[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Access Control

To: P.Pillai@Bradford.ac.uk
Subject: Re: Network Access Control
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Date: Mon, 16 Jan 2006 11:50:19 +0000
Cc: ipdvb@erg.abdn.ac.uk, "H.Cruickshank" <H.Cruickshank@surrey.ac.uk>, Stephane Combes <Stephane.Combes@alcatelaleniaspace.com>, "S.Iyengar" <S.Iyengar@surrey.ac.uk>
In-reply-to: <>
Organization: University of Aberdeen, UK
References: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2


It is good to hear from you.

The security requirements document would certainly benefit fromadditional contributions. I'll cc this to the authors, and hope they canadd their own respones to mine.

I'd encourage you to send any contributions you can to the securityrequirements I-D (to this list), that would be good to start securitywork. I note that you mention DVB-RCS, examples using a specifictechnology are always welceome, but please do bear in mind that thedocument would need to be applicable to a range of MPEG-2 basedtransmission systems.

If you have other thoughts that could be captured on specific topics, itwould be worth trying to first set those out in an email, and if you canfind others from the group to work on this, a new I-D would be theeasiest way to bring the topic to the attention of others.


Best wishes,

Gorry

P.Pillai@Bradford.ac.uk wrote:

Hi Gorry,

As mentioned in some of the emails before, I think we should look into the
network access control methods for the IP services over DVB systems. Though
RCST authentication and key exchange mechanisms have been defined by DVB, but
authentication of the users behind the RCST may also be important. This may be
especially required by the service provider depending on their business models.
Do you think it is worthwhile to look into this issue?

RADIUS (running over UDP/IP/ULE/MPEG2-TS) is a light protocol that could be used
for authentication of user terminals. The RCST would have to be a RADIUS Client
forwarding the authentication requests to the DVB gateways in the NCC. The DVB
gateways act as RADIIUS proxies which further forward the requests to an AAA
server. The AAA server would have user profiles. DIAMETER (over
TCP/IP/ULE/MPEG2-TS) could also be used. DIAMETER though a more complex
protocol with larger overheads as compared to RADIUS, one of its main advantage
is its support for mobility.

Interaction of these with the RCS security could be an issue say when different
users connected to the same RCST (maybe in a cyber cafe) join different
multicast groups at different times and the new keys have to be sent to the
RCST.

The draft-cruickshank-ipdvb-sec-00.txt, draft gives a nice starting point for
the security services to be provided. But this draft seems to be very specific
for securing the ULE packets. Maybe a new ID could address the network access
control issue, what do you think?

Regards
Prashant

References:
- Network Access Control
  - From: P.Pillai@Bradford.ac.uk

Prev by Date: Network Access Control
Next by Date: Re: Network Access Control
Previous by thread: Network Access Control
Next by thread: Re: Network Access Control
Index(es):
- Date
- Thread