Threats and Limitations of Terrestrial Broadcast Attacks

Benjamin Michele,Ivan Pena,Pablo Angueira
DOI: https://doi.org/10.1109/TBC.2017.2704538
2024-02-08
Abstract:The DVB standard does not mandate the use of authentication and integrity protection for transport streams. This allows malicious third parties to replace legitimate broadcasts by overpowering terrestrial transmissions. The rogue signal can then deliver a malicious broadcast stream to exploit security vulnerabilities on Smart TVs (STVs) in range. We implemented a proof-of-concept attack based on a malicious Hybrid Broadcast Broadband TV app, able to acquire permanent system-level access to an STV over the air, in less than 10 s. These attacks, however, are severely limited in range due to required co-channel protection ratios (CCPRs), which is in direct contradiction to previous publications. We present evidence for these limitations in form of laboratory experiments, extensive simulations, and field measurements. To this end, we developed an automated, low-cost method for CCPR determination, as well as a method for non-disruptive attack range measurements based on a gap filler and the resulting channel impulse response.
Cryptography and Security,Signal Processing
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is the security threats existing in digital terrestrial broadcasting systems (such as DVB - T), especially attacks against smart TVs (STV). Specifically, the article explores the following issues: 1. **Lack of authentication and integrity protection**: The DVB standard does not enforce authentication and integrity protection for transport streams. This allows malicious third parties to replace legitimate broadcasts by enhancing signal strength, and then send malicious broadcast streams to smart TVs within range, exploiting security vulnerabilities to gain control of the devices. 2. **Actual attack range and concealment limitations**: Previous research evaluated the attack range only based on free - space path loss, ignoring the required Co - Channel Protection Ratio (CCPR). This paper provides evidence through experiments, simulations, and on - site measurements, indicating that when CCPR is considered, the actual attack range is significantly reduced, and due to the existence of the mush area, the concealment of the attack is also greatly limited. 3. **Propose a low - cost automated method**: In order to more accurately assess the effectiveness and limitations of these attacks, the authors developed a low - cost automated method to measure CCPR and proposed a non - destructive attack - range measurement method based on gap fillers and channel impulse responses. ### Formula Explanation The key formula involved in the paper is the Co - Channel Protection Ratio (CCPR), which is defined as follows: \[ \text{CCPR} = 10 \log_{10}\left(\frac{P_{\text{rogue}}}{P_{\text{legitimate}}}\right) \] where: - \( P_{\text{rogue}} \) is the power of the malicious signal, - \( P_{\text{legitimate}} \) is the power of the legitimate signal. ### Summary The core objective of the paper is to reveal and quantify the security risks of attacking smart TVs through terrestrial broadcasting, while also pointing out the limitations of these attacks in practical applications. Through a detailed study of CCPR, the authors not only demonstrated the theoretical possibility of attacks but also proved the feasibility and limitations of these attacks in the real world through experiments. In addition, the paper also proposed suggestions for improved security measures to address potential security threats.