[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)

To: ipdvb@erg.abdn.ac.uk
Subject: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)
From: Michael Noisternig <mnoist@cosy.sbg.ac.at>
Date: Fri, 17 Jul 2009 17:57:26 +0200
Cc: ana.yungarcia@thalesaleniaspace.com, gorry@erg.abdn.ac.uk
In-reply-to: <>
References: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

Thanks again, Ana, for your review. Please see my replies inline. I hopeI understood your questions correctly.


Michael

H.Cruickshank@surrey.ac.uk schrieb:

Many thanks Ana for your comments,
See replies in-line:----Dr. Haitham S. CruickshankLecturerCommunications Centre for Communication Systems Research (CCSR)BA Building, Room E11School of Electronics, Computing and MathematicsUniversity of Surrey, Guildford, UK, GU2 7XHTel: +44 1483 686007 (indirect 689844)Fax: +44 1483 686011e-mail: H.Cruickshank@surrey.ac.uk <mailto:H.Cruickshank@surrey.ac.uk>http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/ <outbind://1-00000000A3A4994E2BD6A748A3EE49099E5DCB460700C31D320295E23A4EBD131946F0FE1BB000000033C7FF0000C31D320295E23A4EBD131946F0FE1BB0000001AB9C620000/exchweb/bin/redir.asp?URL=http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/>
________________________________
From: ana.yungarcia@thalesaleniaspace.com [mailto:ana.yungarcia@thalesaleniaspace.com]Sent: 17 July 2009 08:05
To: ipdvb@erg.abdn.ac.uk
Cc: gorry@erg.abdn.ac.uk; Cruickshank HS Dr (CCSR); P.Pillai@bradford.ac.uk
Subject: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)
Dear authors,Nice initiative looking for security over ULE. In fact, link layer security for DVB systems is becoming more and more an issue.Haitham: Thanks.One question about the security key management, have we thought how to perform it over DVB-RCS systems with different topologies?Star systems with a central HUB seems to be an easy scenario, but what about mesh scenarios, who will handle the security keys?Is there going to be a pair of share keys per pair of terminals communicating with each other or there will be a different criteria as maybe perMAC connection between terminals?

Meshed networks require DVB-RCS to carry MPEG/ULE, otherwise ULEsecurity won't be possible. Then, the link endpoints (terminals)maintain the security keys. These may be set up using manual keying inthe form of pre-shared keys, either per link (pair of terminals) each orone key for all terminals.

Keys may be set up automatically using some key management protocol.Then, for traditional bi-directional unicast communication, it's thelink end-points that negotiate and hold the security keys. Keymanagement for secure groups requires a designated Group Controller andKey Server (GCKS) that is reponsible for maintaining the secure groupand issuing the keys. This is partly addressed in the processingsection. However, a key management protocol is intended to be specifiedseparately, in order to allow a clear separation and flexiblity betweenthe key management and the extension header specification.

Haitham: This draft does not address the key management issue. It only focuses on the security extension header format for ULE. The key management can be viewed as an independent issue from the topic of this draft. But it is an important issue.
What protocol and what messages will be used for the security key management? DVB-RCS security systems does cover the startopology configuration, but not yet the mesh case. If we believe that in this case we could use GDOI or GSAKMP protocols,in our understanding, it will be another exercise to check how these two protocols really solve the problem of security key management in the different mesh scenarios.

Key management is not specified in this document. GDOI and GSAKMP mayvery well be some good candidates to adapt for group key management.This is to be defined independently.

Haitham: Yes GSAKMP, GDOI or others can be used to solve the key management issues.
Other comments:- Section 8. Security considerations"Increasing sequence numbers could be linked to a single connection."Are we referring to IP connections or link layer connections?
Haitham: It relates to link layer connection.
- Broadcasting DVB systems use MPEG formatting. But DVB-RCS star transparent systems, mostly use ATM formatting and only optionally MPEG formatting. Using the PID value to identify the source can always be applied to the user terminal in RCS systems. But in a star transparent configuration, the HUB will receive ATM cells, Does it have any impact?

We only consider the ULE link in the document. If ATM is used on thereturn channel, then the ULE link is between the hub and a terminal, andthe hub is the source.


Haitham: In this draft we did not address the ATM cell transmissions. I am not sure if there is a demand for using ATM.

Kind regards,Ana




=========================
Ana YUN GARCIA
Satellite Networks Manager
Thales Alenia Space España
tel. +34 91 807 78 21
www.thalesaleniaspace.com
=========================

References:
- RE: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)
  - From: <H.Cruickshank@surrey.ac.uk>

Prev by Date: RE: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)
Next by Date: Re: IPDVB Provisional Agenda (IETF-75)
Previous by thread: RE: Re: draft-noisternig-ipdvb-sec-ext-00.txt (Editorial NiTs)
Next by thread: {Spam?} We continue next Tuesday
Index(es):
- Date
- Thread