ETSI TR 102 287-2004 Satellite Earth Stations and Systems (SES) Broadband Satellite Multimedia (BSM) IP Interworking over satellite Security aspects (V1 1 1)《卫星地面站和系统(SES) 宽带卫星多媒体(.pdf

1、 ETSI TR 102 287 V1.1.1 (2004-05)Technical Report Satellite Earth Stations and Systems (SES);Broadband Satellite Multimedia (BSM);IP Interworking over satellite;Security aspectsETSI ETSI TR 102 287 V1.1.1 (2004-05) 2 Reference DTR/SES-00082 Keywords broadband, interworking, IP, multimedia, satellite

2、, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present doc

3、ument can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of disp

4、ute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other E

5、TSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to

6、 reproduction in all media. European Telecommunications Standards Institute 2004. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of i

7、ts Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 3 Contents Intellectual Property Rights5 Foreword.5 Introduction 5 1 Scope 6 2 References 6 3 Definitions, symbols and abbreviations .8

8、3.1 Definitions8 3.2 Symbols9 3.3 Abbreviations .9 4 Overview 11 5 Introduction to BSM security.12 5.1 Relation between satellite link characteristics and security13 5.2 BSM system architecture14 6 BSM security threats and countermeasures15 6.1 Network threats 16 6.2 Software threats16 6.3 Hardware

9、implementation threats.17 6.4 Human (user) threats 17 6.5 Security services definition 18 7 Security layering in the BSM protocol stack19 7.1 Link level security19 7.1.1 ATM security20 7.1.2 DVB-S Conditional Access 20 7.1.3 DVB-RCS security .23 7.2 Network layer security .24 7.2.1 Internet Security

10、 (IPSec).24 7.3 Transport layer security25 7.3.1 Transport Layer Security (TLS)26 7.3.2 Secure Real Time Transport Protocol (SRTP)26 7.4 Application layer security 27 7.4.1 Security for eXtensible Markup Language (XML).27 7.4.2 Digital Rights Management (DRM) .28 7.4.2.1 Open Mobile Alliance (OMA) D

11、RM 28 7.4.3 Secure Shell (SSH) .29 7.4.4 Pretty Good Privacy (PGP).29 7.4.5 Tailor made security for satellite applications 30 7.5 End-to-end and satellite network security 31 7.6 Security services in BSM protocol layers.31 8 Security management survey32 8.1 DVB-S Conditional Access Key Management.3

12、2 8.2 DVB-RCS Key Exchange Protocols 32 8.3 IPSec management .33 8.4 IP multicast security .34 8.4.1 Scalable key distribution architecture.35 8.4.2 Multicast key management protocols .37 8.4.2.1 Group Secure Association Key Management Protocol (GSAKMP).37 8.4.2.2 Multimedia Internet KEYing (MIKEY)3

13、9 8.4.2.3 Group Domain of Interpretation (GDOI) 40 8.4.2.4 Flat Multicast Key Exchange (FMKE) .42 ETSI ETSI TR 102 287 V1.1.1 (2004-05) 4 8.5 Access control 44 8.5.1 Firewalls .44 8.5.2 Capacity protection in a regenerative satellite system 45 8.5.2.1 Problems, risks and threats46 8.5.2.2 Dependency

14、 on other security mechanisms 46 8.5.3 Capacity protection protocol issues 47 8.5.3.1 Packet authentication 47 8.5.3.2 Bandwidth requests .48 8.5.3.3 Bandwidth assignment 48 8.5.4 The RSM-A solution.48 8.6 Key management options for BSM systems.49 9 Recommended Specifications to be produced by ETSI

15、.50 9.1 Discussion 50 9.2 BSM Security Manager (BSM-SM).51 9.3 Recommended security TSs .51 History 56 ETSI ETSI TR 102 287 V1.1.1 (2004-05) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to th

16、ese essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Lates

17、t updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates

18、on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Satellite Earth Stations and Systems (SES). Introduction The present document establishes a framework for specifying secur

19、ity requirements for Broadband Satellite Multimedia (BSM) Networks based on the Internet Protocol (IP) suite of protocols and standards developed in ETSI and other bodies. It investigates how security standards can be adapted, translated or made transparent to satellite transmission protocols and eq

20、uipment. It identifies new specifications to improve the security of BSM systems in transporting Internet and multimedia traffic. The present document presents a threat analysis for the BSM system and defines the security services against these threats at various layers of the BSM protocol stack. In

21、 addition, it also investigates the security management architecture with focus on IP Security (IPSec) key management for unicast and multicast traffic. As such, it will enable satellite and Internet service providers to establish secure and trusted connectivity for IP traffic. The recommended ETSI

22、specifications will ensure end-to-end security and in turn wide acceptance of BSM in the Internet community. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 6 1 Scope The present document reviews the threats and applicable security services that are relevant to BSM systems and leads to recommendations for new

23、 technical specifications in this area. The present document only considers geostationary satellites and fixed terminals. 2 References For the purposes of this Technical Report the following references apply: 1 D McGovern BT Broadcast and Satellite Communications: “Pushing the internet direct to the

24、 user - Security issues“, IEE publication 2003. 2 ETSI TR 101 984: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia; Services and Architectures“. 3 ETSI TR 101 985: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia; IP over Satellite“. 4 ETSI TS 1

25、02 292: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia (BSM) services and architectures; Functional architecture for IP interworking with BSM networks“. 5 ATM Forum Technical Committee af-sec-0100.002 (March 2001): “ATM Security Specification Version 1.1“. 6 ETSI TS 103

26、197: “Digital Video Broadcasting (DVB); Head-end implementation of DVB SimulCrypt“. 7 ETSI EN 301 192: “Digital Video Broadcasting (DVB); DVB specification for data broadcasting“. 8 ETSI EN 301 790: “Digital Video Broadcasting (DVB); Interaction channel for satellite distribution systems“. 9 Open Mo

27、bile Alliance OMA-Download-DRM-v1-0-20020905-C: “Digital Rights Management Version 1.0“ Version 05-September-2002, http:/www.openmobilealliance.org/tech/docs/index.htm#DRM. 10 ETSI TS 102 293: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia (BSM) services and architecture

28、s; IP Interworking over satellite; Multicast group management; IGMP adaptation“. 11 ETSI TS 102 189-3: “Satellite Earth Stations and Systems (SES); Regenerative Satellite Mesh - A (RSM-A) air interface; MAC/SLC layer specification; Part 3: SLC layer“. 12 ETSI. DTS/SES-00081: “Satellite Earth Station

29、s and Systems (SES); BSM Air Interface Specification; Common Air interface specification; Satellite Independent Service Access Point SI-SAP“. 13 BRAHMS IST project publications on satellite security: http:/. 14 GEOCAST IST project publications on satellite security: http:/www.geocast- 15 SATIP6 IST

30、project publications on satellite security: http:/. 16 ESA Contract 16996/02/NL/US (Octalis 2003): “Next Generation Conditional Access Systems for Satellite Broadcasting“. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 7 17 H. Cruickshank, S. Iyengar, M Howarth, Z. Sun, F. Zeppenfeldt and G. Kenny: “Secure I

31、P multicast over satellites“. ETSI Broadband Satellite Multimedia (BSM)“ working group Meeting 13 ETSI; Sophia Antipolis; France February 2003. 18 Z. Sun, M.P. Howarth, H. Cruickshank, S. Iyengar and L. Claverotte: “Networking Issues in IP Multicast over Satellite“ International Journal for Satellit

32、e Communications, Special Issue on QoS for Satellite IP Paper number: 2002-Q08, 2003. 19 IETF RFC 3547: “The Group Domain of Interpretation“. 20 H. Cruickshank, S. Iyengar and M. P. Howarth and Z. Sun: “Key management and multi-layer IPSec for in satellite multicast“ Joint COST 272-280 Workshop, Eur

33、opean Space Agency (ESA), Holland, June 2003. 21 Z. Sun, and H Cruickshank, S. Iyengar and M. P. Howarth: “IP multicast over satellite“ proceedings of the 21st AIAA International Communication Satellite Systems Conference and Exhibit, April 2003. 22 S. Josset, L. Duquerroy, M. nen, M. Annoni, G. Boi

34、ero, N. Salis: “Satellite IP SEc: An optimized way of securing multicast wireless communications“, Information Security Solutions Europe - ISSE 2002, Disneyland Paris, 2-4 October 2002. 23 Z. Sun, H. Cruickshank, S. Iyengar and M. Howarth: “IP Multicast over Satellites - Technology Challenges“, proc

35、eedings of the 20th AIAA International Communication Satellite Systems Conference and Exhibit, Montreal, Canada, 12-15 May 2002. 24 IETF draft-ietf-msec-ipsec-multicast-issues-01.txt: “IP Multicast issues with IPSec“. 25 U. Reimers: “Video Broadcasting. The International Standard for Digital Televis

36、ion“ published by Springer, ISBN 3-540-60946-6. 2001. 26 S. Iyengar, H. Cruickshank and Z. Sun: “Security issues in IP Multicast over GEO Satellites“, AIAA 19th conference in Toulouse, April 2001. 27 S. Setia.: “Kronos: A Scalable Group Re-Keying Approach For Secure Multicast“, Proceedings IEEE Symp

37、. on Research in Security and Privacy 2000, pp.215-228. 28 H. Cruickshank, Z. Sun, S, Iyengar: “Secure IP multicast over GEO satellites“, IEE Colloquium on Broadband Satellite: the Critical Success Factors Technology, Services Support for use of scrambling and Conditional Access (CA) within digital

38、broadcasting systems“. 38 B. Schneier: “Applied cryptography“. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 8 39 M. Howarth, S. Iyengar, Z. Sun and H. Cruickshank: “Dynamics of key management in satellite multicast“. Accepted for publication in the IEEE JSAC special issue on Broadband IP Networks via Satel

39、lites, which will be published in the first quarter of 2004. 40 IETF draft-ietf-msec-mikey-05.txt: “MIKEY: Multimedia Internet KEYing“. 41 IETF draft-duquer-fmke-00: “The Flat Multicast Key Exchange protocol“, L. Duquerroy, S. Josset. 42 IETF draft-irtf-gsec-lifecycle-00.txt: “Life cycle key managem

40、ent costs in secure multicast“. 43 IETF draft-ietf-msec-gsakmp-sec-03.txt: “Group Secure Association Key Management Protocol (GSAKMP)“. 44 ITU-T Recommendation X.509: “Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks“. 45 IETF RFC

41、 2246: “The TLS Protocol Version 1.0“. 46 IETF RFC 3135: “Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations“. 47 IETF RFC 822: “Standard for the format of ARPA Internet text messages“. 48 IETF RFC 2015: “MIME Security with Pretty Good Privacy (PGP)“. 49 IETF RFC 2407: “The

42、 Internet IP Security Domain of Interpretation for ISAKMP“. 50 IETF draft-duquer-fmke-00.txt: “The Flat Multicast Key Exchange protocol“. 51 draft-ietf-msec-gsakmp-sec-04.txt: “GSAKMP“. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the following t

43、erms and definitions apply: authentication: communicating parties are assured of each others identity authorization: checking that an authentic user is authorized to perform specific tasks cipher key: value that is used to determine the transformation of plain text to cipher text in a cryptographic

44、algorithm cipher text: data produced through the use of encipherment confidentiality: only trusted users can access the content of the data decipherment: reversible encipherment hash/message digest: mathematical formula that converts a message of any length into a unique fixed-length string of digit

45、s (typically 160 bits) known as “message digest“ that represents the original message NOTE: A hash is a one-way function - that is, it is infeasible to reverse the process to determine the original message. Also, a hash function will not produce the same message digest from two different inputs. dig

46、ital signature: electronic signature that can be used to authenticate the identity of the sender of a message, or of the signer of a document NOTE: It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. ETSI ETSI TR 102 287 V1.1.1 (200

47、4-05) 9 digital certificates: electronic document that establishes your credentials when doing business or other transactions on the web NOTE: They are issued by a certificate authority and contain a users name, expiration dates, a copy of the certificate holders public key, and the digital signatur

48、e of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard such as ITU-T Recommendation X.509 44. encipherment: cryptographic transformation of data to produce cipher text integrity: prevention of unauthorized m

49、odification of information using secret key message authentication code or public key digital signature non-repudiation: a user cannot deny the fact that it has accessed a service or data plain text: unencrypted source data 3.2 Symbols For the purposes of the present document, the following symbols apply: Concatenation C/N Carrier to Noise ratio 3.3 Abbreviations For the purposes of the present document, the following abbrevia