ETSI-BSM work on Satellite Communication Network Security · Dr. Haitham S Cruickshank Future...
Transcript of ETSI-BSM work on Satellite Communication Network Security · Dr. Haitham S Cruickshank Future...
1
ETSI-BSM work on Satellite Communication Network Security
University of [email protected]
http://www.ee.surrey.ac.uk/Personal/H.Cruickshank/
Dr. Haitham S Cruickshank
Future Security Workshop: The threats, risks and opportunities
Sophia Antipolis16-17 January 2006
2
Presentation overview
• Introduction to BSM architecture.• Threat analysis in BSM.• Security architecture and various security
scenarios.• Some security challenges in BSM network
such as PEPs and multicast.• Conclusions and future plans in BSM WG.
3
Introduction to BSM STF283 - Security
• The ETSI Broadband Satellite Multimedia (BSM) working group aims to develop broadband satellite services based on complete interworking with the Internet Protocol (IP).
• An important feature of BSM is the Satellite Independent Service Access Point interface or SI-SAP interface:• This interface provides the BSM with a layer of abstraction
for the lower layer functions• Part of BSM STF 283 work focuses on the security
architecture for BSM networks (ETSI TS 102 465).
4
Threats and security requirement in BSM networks
• Network threats: Including passive and active threats:• In satellite broadcast networks (such as BSM), passive
attacks need particular attention, such as eavesdropping or monitoring of transmissions.
• Software threats: Many systems fail because of mistakes in software implementation.
• Hardware threats: All hardware systems including hosts ( e.g. client stations), satellite terminals and network equipment(e.g. routers and firewalls) can provide a way of attack if not properly configured.
• Human threats: Insider and outsider attacks. • BSM security deals with the above threats with the focus on
networking issues.
5
BSM general architecture
S IA F
A d d r e s sT a b le
IP R o u t in gIP R o u te D e te rm in a t io n
B S MS e c u r i ty
M g m t
S a te l l i te L in k C o n tro l (S L C )
S a te l l i te M e d iu m A c c e s s C o n tro l (S M A C )
S a te l l i te P h y s ic a l (S P H Y )
S D A F
S a te l l ite D a ta U n it S w itc h in g
B S MA d d r e s s R e s o lu t io n
B S MA d d r e s s R e s o lu t io n
IP S e c u r ity
IP v 4 a n d IP v 6
S I-U -S A P S I-C -S A P S I-M -S A P
S e g m e n ta t io n/
e n c a p s u la t io n
B S M Q o SA d a p ta t io n
B S MR o u t in g
A d a p ta t io n
IP Q o S M a n a g e m e n t
IP P a c k e t F o rw a rd in g
B S M Q o SM g m t
B S MR e s o u r c e
M g m t
B S MS e c u r i ty
M g m t
B S MC o n n e c t io n
C T R L
B S MC o n n e c t io n
C T R L
6
Architecture case 1: IPsec and security entities in BSM
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
BSM Local security manager
Supplicant
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
BSM Network security manager
Authentication server
BSM network
User data privacy
User data privacy
User dataKey data
Authorization data
BSM Gateway
BSM ST
ST local Key data
SID, Keys
SID, Keys
SID, Keys
Authenticator
7
Architecture case 2: Mixed link layer security entities
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
BSM Local security manager
Host/UserSupplicant
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
BSM Network security manager
Authentication server
BSM network
Server User data (encrypted) Key data
Authorization data
BSM Gateway
BSM ST
Clear textBSM Billing entity ST local Key data
SID, Keys
SID, Keys
SID, Keys
SID, KeysAuthenticator
8
Challenges for using security with Performance Enhancing Proxies (PEPs)
• A Performance Enhancing Proxy (PEP, RFC 3135) is used to improve the performance of the Internet protocols on network paths where native TCP performance suffers due to characteristics of a link such as satellites.
• The most detrimental negative implication of PEPs is breaking the end-to-end semantics of a connection:• Therefore it disables end-to-end use of IPsec
• In BSM networks, PEPs should be used in the following configurations:• With Link layer security (such as DVB-RCS security)• With IPsec being performed closer to BSM ST/Gateway
than the PEP
9
Suitable security associations for interworkingwith PEPs
Host
ST with BSM security
BSM network
BSM security association (link layer or BSM IPsec security
ST/Gateway with BSM security
PEP
Host
PEP
End-t-end security association (e.g. application layer security)
Successful PEP operations
10
Challenges in Secure multicast over satellites
• Secure multicast is a difficult problem. There are many open issues:• IPsec with multicast between BSM security gateways• Key management architecture for large groups• Security policies creation and enforcement• Centralised versus distributed architectures
• BSM multicast security architecture will aim to provide a balanced solution between existing link layer (such as DVB-RCS) and network layer (such as IPsec) solutions:• Interactions through the SI-SAP interface have to be
carefully thought.
11
Secure Multicast architecture - Centralised
Policy server
Group Controller/Key Server
Sender
Receiver
Multicast security policies
Group key management
Multicast data handling
12
Secure Multicast architecture - Distributed
Policy server
Group Controller/Key Server
Sender
Receiver
Multicast security policies
Group key management
Multicast data handling
Receiver
Group Controller/Key Server
Policy server
13
Liaison with EU IST projects
• The work in ETSI BSM on security will not be complete without full liaison with relevant IST projects:• The aim is to achieve co-ordination of work
between BSM and these projects• One example of such collaboration is the EU NoE
called SATNEX project (Satellite Communications Network of Excellence).
• Other examples of EU projects are SATLIFE and SATSIX.
14
Conclusion
• Interworking with the IPsec and link layer security is critical for the success of BSM specifications.
• Security interactions through the BSM SI-SAP interface has been defined.
• There are future challenges in secure multicast over satellites:• Next phase in BSM security work will focus on
multicast issues (New ETSI TS 102 466)
15
Extra slides
16
Architecture case 3:End-to-end security, transparent to BSM
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
End user security manager
Supplicant
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
End user/remote server security manager
Authentication server
BSM network
User data privacy
User data
User data Key dataAuthorisation data
BSM Gateway
BSM ST
BSM independent local Key data
Authenticator
17
Architecture case 4: link layer security, transparent to BSM
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAPST security manager
Supplicant
Secure data handling (Encryption engine)
SI-C-SAPSI-U-SAP SI-M-SAP
BSM security manager
Authentication server
BSM network
User data
User data
User data Key data Authorisation data
BSM Gateway
BSM ST
ST local Key data
SID, Policy
SID, Policy
BSM Local security manager
BSM Network security manager
Authenticator
18
Interactions between security and QoSentities in BSM - 1
Secure data handling (Encryption engine)
Local BSM Address_res manager
Secure data handling (Encryption engine)
BSM Network security manager
BSM network
Encrypted data
BSM NCC/Gateway
BSM ST
Local BSM security manager
Local BSM QoSmanager
BSM Network QoSmanager
BSM NetworkAddress_res manager
Local interactions
19
Interactions between security and QoSentities in BSM - 2
1
2 3
20
Interactions between security and Address management entities in BSM
IP LAYER
BSM_IDs
BSM_IDSubset 1
BSM_IDSubset 2
BSM_IDSubset 3
BSM_IDs
BSM_IDSubset 1
BSM_IDSubset 2
BSM_IDSubset 3
IP subset B1
IP subset B2
IP subset B3
IP subset B4
satellite networkoperator
network accessprovider
SIAF: IP to BSM_ID association
IP subset A1
IP subset A2
IP subset A3
IP subset A4
IP to IP associations (routing/ bridging tables)
IP subset C1
IP subset C2
IP subset C3
IP subset C4
ISP &customer
SATELLITE DEPENDENT IDs (SDIDs)e.g. MAC_Add; PIDs; Channel_ID
SDAF: BSM_ID to MAC association
Mapsubset 1
Mapsubset 2
Mapsubset 3
Secure signalling