ETSI-BSM work on Satellite Communication Network Security · Dr. Haitham S Cruickshank Future...

1

ETSI-BSM work on Satellite Communication Network Security

University of [email protected]

http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/

Dr. Haitham S Cruickshank

Future Security Workshop: The threats, risks and opportunities

Sophia Antipolis16-17 January 2006

2

Presentation overview

• Introduction to BSM architecture.• Threat analysis in BSM.• Security architecture and various security

scenarios.• Some security challenges in BSM network

such as PEPs and multicast.• Conclusions and future plans in BSM WG.

3

Introduction to BSM STF283 - Security

• The ETSI Broadband Satellite Multimedia (BSM) working group aims to develop broadband satellite services based on complete interworking with the Internet Protocol (IP).

• An important feature of BSM is the Satellite Independent Service Access Point interface or SI-SAP interface:• This interface provides the BSM with a layer of abstraction

for the lower layer functions• Part of BSM STF 283 work focuses on the security

architecture for BSM networks (ETSI TS 102 465).

4

Threats and security requirement in BSM networks

• Network threats: Including passive and active threats:• In satellite broadcast networks (such as BSM), passive

attacks need particular attention, such as eavesdropping or monitoring of transmissions.

• Software threats: Many systems fail because of mistakes in software implementation.

• Hardware threats: All hardware systems including hosts ( e.g. client stations), satellite terminals and network equipment(e.g. routers and firewalls) can provide a way of attack if not properly configured.

• Human threats: Insider and outsider attacks. • BSM security deals with the above threats with the focus on

networking issues.

5

BSM general architecture

S IA F

A d d r e s sT a b le

IP R o u t in gIP R o u te D e te rm in a t io n

B S MS e c u r i ty

M g m t

S a te l l i te L in k C o n tro l (S L C )

S a te l l i te M e d iu m A c c e s s C o n tro l (S M A C )

S a te l l i te P h y s ic a l (S P H Y )

S D A F

S a te l l ite D a ta U n it S w itc h in g

B S MA d d r e s s R e s o lu t io n

B S MA d d r e s s R e s o lu t io n

IP S e c u r ity

IP v 4 a n d IP v 6

S I-U -S A P S I-C -S A P S I-M -S A P

S e g m e n ta t io n/

e n c a p s u la t io n

B S M Q o SA d a p ta t io n

B S MR o u t in g

A d a p ta t io n

IP Q o S M a n a g e m e n t

IP P a c k e t F o rw a rd in g

B S M Q o SM g m t

B S MR e s o u r c e

M g m t

B S MS e c u r i ty

M g m t

B S MC o n n e c t io n

C T R L

B S MC o n n e c t io n

C T R L

6

Architecture case 1: IPsec and security entities in BSM

Secure data handling (Encryption engine)

SI-C-SAPSI-U-SAP SI-M-SAP

BSM Local security manager

Supplicant



BSM Network security manager

Authentication server

BSM network

User data privacy

User data privacy

User dataKey data

Authorization data

BSM Gateway

BSM ST

ST local Key data

SID, Keys

SID, Keys

SID, Keys

Authenticator

7

Architecture case 2: Mixed link layer security entities




Host/UserSupplicant





BSM network

Server User data (encrypted) Key data

Authorization data

BSM Gateway

BSM ST

Clear textBSM Billing entity ST local Key data

SID, Keys

SID, Keys

SID, Keys

SID, KeysAuthenticator

8

Challenges for using security with Performance Enhancing Proxies (PEPs)

• A Performance Enhancing Proxy (PEP, RFC 3135) is used to improve the performance of the Internet protocols on network paths where native TCP performance suffers due to characteristics of a link such as satellites.

• The most detrimental negative implication of PEPs is breaking the end-to-end semantics of a connection:• Therefore it disables end-to-end use of IPsec

• In BSM networks, PEPs should be used in the following configurations:• With Link layer security (such as DVB-RCS security)• With IPsec being performed closer to BSM ST/Gateway

than the PEP

9

Suitable security associations for interworkingwith PEPs

Host

ST with BSM security

BSM network

BSM security association (link layer or BSM IPsec security

ST/Gateway with BSM security

PEP

Host

PEP

End-t-end security association (e.g. application layer security)

Successful PEP operations

10

Challenges in Secure multicast over satellites

• Secure multicast is a difficult problem. There are many open issues:• IPsec with multicast between BSM security gateways• Key management architecture for large groups• Security policies creation and enforcement• Centralised versus distributed architectures

• BSM multicast security architecture will aim to provide a balanced solution between existing link layer (such as DVB-RCS) and network layer (such as IPsec) solutions:• Interactions through the SI-SAP interface have to be

carefully thought.

11

Secure Multicast architecture - Centralised

Policy server

Group Controller/Key Server

Sender

Receiver

Multicast security policies

Group key management

Multicast data handling

12

Secure Multicast architecture - Distributed

Policy server


Sender

Receiver

Multicast security policies

Group key management

Multicast data handling

Receiver


Policy server

13

Liaison with EU IST projects

• The work in ETSI BSM on security will not be complete without full liaison with relevant IST projects:• The aim is to achieve co-ordination of work

between BSM and these projects• One example of such collaboration is the EU NoE

called SATNEX project (Satellite Communications Network of Excellence).

• Other examples of EU projects are SATLIFE and SATSIX.

14

Conclusion

• Interworking with the IPsec and link layer security is critical for the success of BSM specifications.

• Security interactions through the BSM SI-SAP interface has been defined.

• There are future challenges in secure multicast over satellites:• Next phase in BSM security work will focus on

multicast issues (New ETSI TS 102 466)

15

Extra slides

16

Architecture case 3:End-to-end security, transparent to BSM



End user security manager

Supplicant



End user/remote server security manager


BSM network

User data privacy

User data

User data Key dataAuthorisation data

BSM Gateway

BSM ST

BSM independent local Key data

Authenticator

17

Architecture case 4: link layer security, transparent to BSM


SI-C-SAPSI-U-SAP SI-M-SAPST security manager

Supplicant



BSM security manager


BSM network

User data

User data

User data Key data Authorisation data

BSM Gateway

BSM ST

ST local Key data

SID, Policy

SID, Policy



Authenticator

18

Interactions between security and QoSentities in BSM - 1


Local BSM Address_res manager



BSM network

Encrypted data

BSM NCC/Gateway

BSM ST

Local BSM security manager

Local BSM QoSmanager

BSM Network QoSmanager

BSM NetworkAddress_res manager

Local interactions

19

Interactions between security and QoSentities in BSM - 2

1

2 3

20

Interactions between security and Address management entities in BSM

IP LAYER

BSM_IDs

BSM_IDSubset 1

BSM_IDSubset 2

BSM_IDSubset 3

BSM_IDs

BSM_IDSubset 1

BSM_IDSubset 2

BSM_IDSubset 3

IP subset B1

IP subset B2

IP subset B3

IP subset B4

satellite networkoperator

network accessprovider

SIAF: IP to BSM_ID association

IP subset A1

IP subset A2

IP subset A3

IP subset A4

IP to IP associations (routing/ bridging tables)

IP subset C1

IP subset C2

IP subset C3

IP subset C4

ISP &customer

SATELLITE DEPENDENT IDs (SDIDs)e.g. MAC_Add; PIDs; Channel_ID

SDAF: BSM_ID to MAC association

Mapsubset 1

Mapsubset 2

Mapsubset 3

Secure signalling

ETSI-BSM work on Satellite Communication Network Security · Dr. Haitham S Cruickshank Future...

Documents

Transcript of ETSI-BSM work on Satellite Communication Network Security · Dr. Haitham S Cruickshank Future...