1 / 19

An Analysis of RTSP Security

An Analysis of RTSP Security. By Verve Group: Ogie Igiekhume Abhishek Jain Ramu Denduluri. Agenda. Streaming Streaming Architecture Streaming Protocols RTSP Protocol Overview RTSP Security Conclusion Questions. Streaming.

varick
Télécharger la présentation

An Analysis of RTSP Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Analysis of RTSP Security By Verve Group: Ogie Igiekhume Abhishek Jain Ramu Denduluri

  2. Agenda • Streaming • Streaming Architecture • Streaming Protocols • RTSP Protocol Overview • RTSP Security • Conclusion • Questions

  3. Streaming • What is Streaming?Streaming is the process of playing a file while it is still downloading. • Streaming technology lets a user view and hear digitized content - video, sound and animation -as it is being downloaded.

  4. Streaming Architecture

  5. Streaming Architecture – Contd. • Raw video and audio data is stored pre-compressed in the streaming server. • Upon clients request, data is retrieved and send over network in packets. • Packets may be dropped or experience excessive delay due to congestion. • To improve the quality- continuous media distribution services are (eg. Caching ) deployed.

  6. Streaming Architecture – Contd. • Packets that are successfully delivered to receiver, first pass through transport layer and then application layer before being decoded at video/audio decoder. • To achieve synchronization, between audio and video components, media synchronization mechanism are required.

  7. Streaming Protocols • Network layer protocols, which provide basic network service support such as addressing. For Internet streaming, IP is thenetwork protocol used. • Transport protocols, which provide end-to-end transport functions for streaming applications. Transport protocols include RTP, RTCP, etc.

  8. Session Control Protocol • Session-control protocols, which define messages and procedures to control the delivery of the multimedia data during an established session. Examples of such protocols are RTSP and Session Initiation Protocol(SIP).

  9. Real Time Session Protocol • RTSP stands for Real Time Streaming Protocol • An application level Protocol (default port 554) • Text based protocol similar to HTTP with more number of requests. • Provides the control channel • Usable for Live broadcasts / multicast • Usually runs on RTP for stream & TCP for control Also known as “Network remote control” for multi-media servers.

  10. RTSP Functions • One of the main functions of RTSP is to support VCR-like control operations such as STOP, PAUSE/RESUME, FAST FORWARD and FAST REWIND. • RTSP also provides means for choosing delivery channels (e.g. UDP, multicast UDP, or TCP) and delivery mechanisms based on RTP. • RTSP is also used to establish and control continuous audio and video streams between media servers and their clients.

  11. RTSP Operations • Specifically, RTSP supports the following operations: • Media retrieval. The client can request a presentation description and ask the server to set up a session to send the requested media data. • Adding media to an existing session.The server or the client can notify each other about any additional media becoming available to the established session.

  12. RTSP Methods

  13. RTSP State Machine Setup READY Setup Play Pause Teardown Play,Setup Record INIT PLAYING Teardown Pause Teardown Teardown RECORDING Record, Setup

  14. RTSP Security • Denial Of Service Attack • Very Common • Define policies • Client Identity • Session Hijacking • RTSP depends on transport protocols • Malicious user may use random session id • Should define large non-sequence session id • Suspicious Behavior • Should define security policies • Reject the requests if violated

  15. RTSP Security – Contd. • Stream Security • RTSP depends on transport protocols • Should use the Security features of those protocols • Authentication Mechanisms • It is very common • Message Digest • Use encryption whenever required • Personal Information • Encryption must be used. • Such information should not be shared

  16. RTSP Security – Contd. • Server Log Information • Server maintains connection log • Contains user Information • It should be not be shared • DNS Spoofing Attacks • Less likely • Should prevent such attacks • Sensitive Information • RTSP Message transfer • Protect Sensitive Information

  17. RTSP Security – Contd. • Prevent modifying of Paths • RTSP URLs • Absolute Paths • File and Path names • Secure from the malicious users • Firewall Friendly • Application Level Firewall • Transport Layer Firewall • Use the Firewall policies

  18. Conclusion • RTSP is widely used • Online tutorials • Conferences • Entertainment, etc. • Security is Key feature • Follow Security Considerations specified in RFC • Exploit the security features from Transport protocols

  19. Questions

More Related