Source Authentication for IPTV System
-
Upload
rockys11 -
Category
Technology
-
view
247 -
download
3
Transcript of Source Authentication for IPTV System
Source Authentication for IPTV System*
Ki-Eun Shin1, and Hyoung-Kee Choi
1
1School of Information and Communication Engineering
Sungkyunkwan University, Suwon, Korea [email protected], [email protected]
Abstract. Presently, the demand for IPTV, to satisfy a variety of goals, is ex-
ploding, and IPTV is coming into the spotlight as a killer application in upcom-
ing IP convergence networks such as triple play which is the delivery of voice,
internet, and video service to a subscriber. IPTV utilizes CAS that controls sub-
scriber access to content for a profit. Although the current CAS scheme pro-
vides access control via subscriber authentication, there is no authentication
scheme for content transmitted from service providers. Thus, there is vulnera-
bility of security, through which an adversary can forge content between the
service provider and subscribers and distribute malicious content to subscribers.
In this paper, we proposed efficient and strong source authentication protocols
which remove the vulnerability of the current IPTV system, based on a hash
tree scheme. We also evaluate our protocol from the viewpoint of IPTV re-
quirements.
1 Introduction
Entertainment is big business all over the world. The annual residential cable TV
revenue and the number of subscribers are rapidly increasing. High-bandwidth IP
infrastructure is now propagating such as VDSL, FTTH, and FTTB to make it possi-
ble to provide high quality and variety services. As of September 2007, the number of
IPTV subscribers in Korea is over 650,000 and rapidly increasing [1]. IPTV services
are initially targeted by traditional telecommunication service companies (Telcos).
Eventually cable TV companies and network operators rush to the golden opportunity
presented.
IPTV provides various services so called triple play which is the delivery of voice,
Internet, video services to a customer. IPTV provides bidirectional service that im-
proves the conventional one-way service broadcasting and transfers commercial grade
SD and HD entertainment quality and on-demand video content over IP-based net-
works, while meeting all prerequisite quality of service, and quality of experience. A
subscriber utilizes channels and content that s/he wishes to enjoy. IPTV delivers di-
verse and subdivided content to meet these requirements. A service provider offers
* “This research was supported by the MKE(Ministry of Knowledge Economy), Korea, under
the ITRC(Information Technology Research Center) support program supervised by the
IITA(Institute of Information Technology Advancement)” (IITA-2008-C1090-0801-0028)
chargeable content at a profit. A service provider utilizes Conditional Access System
(CAS) [2][3] to control the subscriber access to content. That is, an authorized sub-
scriber could access content via subscriber authentication. For instance, a subscriber
who pays for specified content can only utilize that content.
Although current CAS provides access control via subscriber authentication, there
is no authentication scheme for the content provided by a service provider. Current
CAS provides content protection via a scrambling algorithm, a form of encryption.
The scrambling algorithm uses encryption key, CW, published to a group of autho-
rized subscribers through a regular process. Hence, any member of the authorized
subscriber group, who holds CW, can be an insider attacker. S/he can forge content
and distribute that content to subscribers by making use of an authentic CW. Thus,
there is a security vulnerability, whereby an adversary can forge content between the
service provider and subscribers and then squeeze forged content into an authentic
stream. For instance, it is possible for an adversary to forge stock quotes both profit-
ing from this and causing societal problems.
In this paper, we propose novel source authentication protocols based on a hash
tree scheme. It provides low authentication latency, resilience of packet loss and DoS
attack for a data stream such as live streaming and Video on Demand (VoD) provided
by the service provider, which solves the problem of the vulnerability of the current
CAS and provides the evidence through non-repudiation in the case of subsequent
disputes.
The remaining part of this paper is organized as follows. In Section 2, we introduce
the related work on source authentication protocol and requirements of source authen-
tication for IPTV system. Section 3 presents CAS architecture and explains important
signaling messages more detail for our protocol. In Section 4, we introduce the Merkle
tree (MT) [4] and detail our proposed protocol. In Section 5, we analyze our proposed
protocol from the viewpoint of security and performance aspects based on the IPTV
system requirements. We finally conclude this paper in Section 6.
2 Related Work
Broadcasting is an efficient way to deliver multimedia resources, such as real-time
video or stock quotes to a group of receivers rather than unicasting due to limited
network resources. Source authentication prevents not only receivers from suffering
forged resources but also a sender from denying transmitting message. Source authen-
tication has been an important topic in broadcast until now, but source authentication
for multimedia streaming is hard to solve due to communication and computation
overhead.
There have been many studies about broadcast source authentication. Park et al.
proposed SAIDA [5], to provide source authentication resilient to packet loss through
signature amortization. However, Source verification involves buffering on the receiv-
er side to reorganize the signature from the amortized signature and a high computa-
tional overhead to reorganize the signature, this results in high processing latency.
Perrig et al., proposed EMSS [6], based on signing a small number of packets in a
data stream to provide non-repudiation, high loss resistance, and low overhead. Each
packet is linked to a special packet that is signed via hash chains. On the other hand,
EMSS has high verification latency that makes it impossible to provision real time
service, a significant requirement of IPTV.
Perrig et al. introduced TESLA [7], which also provides a fast and light-weight ve-
rification scheme through hash chaining of symmetric keys and later disclosure of
those keys. However, TESLA does not provide a non-repudiation service and needs
time synchronization between a sender and receivers. The length of hash chaining is
limited due to hash collision. The sender should commit the one-way key chain and
broadcast it periodically to use TESLA with an infinite stream, such as a video stream.
Fig. 1 depicts IPTV security elements and X.805 network security layer recom-
mended from ITU-T [8]. Since there are various security threats, we focus on content
security threat such as interception, unauthorized viewing, and redistribution.
IPTV has to provide real time services such as live streaming and stock quotes.
SAIDA and EMSS could not offer real time services, due to high processing latency
which, makes subscribers wait for a moment to watch TV, and it causes authentic
packets to fail the verification process, due to forged packets squeezed into a stream.
TESLA could not offer non-repudiation service, an important factor of source authen-
tication to provide evidence of transmission in case of later disputes between a service
provider and subscribers.
3 Conditional Access System and Requirements
IPTV has security components such as DRM and CAS. DRM is access control tech-
nologies used by a publisher and other copyright holders to limit usage of digital me-
dia to protect content provider’s profit. Conversely, CAS is a system that limits digital
media to subscribed clients according to the entitlement to protect service provider’s
profit. It manages subscribers to protect service provider’s profit through granting the
entitlement to watch TV and controls these entitlements. Each service provider has
Content
provider
Optional
Service
provider
IPTV
terminal
Home
gateway
Content security threats
Su
bscrib
er security
threats
Application
security layer
Service
security layer
Infrastructure
security layer
Service security threats
Network security threats
Terminal device
security threats
X.805 Network
security layer
Fig. 1 IPTV security elements and X.805 network security layer
developed his own CAS, because until now, there has not been a CAS standard. CAS
frameworks and fundamentals are almost universal.
The CAS security component consists of scrambling and encryption for access con-
trol. CAS protects the data stream via scrambling. Fig. 2 and Fig. 3 show CAS struc-
ture and subscriber authentication respectively.
The service provider scrambles the data stream (i.e. such as video and audio), a
type of MPEG-2 Transport Stream (TS), allows only valid subscriber viewing. An
authorized subscriber can generate original TSs by descrambling the scrambled stream.
CAS makes use of a hierarchical key management scheme to provide conditional
access. There are three keys: Master Private Key (MPK), Authorization Key (AK),
and Control Word (CW). CW is a random number, used to scramble and descramble
TSs. CW is updated via frequent, encrypted broadcasts, using an AK to restrict illegal
viewing. CW is common to authorized subscribers. AK is a type of group key, used to
encrypt the CW for each subscriber. Encrypted CW is sent with an Entitlement Con-
trol Message (ECM). AK, which is encrypted with Master Private Key (MPK), is
transmitted to the subscriber with an Entitlement Management Message (EMM) via a
unicast. It consists of information such as contract information for individual receivers,
by broadcasting over a relatively long period. MPK is a secret unique key kept in
every receiver. The service provider stores MPK off-line in a smart card within each
subscriber’s Set-top Box For instance, MPK is stored when the Set-top Box is taken
from a warehouse or the subscriber installs Set-top Box through a service provider.
Two kinds of message, ECM and EMM, are transmitted to control and manage
conditional access of subscribers,. ECM is injected into TSs stream by the service
provider to offer entitlement information and to update CW and AK according to the
key update schedule. The subscriber could descramble the content, obtaining CWs and
AKs transmitted within ECM and EMM respectively.
ECM and EMM are important signaling messages enabling security and entitlement.
Thus, the service provider signs these messages via a digital signature scheme to pro-
vide integrity and authenticity. The subscriber can check the validity of these messag-
Encrypted CW Signature
Encrypted AK Signature
ECM Authentication
EMM Authentication
Signature check
Signature check
Authentication server
SAS SMS
ECM
EMM
Encryption key : AK
Encryption key : MPK
Smart card manager
Smart card
X.509 certificate
Decrypt
Decrypt
MPK
AK
Off-line key distribution
EMPK(AK)
EAK(CW)CW
Message CAS module
Service Provider Set-top bex : key manager (Smart card)
CAS
Fig. 2 Conditional access system
es through signature verification and is granted use of specified content for which s/he
pays.
CAS provides authentication scheme for ECM / EMM and for subscribers’ authori-
zation. However, there is no source authentication scheme for the stream transmitted
to subscribers. Since all subscribers could get CW, which is used to scramble stream,
a malicious subscriber, not having the right to broadcast the stream, could forge a
stream (i.e. poisoning content or illegal content distribution) and re-scramble that
stream with CW, transferring it to subscribers. Thus, IPTV is vulnerable to an attack
that forges a stream and squeezes the forged stream into an authentic stream to cause
illegal stream distribution or DoS attack. Hence, IPTV service should provide source
authentication to prevent these attacks.
A service provider who has authority to provide content could broadcast fabricated
content to harvest an illegal profit. For instance, a service provider could forge stock
prices and broadcast forged data. Accordingly, source authentication for IPTV should
provide non-repudiation service to prevent a service provider who forges content
denying what s/he sent.
A new source authentication protocol is needed to, to replace the above two proto-
cols, to meet the requirements of IPTV needs. Important factors for IPTV source
authentication are summarized below.
1. Each packet in the stream could be used as soon as it is received.
2. If there is packet loss, subscribers could verify the remaining of packets.
3. If there is a Denial of Service (DoS) attack from an adversary, subscribers could
withstand it.
4. Source authentication for IPTV has to provide a non-repudiation service not to
deny content transmission.
5. Computation and communication overhead may be low to provide flexible service,
such as broadcasts to mobile phones.
Subscriber CASCAS Authentication Request
EMM = [EMPK(AK), AP] sign
IGMP Join
Distribution Server
Transport Stream by Multicasting with
ECM = [EAK(CW), CP] sign
Certificate, Subscriber Authentication Request
Authentication OK, Certificate
Authentication OK
IGMP Leave
Update Subsriber Information
Update OK
Fig. 3 Subscriber authentication
4 The Proposed Protocol
IPTV source authentication should be efficient both to the service provider and to the
receiver to offer real-time broadcasts. The efficiency of authentication verification
process on the subscriber side, where the computing power of Set-top box is not gen-
erally powerful, is more important than generation of authentication data on the ser-
vice provider. The service provider and the subscriber have to be robust withstand a
DoS attack, to offer stable service under an attack, and provide non-repudiation ser-
vice for later disputes.
Generally, the means of authenticating a source is either a symmetric key, pre-
shared between a sender and a receiver, or a digital signature via an asymmetric key.
Symmetric key operation is faster than asymmetric key operation. However, if a sym-
metric key is applied to source authentication under group communication, a sender
and the remaining n group members should share n number of Pre Shared Keys
(PSKs) to distinguish source from group members, and the sender has to construct n
MACs (Message Authentication Codes). This is not applicable in the case of message
broadcasting because the complexities of MAC computation and communication are
O(n).
Thus, utilization of a digital signature scheme is a popular method of source au-
thentication for broadcast messages. A digital signature can provide adequate authen-
tication services that include message integrity and non-repudiation service, but it is
too expensive to generate and verify these signatures. There is high latency of verifica-
tion on the receiver side that reduces the quality of service. Hence, an IPTV service
requests efficient source authentication protocol that enables real-time broadcasting. A
naive solution is to sign a minimum number of packets with a digital signature scheme
to minimize the number of verifications.
We propose source authentication for the data stream transmitted by the service
provider that satisfies live streaming service via a modified Merkle Tree (MT). MT
generates a set of siblings for the receiver to check authenticity of transmitted packets.
Fig. 4 depicts an example of MT. The sender constructs a binary tree for 8 Ps. The
P1 P2 P3 P4 P5 P6 P7 P8
H1 H2 H3 H4 H5 H6 H7 H8
H1,2
H1,4
H3,4
root
H5,6 H7,8
H5,8
Fig. 4 Structure of Merkle tree
output via the hash function of Ps, becomes the leaf node of a MT. Each internal node
is the hash value for concatenation of its right and left children. MT is constructed via
these iterated processes. The root of MT has to sign via a digital signature scheme to
provide source authentication for transmitted packets. When the packet is transmitted,
the packet, the corresponding siblings and signature of root are transmitted together.
For instance, The sibling set for P3 is {H4, H1,2, H5,8}, a gray circle in Fig. 4. Thus, P3,
corresponding set of siblings, and a signature of root will be delivered together and the
root can be recovered as root = H((H1,2, (H(P3), H4)), H5,8). The receiver can verify
the packet by checking a signature of root. Once the root of tree is authenticated, the
remaining packets of the corresponding tree that construct a MT can be verified
through comparison of the root constructed via light operations such as hash with
authenticated root.
MT could provide source authentication in case of packet loss due to set of siblings
and signature of root that transmitted with packet. Thus, the receiver does not have to
buffer the transmitted packets to verify authenticity. This property provides resilience
to DoS and pollution attacks. The receiver could check the authenticity of transmitted
packets as soon as they are received. MT is suitable to authenticate a real-time broad-
casting service, such as IPTV. The communication overhead per packet of the MT
scheme is high due to siblings and signatures. Thus, we need to modify MT to offer
low communication overhead and fast authentication latency.
We utilize the MT scheme to provide source authentication for live streaming and
modify the transmission of the set of siblings and signature of the root, due to high
communication and computation overheads. As mentioned in Section 3, ECM and
EMM, called CAS messages, are signed by the service provider to authenticate their
sources. Thus, if a root of MT is included in those packets and is signed together, we
need only one signing process to both the CAS messages and the root. The signature
of MT transmitted together with each transmitted packet in the original MT scheme is
not included in each packet due to high communication overhead. Instead, the CAS
message will include the root of MT and the signature of the modified CAS message.
Each data stream packet (TS) will include the set of siblings as well. That is, we do
Full Binary Merkle Tree
ECM2TS1 W1 ...
H(root)
ECM Payload H(root) Signature
aa
ECM1 TS2 W2 TS3 W3 TSn Wn TS1 W1 ...
TSi : MPEG2 transport stream
Wi : Set of TSi’s siblings
Signature : Signature of ECM
Payload and H(root)
Fig. 5 Stream of proposed protocol
not need an additional signing process on the sender side and signature verification
process on the receiver side, and communication overhead will reduce slightly.
The ECM transmission period is shorter than that of EMM. Hence, it is suitable for
the service provider to sign ECM to authenticate TSs and to reduce communication
overhead. The current commercial IPTV system in Korea utilizes a 0.1 sec transmis-
sion period for ECM. A subscriber who wants to join the service has to wait for ECM
to get CW, because there might be ECM packet loss. Generally, people are impatient
to wait for some time to watch TV.
The sender constructs MT with leaf nodes that are hashes of TSs and signs the root
of MT with ECM to authenticate the MT root. The constructed root is a representative
value of TSs. That is, the equivalent effect of signing each TS is achieved by signing
the root. The service provider concatenates the set of siblings of the nodes along the
path from the TS to the root, with the corresponding TS, and transmits these generated
packets with TS. Fig. 5 depicts the stream of the proposed protocol and Wi is the set of
siblings that corresponds to the TSi. TSs with the corresponding set of siblings and
ECMs are transmitted to the subscriber. For instance, If there is 8 TSs between ECM1
and ECM2, W1 will be {H2, H3,4, H5,8}.
First, the receiver checks the signature included in ECM to authenticate ECM.
Then, the receiver can check whether these TSs are valid, comparing the root deli-
vered via ECM with the root generated by the receiver. If those TSs are not valid, the
receiver may discard those packets without buffering.
Hence, there is one signature verification for one tree and some hash operation to
verify the transmitted TSs. Fig. 6 shows live streaming of proposed protocol. The
notion of tree(mi) stands for time of construction MT, corresponding to stream of mi.
After the construction and signing process, the stream starts transmitting to subscribers.
time
period ECM
m1 packets
m1 packets m2 packets
tree(m1) + sign tree(m2) + sign
period ECM
Fig. 6 Live streaming flow
5 Security and Performance Analysis
5.1 Authentication Latency
Generally, block-based source authentication, which reduces the number of signature
verification operations at each receiver, should collect entire packets of the block to
verify source of packets before the verification process. Thus, authentication latency is
very high. (m, n) coding protocol such as SAIDA [5] should collect more than n pack-
ets to verify source of packets.
However, our protocol provides short authentication latency, comparing the root of
hash tree, delivered with the ECM signed by a service provider with a root calculated
via a hash operation. There is no additional signature verification process, because we
utilize the ECM signing process of current CAS. Therefore, the subscriber could veri-
fy the source of the multimedia data stream via computationally light hash operations.
We simulate to evaluate the additional delay at both sender and receiver sides to
provide IPTV source authentication. The simulation program is written in C and runs
on a 1.6 GHz Pentium Dual Core Linux PC, with a XySSL 0.9 cryptography library
[9]. MD5-128 is used for the hash function and RSA with 1024 bits key is used as the
digital signature scheme. Table 1 and Table 2 depict processing delay and number of
operations to generate authenticated packets and to verify those packets according to
the bit rate of stream, respectively. Our protocol provides short authentication latency
at the receiver side. On the other hand, there is slight latency to generate MT. Howev-
er, it is possible to reduce latency at the sender side, because CAS is more powerful
than the Set-top box. ITU-T Recommendation, Y.1540 and Y.1541 [10] provide QoS
parameters such as IP Packet Transfer Delay (IPTD), IP Packet Delay Variation
(IPDV), IP Packet Loss Ratio (IPLR) and IP Packet Error Ratio (IPER) and 5 QoS
classes. We could be sure if our protocol is suitable for IPTV service, because our
Table 1 Number of operation and processing delay on sender side
Stream Hash (188Bytes) Hash (32Bytes) Concatenation Delay (ms)
5Mbps 256 255 255 0.55
10Mbps 512 511 511 1.1121
20Mbps 1024 1023 1023 2.2217
Table 2 Number of operation and processing delay on receiver side
Stream Hash (188Bytes) Hash (32Bytes) Concatenation Delay (s)
5Mbps 1 8 8
10Mbps 1 9 9 1.1121
20Mbps 1 10 10 2.2217
propose protocol affects only IPTD. IPTD of class 4 (Multimedia service) is 1 sec,
and the additional delay to process source authentication (i.e. processing delay on
sender side and receiver side) is so short that QoS of IPTV cannot be influenced by
additional delay.
5.2 Resilience to Packet Loss
Source authentication via block-based authentication or hash chaining scheme has
correlations between packets. Hence, if there is packet loss, the remainder of the
packet, which consists of the entire block or chain, might be affected. However, our
protocol eliminates correlation between packets, and transmits packets with a set of
siblings so that the receiver could generate the root with which it is used to compare
the authentic root within ECM and verify authenticity of packets regardless of packet
loss. In spite of these characteristic of our protocol, if ECM is lost, it is impossible to
authenticate packets that consist of the corresponding tree. We do not consider this
situation in our protocol, because of current CAS characteristics that could not de-
scramble the multi-media stream without CW transmitted within ECM.
5.3 DoS Resilience
It is possible for an adversary to transmit a forged message (or randomly generated
message) to a subscriber and cause a victim to disturb in his/her verification process
and to increase computational overhead at the receiver side.
In the case of source authentication via a hash chaining scheme, an adversary can
mix forged packets without block signature so that the buffer of that victim might
overflow due to packet buffering until arrival of the block signature
Our protocol utilizes MT to authenticate a set of packets and filters transmitted
packets from an adversary via a comparing process between a root of the tree within
ECM and a root calculated by a packet and a set of siblings.
5.4 Non-repudiation
The service provider could not deny that s/he sent packets to receivers, because of the
digital signature of a set of packets. If there is a dispute between a service provider
and receivers after transmission, the non-repudiation service could provide legal evi-
dence of packets sent.
5.5 Computation Overhead
Computation overhead can be divided into two aspects, sender side (service provider)
and receiver side (subscriber). A sender needs O(nlogn) hash operations to generate
Merkel tree, and does not need additional signing process of root. We utilize this
scheme to sign ECM and a root of MT, because current CAS does sign ECM. Gener-
ally, the service provider’s server is a powerful machine to multiplex and scramble the
data stream. Thus, our focus is to reduce computation overhead and authentication
latency at the receiver side. Conversely, a receiver first verifies signature of ECM that
contains root of MT and verifies source of a packet via O(logn) hash operations to
compare the computed root with the authenticated root.
5.6 Communication Overhead
The number of siblings transmitted with TS is O(logn). Variable n is determined by
the ECM transmission period and bit-rate of multimedia stream. It is possible to utilize
of a portion of the hash output to reduce communication overhead of the proposed
protocol. The security strength of hash output relies on the hash output size, to reduce
hash output size, could be vulnerable to a brute force attack. Thus, the service provid-
er has to decide hash output size according to the situation. An adversary can forge TS
by finding an equivalent hash output with an authentic one after receiving TS prior to
transmitting the authentic TS to subscribers. We have to choose a proper hash output
size which makes it impossible for an adversary to find the equivalent hash output, to
prevent this kind of attack. That is, the service provider should make it impossible for
an adversary to find an equivalent hash output within 1/2 of maximum RTT (Round-
Trip Time) of IPTV service. Table 3 shows the average time to find the equivalent
hash output according to the hash output size. The relationship of hash output size and
security strength is a trade-off. A system administrator should adjust an appropriate
hash output size according to data stream importance.
6 Conclusion
We proposed source authentication protocols for IP-TV system. Until now, to the best
of our knowledge, there has not been a source authentication protocol for IPTV, Up to
now, most proposed IPTV protocols are not for the subscribers but are to protect
profits for the service provider and content providers. We propose a scheme to
achieve subscriber rights to enjoy an authentic content via source authentication of the
transmitted stream and to offer legal evidence for any subsequent disputes between the
service provider and subscribers. Our proposed protocol is very efficient to both the
service provider and receivers, especially on the receiver side, which provides low
authentication latency suitable for live streaming service, because there is no addition-
Table 3 Number of hash operation and average time to find eqivalence
Operation Hash output (8bit) Hash output(16bit) Hash output (32bit)
Number of Operation 256 65536 4294967296
Time (s) 0.00067 0.17391 3.16595
al signing and verification process. It also offers QoS for the content, due to packet
loss tolerance and prevents the subscribers from suffering DoS attack.
Despite of these advantages, our protocol has a drawback. As we mentioned in Sec-
tion 5, the communication overhead of our protocol is slightly higher because of the
set of siblings transmitted with packets. Because the relationship between the hash
output size and the security strength of hash function is trade-off, the service provider
has to choose an adequate hash output size according to their situation and content
importance.
References
1. Won. Young J. et al., “End-user IPTV traffic measurement of residential of broadband
access networks,” Proc. of IEEE NOMS Workshops 2008, Apr. 2008, pp. 95-100
2. T. Yoshimura, “Conditional access system for digital broadcasting in Japan,” Proc. of IEEE,
Jan. 2006, pp. 318-322
3. B. Lu et al., “A scalable key distribution for conditional access system in digital pay-tv sys-
tem,” IEEE Trans. On Consumer Electronics, May. 2004, pp. 632-637
4. R. C. Merkle, “A digital signature based on a conventional encryption function,” Advances
in Cryptography, CRYPTO’87, 1987, pp.369-378
5. J. M. Park et al., “Efficient multicast packet authentication using signature amortization,”
Proc. IEEE Symp. Security and Privacy, May 2002, pp. 227-240
6. A. Perrig et al., “Efficient authentication and signing of multicast streams over lossy chan-
nels,” Proc. IEEE Symp. Security and Privacy, May 2000, pp. 56-73
7. A. Perrig et al., “Efficient and secure source authentication for multicast,” Net. and Distrib.
Sys. Sec. Symp., Feb. 2001, pp. 35-46
8. ITU-T, “Security architecture for systems providing end-to-end communications,” ITU-T
Rec. X.805, 2003
9. XySSL Project, http://www.xyssl.org
10. Neal Seitz, “ITU-T QoS Standards for IP-Based Networks,” IEEE Communications Maga-
zine, Jun. 2003, pp. 82-89