[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the impact of Signalling security on IP traffic

To: "S.Iyengar" <S.Iyengar@surrey.ac.uk>
Subject: Re: Thoughts on the impact of Signalling security on IP traffic
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Date: Tue, 25 Oct 2005 16:41:07 +0100
Cc: ipdvb <ipdvb@erg.abdn.ac.uk>, "H.Cruickshank" <H.Cruickshank@eim.surrey.ac.uk>, "stephane.combes" <stephane.combes@space.alcatel.fr>, "Laurence.Duquerroy" <Laurence.Duquerroy@space.alcatel.fr>
In-reply-to: <>
Organization: University of Aberdeen
References: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624 Netscape/7.1


Here are some thoughts... Comments welcome!

Gorry

---


Some of the L2 signalling security properties include:

- No authentication of the signalling source. The layer-2 signalling
entity is often not be the encapsulation gateway itself.
- No encryption (but sometimes this is needed to bootstrap terminals).
- Integrity check is a CRC-32. This is relatively weak compared to a
cryptographic hash. (Should the forging of table contents needs to be
considered?)
- (re)multiplexors do modify (or insert new SI tables), but there is no
security association with these devices within an MPEG-2 Transmission
network.
- Modification/Denial of the SI information could result in association of a
different stream with the service, or an inability to identify the TS
Logical Channel (PID) that is used for a service.

Threats from interception of Forward link signalling.

In current MPEG-TS networks, the forward link signalling is not encrypted.
Eavesdropping of the signalling information does not reveal any information
which is not available to all receivers.

In the case of two-way networks, forward link signalling can reveal traffic
parameters of the return links from specific users. This information can
also reveal the status of specific terminals (logon/logoff, etc) and the
timing and transmission parameters used by these terminals.

Some of these threats could be reduced by using IP-based signalling [ref]
and appropriate IP-level security mechanisms (e.g. IPsec).

Replay/Jamming

- SI information is required to associate PID values with Streams and
therefore to demultiplex the data at the Receiver.
- In  two-way systems, denial of forward signalling may also prevent link
transmission in the return direction.
- Jamming/interception may also occur in the return link direction. In this
case, forged return link signalling could acquire return link bandwidth, or
modify the state of a terminal as perceived at the network control centre.
These threats can be exploited as a DoS attack.

- SI information may be sent periodically. If the time of transmission is
predictable, this could be "jammed" resulting in loss of signalling at the
receiver, which is a DoS vulnerability. It requires access to the stream -
either on the air interface (e.g. A different transmitter injecting a signal
that is Received (e.g. On an antenna side-lobe).
- Modification of SI can also be a DoS attack, this requires access to the
network components (multiplexors, etc) and/or connecting physical media - a
man-in-the-middle attack.

References:
- RE: Thoughts on draft-cruickshank-ipdvb-sec-req-00.txt
  - From: "S.Iyengar" <S.Iyengar@surrey.ac.uk>

Prev by Date: Re: Thoughts on draft-cruickshank-ipdvb-sec-req-00.txt
Next by Date: RE: Thoughts on the impact of Signalling security on IP traffic
Previous by thread: Re: Thoughts on draft-cruickshank-ipdvb-sec-req-00.txt
Next by thread: Update on WG Status page
Index(es):
- Date
- Thread