFR

22. 22
Mobile Device PP
Web Browser PP
Laptop PP
Smart TV SFR
We couldn’t find Laptop PP.

23. 23
Smart TV SFR
SDK (129)
Smart TV Vulnerabilities
OS (911)
H/W (44)
0
249
0
67
627
10
Mobile Device PP
Web Browser PP

24. 24
Smart TV SFR
65%
23%
Mobile Device PP
Web Browser PP
Smart TV vulnerabilities
Mobile Device PP can remove 65% of Smart TV CVE.
Web Browser PP can remove 23% of Smart TV CVE.

25. 25
Smart TV SFR
Category
Explanation
Permission
CVEs caused by improper permission check.
Improper Data
CVEs caused by garbage, malicious data, Etc.
DoS
CVEs caused by excessive request.
Error Handling
CVEs caused by mishandled error.
Resource Management
CVEs caused by memory consumption, deadlock, ETC.
Buffer Overflow
CVEs caused by Buffer Overflow attack.
Crafted App
CVEs caused by crafted application
Sensitive Data disclosure
CVEs caused by insufficient protection for sensitive data
Authentication
CVEs caused by weak authentication mechanism
Arbitrary Code
CVEs caused by arbitrary code from remote attacker

26. 26
Smart TV SFR
Web Browser PP
Mobile Device PP
Smart TV vulnerabilities
DoS
Crafted App
Buffer Overflow
Sensitive data disclosure
Authentication
Arbitrary code
Error handling
Resource Management
Improper Data
Permission

27. 27
Smart TV SFR
TOE
Threats
SFR
SDK
T.UNAUTHORIZED_APP
T.UNAUTHORIZED_UPDATE
FAU_GEN.1, FAU_SEL.1, FAU_STG_EXT.1, FPT_AEX_EXT.2, FPT_AEX_EXT.3, FPT_AEX_EXT.4, FPT_BBD_EXT.1…
OS
T.NETWORK_EAVESDROP
T.NETWORK_ATTACK
T.PERSISTENT_ACCESS
T.UNAUTHORIZED_UPDATE
T.PUBLIC_DATA_ACCESS
T.PRIVATE_DATA_ACCESS
FPT_AEX_EXT.2, FPT_AEX_EXT.3, FPT_AEX_EXT.4, FPT_BBD_EXT.1,
FCS_CKM_EXT.1, FCS_CKM_EXT.2, FCS_CKM_EXT.3, FCS_CKM_EXT.4, FCS_DTLS_EXT.1, FCS_HTTPS_EXT.1,
FMT_MOF.1(*), FMT_POL_EXT.1, FMT_SMF.1, FMT_SMF_EXT.1, FRU_RSA.1, FDP_IFC.1, FPT_FLS.1, FMT_MTD.1, FMT_MTD.2…
H/W
T.PHYSICAL_ATTACK
FTP_ITC_EXT.1, FAU_STG_EXT.1..

28. 28
Smart TV SFR

29. 29
Conclusion
Previous PP can not solve to Smart TV Security
So Smart TV need extended SFR to remove all of the CVE
In the Future, we will research about Protection Profile for various Smart CE

30. 30
Thank you
minsoon2@korea.ac.kr

31. 31
Reference
1.Kuipers, Rikke, Eeva Starck, and Hannu Heikkinen. "Smart TV Hacking: Crash Testing Your Home Entertainment." http://www.codenomicon.com/resources/whitepapers/codenomicon-wp-smart-tv-fuzzing.pdf, 2012.
2.Joaquim Espinhara, Ulisses Albuquerque jespinhara. "SmartTV Security for Fun & Non-Profit." Silver Bullet 2012.
3.SeungJin Lee, Seungjoo Kim. "Hacking, surveilling and deceiving victims on Smart TV." Blackhat USA 2013.
4.Nikos Sidiropoulos, Periklis Stefopoulos. "Smart TV Hacking (Research Project 1)." University of Amsterdam, 2013.
5.Raimund Genes. "HOW HACKERS ARE OUTSMARTING SMART TV’S AND WHY IT MATTERS TO YOU", RSA Conference EUROPE, 2013.
6.Grattafiori. "The Outer Limits: Hacking A Smart TV." Toorcon 15, 2013.
7.Michéle. Benjamin, and Andrew Karpow. "Watch and be Watched: Compromising All Smart TV Generations." Proceedings of the 11th Consumer Communications Networking Conference (to appear), CCNC. IEEE. 2014.
8.Moon, Jeong-Kyung, Jin-Mook Kim, and Bong-Hwa Hong. "Approach of Secure Smart TV authentication using extended API." Life Science Journal 11.7s, 2014.
9.Sutherland, Iain, Huw Read, and Konstantinos Xynos. "Forensic analysis of smart TV: A current issue and call to arms." Digital Investigation 2014.
10.Al Falayleh, Mousa. "A Review of Smart TV Forensics: Present State & Future Challenges." The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC2013). The Society of Digital Information and Wireless Communication, 2013.
11.Common Criteria Recognition Arrangement, "Common Criteria for Information Technology Security Evaluation Version 3.1 Revision 4", Sep. 2012.
12.Protection Profile for Mobile Device Fundamentals. Version 1.1, 2014.
13.Protection Profile for Web Browsers. Version 1.0, 2014.
14.CVE - Common Vulnerabilities and Exposures (CVE) Web page, https://cve.mitre.org.
15.CVE security vulnerability database. Security vulnerabilities datasource Web page, http://www.cvedetails.com.