OTT Streaming Threat Model
Working Group:
In Collaboration With:
Project Status:
Write
The working group is currently writing the document. This is a collaborative approach using Google Docs.
Start:
September 23, 2024
Target End:
September 30, 2025
Problem Statement
This project will create a document which lists the major security threats to OTT streaming services, providing a detailed description of each threat and the methods used by pirates. The document will describe the common vulnerabilities used to gain unauthorized access to services, or to extract content from services.
Project Description
This project will create a document which lists the major security threats to OTT streaming services, providing a detailed description of each threat and the methods used by pirates. OTT streaming services are under constant attack from many directions – everyone from frustrated users seeking to reduce their costs to sophisticated criminal enterprises. This document will attempt to uncover the most significant threats to today’s OTT services.
The document will cover two main categories of threats:
- Service Threats – Unauthorized access to or modification of the OTT streaming service. This will include everything from ad-blocking to password sharing to CDN leeching.
- Content Threats – Unauthorized extraction of content from an OTT streaming service. This will include everything from screen recording to DRM removal.
Draft Documents
(DRAFT) SVTA1075: OTT Streaming Threat Model
This project will create a document which lists the major security threats to OTT streaming services, providing a detailed description of each threat and the methods used by pirates. The document will describe the common vulnerabilities used to gain unauthorized access to services, or to extract content from services.
Goals and Objectives
The objective of this document is to:
- Provide a list of the major security threats to OTT streaming services.
- For each threat, we will describe:
- The type of content most at risk (e.g. live sports, PVOD, 4K).
- The level of skill required by an attacker (e.g. unskilled consumer, skilled consumer, casual pirate, skilled pirate).
- How an attacker uses underlying vulnerabilities to enable their attack.
- Potential impact of the attack.
- We will provide a list of the common vulnerabilities. For each we will:
- Provide an indication of the risk and impact.
- Decision to make the paper private or public will be discussed as the paper comes together
Project Scope
The document WILL:
- Cover major threats specific to OTT streaming services that are known today.
- Describe each threat and the vulnerabilities used by the pirates to enable an attack.
- Cover all threats (this is impractical).
- Cover threats related to general IT security (e.g. ransomware, DDOS, etc)
- Provide solutions to these issues.
- Identify specific vendors or products which are vulnerable.
Contributors
The following members have contributed to this project. Click on their name to visit their profile. If they have not published their profile, the link will redirect to their LinkedIn profile.
Additional References
- Draft: OTT Streaming CDN Security Best Practice
- SVTA5056: OTT Streaming Security Checklist (March 28, 2024)
- SVTA5019: Securing Streaming Video (December 14, 2020)
- SVTA5009: Forensic Watermarking Implementation Considerations for Streaming Media (July 19, 2018)
- SVTA5054: Securing Media Players (July 11, 2023)