@inproceedings{96ac95c4f5534a5eabc0bb997bb435d5,
title = "A security analysis of paid subscription video-on-demand services for online learning",
abstract = "A typical online learning service allows users to watch video lectures in web browsers at any time and any place. In many cases of such services, security solutions (e.g., user authentication and access control) have been deployed to secure access to their premium contents to authorized users only who have paid the subscription fee. In this paper, we demonstrate how security solutions in real-world services can be broken easily. We performed an empirical analysis on the effectiveness of the security solutions deployed in the five popular online learning services using a web proxy to analyze the packets transferred between streaming server and web browser for a streaming service. Our experimental results show that one service out of five was vulnerable to password stealing attacks; three services were vulnerable to URL guessing attacks; and two services were vulnerable to cookie cloning attacks. All the websites tested were vulnerable to at least one attack.",
keywords = "Security analysis, Video-on-demand, Web security",
author = "Sora Lee and Jinwoo Kim and Sangjun Ko and Hyoungshick Kim",
year = "2017",
month = feb,
day = "21",
doi = "10.1109/ICSSA.2016.15",
language = "English",
series = "Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "43--48",
booktitle = "Proceedings - 2016 International Conference on Software Security and Assurance, ICSSA 2016",
note = "2016 International Conference on Software Security and Assurance, ICSSA 2016 ; Conference date: 24-08-2016 Through 25-08-2016",
}