Thanks Haitham for the security extension draft. Most issues that we discussed in our SATNEX workshop are already adressed in the draft. I hope the "ULE-Sec" extension will become standard soon. Link-layer security is a valuable part of a "multiple layer security" solution, especially since upper layer security protocols are not used, not available or somehow incompatible (like end-to-end transport-mode IPsec together with TCP-split). Satellites definately need kind of a "wired equivalent privacy". And protection against traffic analysis is a very unique feature of this security layer. I attached a PDF about how the "ULE-Sec" subsystems could be structured. We discussed this already in our workshop. Looking at the DVB-RCS-Sec spec. there is much to improve. A control plane based on UDP messages would be easier to realize than closed L2 solutions. On the other hand, signalling on layer 2 would be closer to the receiver hardware and thus more secure in authentication (smartcard as in GSM/UMTS). IPsec, IKE, GSAKMP, MIKEY are a good "study examples", but surely need to be modified for the satellite L2 approach. What about re-using code from IKE implementations KAME (racoon) or Free S/WAN (Pluto)? At this opportunity, some problems of IPsec could be removed, like the "aggressive mode" or AH-only. The big benefit over IPsec is, that no tunnelling is required. IPsec transport mode would have to be end-to-end and can't be used just to secure the satellite link. At the workshop, Pauline Chan had the idea to integrate a billing system. Strong RSA/EC authentication with smardcards in the Satcom receivers would be a good base for a billing system. Fraud protection should be done in the Satcom terminals. Using UDP for key-exchange signalling in attached computers might be dangerous as the secret keys could be stolen. A closed terminal solution with L2 signalling directly linked to the smardcard reduces the intrusion risk dramatically. Some other ideas could be derived from the UMTS access security architecture. Anyway, I guess we still need lots of discussion to come to a high-end security solution for the satellite link. Regards, Frank -- Dipl.-Ing. Frank Hermanns Institut für Kommunikation und Navigation DLR - Deutsches Zentrum für Luft- und Raumfahrt D-82234 Wessling Tel: +49 8153 28-2899 Fax: +49 8153 28-2844
Attachment:
ule-sec arch.pdf
Description: Adobe PDF document