[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security-Requirements: alternatives?
Thank you for the offer.
Gorry
> I am willing to so check.
> Will try to catch it as it goes by, but a tickle would increase the
> probability.
> (and I am out-of-office July 10-14)
> Art
> _____________
> Art Allison
> Director, Advanced Engineering
> Science & Technology
> National Association of Broadcasters
> 1771 N Street, NW
> Washington, D.C. 20036
> Phone: 202.429.5418
> Fax: 202.777.4981
> aallison@nab.org
>
> The National Association of Broadcasters is a trade association that
> advocates on behalf of more than 8,300 free, local radio and television
> stations and also broadcast networks before Congress, the Federal
> Communications Commission and the Courts.
>
> -----Original Message-----
> From: owner-ipdvb@erg.abdn.ac.uk [mailto:owner-ipdvb@erg.abdn.ac.uk] On
> Behalf Of H.Cruickshank@surrey.ac.uk
> Sent: Thursday, June 29, 2006 10:23 AM
> To: ipdvb@erg.abdn.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
> Hi again Art,
>
> Many thanks Art for your opinion and input about ATSC security system
> (ATSC A/ 70A).
>
> We will provide an update for the next rev of the requirements I-D that
> clarifies this point and to include refs to how ATSC provides its
> security services.
>
> Would Art be willing to help check the paragraphs correctly reflect
> ATSC's specs.
>
> Many thanks
> Haitham
>
> ----
> Dr. Haitham S. Cruickshank
> Lecturer
> Communications Centre for Communication Systems Research (CCSR) School
> of Electronics, Computing and Mathematics University of Surrey,
> Guildford, Surrey GU2 7XH, UK
>
> Tel: +44 1483 686007 (indirect 689844)
> Fax: +44 1483 686011
> e-mail: H.Cruickshank@surrey.ac.uk
> http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/
>
> ________________________________
>
> From: owner-ipdvb@erg.abdn.ac.uk on behalf of Allison, Art
> Sent: Wed 28/06/2006 17:35
> To: ipdvb@erg.abdn.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
>
>
> Thanks.
> I agree that to secure some of the flows carried by packets with a
> single PID and not others; one could not apply A/70A.
> Art
> _____________
> Art Allison
> Director, Advanced Engineering
> Science & Technology
> National Association of Broadcasters
> 1771 N Street, NW
> Washington, D.C. 20036
> Phone: 202.429.5418
> Fax: 202.777.4981
> aallison@nab.org
>
> The National Association of Broadcasters is a trade association that
> advocates on behalf of more than 8,300 free, local radio and television
> stations and also broadcast networks before Congress, the Federal
> Communications Commission and the Courts.
>
> -----Original Message-----
> From: owner-ipdvb@erg.abdn.ac.uk [mailto:owner-ipdvb@erg.abdn.ac.uk] On
> Behalf Of H.Cruickshank@surrey.ac.uk
> Sent: Wednesday, June 28, 2006 10:55 AM
> To: ipdvb@erg.abdn.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
> Hi again Art,
>
> May be we should get the terminology right first.
>
> A typical usage is for the ULE Stream sent on a single PID to carry
> unicast or multicast packets with several different IP destination
> addresses (and therefore corresponding different MAC addresses). The aim
> of ULE security is therefore to secure the L2 conversations between each
> Receiver and the Encapsulator that generates the corresponding ULE
> stream.
>
> Also it is possible to do a more fine grain security (per IP flow),
> depending on the security association which is part of a key management
> system.
> Haitham
>
>
> ----
> Dr. Haitham S. Cruickshank
> Lecturer
> Communications Centre for Communication Systems Research (CCSR) School
> of Electronics, Computing and Mathematics University of Surrey,
> Guildford, Surrey GU2 7XH, UK
>
> Tel: +44 1483 686007 (indirect 689844)
> Fax: +44 1483 686011
> e-mail: H.Cruickshank@surrey.ac.uk
> http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/
>
> ________________________________
>
> From: owner-ipdvb@erg.abdn.ac.uk on behalf of Allison, Art
> Sent: Mon 26/06/2006 16:15
> To: ipdvb@erg.abdn.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
>
> Perhaps I misunderstood, but I thought that the approach chosen in ULE
> was for there to be one logical channel per PID ["...locate a specific
> ULE Stream (i.e., the PID value of the TS Logical Channel that carries a
> ULE Stream)"] as contrasted with multiple logical channels carried in
> MPEG-2 TS packets with a single PID.
>
> The discovery of 'logical channels' carried in IP packets delivered via
> MPEG-2 TS packets with a single PID appears to not be standardized.
> Perhaps this falls into the general case of any IP delivery. If so,
> separate security access for each distinct element a functionality that
> A/70A would not provide.
>
> But then it seems to me to not be different than the functionality
> provided for by existing RFCs for security of arbitrary content
> delivered using IP encapsulation, i.e., https: and such
>
> If it is general purpose IP, then it seems to me that the proposal
> should make a case that the current RFCs fail to meet the requirements
> asserted to be needed. If it is 'logical channel' protection, then it
> is different that the general case.
>
> But perhaps I have not been following this in adequate depth - and I
> waste your time, If so - no need to attempt to educate me.
> Regards,
> Art
>
> _____________
> Art Allison
> Director, Advanced Engineering
> Science & Technology
> National Association of Broadcasters
> 1771 N Street, NW
> Washington, D.C. 20036
> Phone: 202.429.5418
> Fax: 202.777.4981
> aallison@nab.org <mailto:aallison@nab.org>
>
> The National Association of Broadcasters is a trade association that
> advocates on behalf of more than 8,300 free, local radio and television
> stations and also broadcast networks before Congress, the Federal
> Communications Commission and the Courts.
>
>
>
>
> ________________________________
>
> From: owner-ipdvb@erg.abdn.ac.uk
> [mailto:owner-ipdvb@erg.abdn.ac.uk] On Behalf Of
> H.Cruickshank@surrey.ac.uk
> Sent: Saturday, June 24, 2006 5:01 AM
> To: ipdvb@erg.abdn.ac.uk; ipdvb@erg.abdn.ac.uk;
> gorry@erg.abdn.ac.uk; S.Iyengar@surrey.ac.uk; P.Pillai@Bradford.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
>
> Hi Art,
>
> Many thanks for your input:
>
> ********************
> * Conditional access for digital TV broadcasting is one example
> that
> exists today. This system is optimised for TV broadcast
> services only,
> and is not suitable for IP packet transmissions and difficult to
> interwork with ULE.
> AA> See ATSC A/70A. I strongly disagree with assertion about the
> difficulty to interwork with ULE. The ULE can be put in a
> virtual
> channel in the ATSC system and the standard directly applied.
> *******************
>
> I completely agree with you that A/70A (Conditional Access
> System for Terrestrial Broadcast, Revision A) can interwork with ULE,
> where encryption is based on PIDs, which sometimes means bundling many
> IP flows with one PID. In our draft (ULE requirements), we aim for more
> fine grain security and securing every IP flow individually and try to
> re-use existing work in the IETF on key management.
>
> Accidentally reading through A/70A, it looks much better than
> the DVB Conditional Access. I personally do not have much faith in DVB
> Conditional Access (DVB CA): You might probably know that DVB CA has
> been surrounded by controversy for many years due to the spread of
> counterfeit smart cards. For example, in late 1999, Italy was flooded
> with cheap counterfeit cards that enabled viewers use Canal Plus for
> free. In March 2002 Canal Plus Group filed a lawsuit against NDS
> Group, accusing it of cracking its digital television smart cards and
> putting the confidential information on the Internet. Since then, I
> have not seen any major changes in DVB CA to cater for these challenges.
>
>
> Haitham
>
> ----
> Dr. Haitham S. Cruickshank
> Lecturer
> Communications Centre for Communication Systems Research (CCSR)
> School of Electronics, Computing and Mathematics
> University of Surrey, Guildford, Surrey GU2 7XH, UK
>
> Tel: +44 1483 686007 (indirect 689844)
> Fax: +44 1483 686011
> e-mail: H.Cruickshank@surrey.ac.uk
> http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/
>
> ________________________________
>
> From: owner-ipdvb@erg.abdn.ac.uk on behalf of Allison, Art
> Sent: Thu 22/06/2006 20:02
> To: ipdvb@erg.abdn.ac.uk; gorry@erg.abdn.ac.uk; Iyengar S Mr
> (CCSR); P.Pillai@Bradford.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
>
>
> See below.
>
>
> _____________
> Art Allison
> Director, Advanced Engineering
> Science & Technology
> National Association of Broadcasters
> 1771 N Street, NW
> Washington, D.C. 20036
> Phone: 202.429.5418
> Fax: 202.777.4981
> aallison@nab.org
>
> The National Association of Broadcasters is a trade association
> that
> advocates on behalf of more than 8,300 free, local radio and
> television
> stations and also broadcast networks before Congress, the
> Federal
> Communications Commission and the Courts.
>
> -----Original Message-----
> From: owner-ipdvb@erg.abdn.ac.uk
> [mailto:owner-ipdvb@erg.abdn.ac.uk] On
> Behalf Of H.Cruickshank@surrey.ac.uk
> Sent: Thursday, June 22, 2006 2:09 PM
> To: gorry@erg.abdn.ac.uk; ipdvb@erg.abdn.ac.uk;
> S.Iyengar@surrey.ac.uk;
> P.Pillai@Bradford.ac.uk
> Subject: RE: Security-Requirements: alternatives?
>
> Hi Gorry,
>
> This issue has been addressed in the security draft. Some text
> has
> been added to section 5.1 to this effect:
>
> Basically, in practice there are not many L2 security systems
> for MPEG
> transmission networks. Two major examples are:
>
> * Conditional access for digital TV broadcasting is one example
> that
> exists today. This system is optimised for TV broadcast
> services only,
> and is not suitable for IP packet transmissions and difficult to
> interwork with ULE.
> AA> See ATSC A/70A. I strongly disagree with assertion about the
> difficulty to interwork with ULE. The ULE can be put in a
> virtual
> channel in the ATSC system and the standard directly applied.
>
> * Some other L2 security systems are specified in standards such
> the MPE
> for DVB system . However, MPE security incomplete and there are
> no known
> implementations of such security system.
>
> * For DVB-S2 Generic Streams, where IP encapsulation could be
> similar to
> ULE. The authors believe that ULE security format can be used
> for
> Generic Streams as well.
>
> We would like to ask the ipdvb WG if anybody knows any other
> existing L2
> security systems that might be suitable for ULE.
>
> AA> See ATSC A/70A for ULE when sent in conformance with ATSC
> Standards.
>
> Haitham
> ----
>
> Dr. Haitham S. Cruickshank
>
> Lecturer
> Communications Centre for Communication Systems Research (CCSR)
> School
> of Electronics, Computing and Mathematics University of Surrey,
> Guildford, Surrey GU2 7XH, UK
>
> Tel: +44 1483 686007 (indirect 689844)
> Fax: +44 1483 686011
> e-mail: H.Cruickshank@surrey.ac.uk
> http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/
>
>
>
> -----Original Message-----
> From: Gorry Fairhurst [mailto:gorry@erg.abdn.ac.uk]
> Sent: 22 June 2006 15:37
> To: Cruickshank HS Dr (CCSR); ipdvb@erg.abdn.ac.uk; Iyengar S Mr
> (CCSR);
> P.Pillai@Bradford.ac.uk
> Subject: Security-Requirements: alternatives?
>
> Haitham, I-D Authors, List,
>
> One of the issues we need to be clear about in preparing for a
> WG
> adoption of the security requirements I-D is the possible
> alternatives
> that have been proposed/implemented in other standards
> organisations.
>
> Could you summarise the methods that have been proposed for
> MPEG-2
> transmission networks that provide equivalent L2 security
> functions, and
> say which to your knowledge has actually have been implemented
> in
> systems?
>
> Thanks,
>
> Gorry
>
>
>
>
>
>
>
>
>