ImageVerifierCode 换一换
格式:PDF , 页数:56 ,大小:575.76KB ,
资源ID:735784      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-735784.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 102 287-2004 Satellite Earth Stations and Systems (SES) Broadband Satellite Multimedia (BSM) IP Interworking over satellite Security aspects (V1 1 1)《卫星地面站和系统(SES) 宽带卫星多媒体(_1.pdf)为本站会员(roleaisle130)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 102 287-2004 Satellite Earth Stations and Systems (SES) Broadband Satellite Multimedia (BSM) IP Interworking over satellite Security aspects (V1 1 1)《卫星地面站和系统(SES) 宽带卫星多媒体(_1.pdf

1、 ETSI TR 102 287 V1.1.1 (2004-05)Technical Report Satellite Earth Stations and Systems (SES);Broadband Satellite Multimedia (BSM);IP Interworking over satellite;Security aspectsETSI ETSI TR 102 287 V1.1.1 (2004-05) 2 Reference DTR/SES-00082 Keywords broadband, interworking, IP, multimedia, satellite

2、, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present doc

3、ument can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of disp

4、ute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other E

5、TSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to

6、 reproduction in all media. European Telecommunications Standards Institute 2004. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of i

7、ts Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 3 Contents Intellectual Property Rights5 Foreword.5 Introduction 5 1 Scope 6 2 References 6 3 Definitions, symbols and abbreviations .8

8、3.1 Definitions8 3.2 Symbols9 3.3 Abbreviations .9 4 Overview 11 5 Introduction to BSM security.12 5.1 Relation between satellite link characteristics and security13 5.2 BSM system architecture14 6 BSM security threats and countermeasures15 6.1 Network threats 16 6.2 Software threats16 6.3 Hardware

9、implementation threats.17 6.4 Human (user) threats 17 6.5 Security services definition 18 7 Security layering in the BSM protocol stack19 7.1 Link level security19 7.1.1 ATM security20 7.1.2 DVB-S Conditional Access 20 7.1.3 DVB-RCS security .23 7.2 Network layer security .24 7.2.1 Internet Security

10、 (IPSec).24 7.3 Transport layer security25 7.3.1 Transport Layer Security (TLS)26 7.3.2 Secure Real Time Transport Protocol (SRTP)26 7.4 Application layer security 27 7.4.1 Security for eXtensible Markup Language (XML).27 7.4.2 Digital Rights Management (DRM) .28 7.4.2.1 Open Mobile Alliance (OMA) D

11、RM 28 7.4.3 Secure Shell (SSH) .29 7.4.4 Pretty Good Privacy (PGP).29 7.4.5 Tailor made security for satellite applications 30 7.5 End-to-end and satellite network security 31 7.6 Security services in BSM protocol layers.31 8 Security management survey32 8.1 DVB-S Conditional Access Key Management.3

12、2 8.2 DVB-RCS Key Exchange Protocols 32 8.3 IPSec management .33 8.4 IP multicast security .34 8.4.1 Scalable key distribution architecture.35 8.4.2 Multicast key management protocols .37 8.4.2.1 Group Secure Association Key Management Protocol (GSAKMP).37 8.4.2.2 Multimedia Internet KEYing (MIKEY)3

13、9 8.4.2.3 Group Domain of Interpretation (GDOI) 40 8.4.2.4 Flat Multicast Key Exchange (FMKE) .42 ETSI ETSI TR 102 287 V1.1.1 (2004-05) 4 8.5 Access control 44 8.5.1 Firewalls .44 8.5.2 Capacity protection in a regenerative satellite system 45 8.5.2.1 Problems, risks and threats46 8.5.2.2 Dependency

14、 on other security mechanisms 46 8.5.3 Capacity protection protocol issues 47 8.5.3.1 Packet authentication 47 8.5.3.2 Bandwidth requests .48 8.5.3.3 Bandwidth assignment 48 8.5.4 The RSM-A solution.48 8.6 Key management options for BSM systems.49 9 Recommended Specifications to be produced by ETSI

15、.50 9.1 Discussion 50 9.2 BSM Security Manager (BSM-SM).51 9.3 Recommended security TSs .51 History 56 ETSI ETSI TR 102 287 V1.1.1 (2004-05) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to th

16、ese essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Lates

17、t updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates

18、on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Satellite Earth Stations and Systems (SES). Introduction The present document establishes a framework for specifying secur

19、ity requirements for Broadband Satellite Multimedia (BSM) Networks based on the Internet Protocol (IP) suite of protocols and standards developed in ETSI and other bodies. It investigates how security standards can be adapted, translated or made transparent to satellite transmission protocols and eq

20、uipment. It identifies new specifications to improve the security of BSM systems in transporting Internet and multimedia traffic. The present document presents a threat analysis for the BSM system and defines the security services against these threats at various layers of the BSM protocol stack. In

21、 addition, it also investigates the security management architecture with focus on IP Security (IPSec) key management for unicast and multicast traffic. As such, it will enable satellite and Internet service providers to establish secure and trusted connectivity for IP traffic. The recommended ETSI

22、specifications will ensure end-to-end security and in turn wide acceptance of BSM in the Internet community. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 6 1 Scope The present document reviews the threats and applicable security services that are relevant to BSM systems and leads to recommendations for new

23、 technical specifications in this area. The present document only considers geostationary satellites and fixed terminals. 2 References For the purposes of this Technical Report the following references apply: 1 D McGovern BT Broadcast and Satellite Communications: “Pushing the internet direct to the

24、 user - Security issues“, IEE publication 2003. 2 ETSI TR 101 984: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia; Services and Architectures“. 3 ETSI TR 101 985: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia; IP over Satellite“. 4 ETSI TS 1

25、02 292: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia (BSM) services and architectures; Functional architecture for IP interworking with BSM networks“. 5 ATM Forum Technical Committee af-sec-0100.002 (March 2001): “ATM Security Specification Version 1.1“. 6 ETSI TS 103

26、197: “Digital Video Broadcasting (DVB); Head-end implementation of DVB SimulCrypt“. 7 ETSI EN 301 192: “Digital Video Broadcasting (DVB); DVB specification for data broadcasting“. 8 ETSI EN 301 790: “Digital Video Broadcasting (DVB); Interaction channel for satellite distribution systems“. 9 Open Mo

27、bile Alliance OMA-Download-DRM-v1-0-20020905-C: “Digital Rights Management Version 1.0“ Version 05-September-2002, http:/www.openmobilealliance.org/tech/docs/index.htm#DRM. 10 ETSI TS 102 293: “Satellite Earth Stations and Systems (SES); Broadband Satellite Multimedia (BSM) services and architecture

28、s; IP Interworking over satellite; Multicast group management; IGMP adaptation“. 11 ETSI TS 102 189-3: “Satellite Earth Stations and Systems (SES); Regenerative Satellite Mesh - A (RSM-A) air interface; MAC/SLC layer specification; Part 3: SLC layer“. 12 ETSI. DTS/SES-00081: “Satellite Earth Station

29、s and Systems (SES); BSM Air Interface Specification; Common Air interface specification; Satellite Independent Service Access Point SI-SAP“. 13 BRAHMS IST project publications on satellite security: http:/. 14 GEOCAST IST project publications on satellite security: http:/www.geocast- 15 SATIP6 IST

30、project publications on satellite security: http:/. 16 ESA Contract 16996/02/NL/US (Octalis 2003): “Next Generation Conditional Access Systems for Satellite Broadcasting“. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 7 17 H. Cruickshank, S. Iyengar, M Howarth, Z. Sun, F. Zeppenfeldt and G. Kenny: “Secure I

31、P multicast over satellites“. ETSI Broadband Satellite Multimedia (BSM)“ working group Meeting 13 ETSI; Sophia Antipolis; France February 2003. 18 Z. Sun, M.P. Howarth, H. Cruickshank, S. Iyengar and L. Claverotte: “Networking Issues in IP Multicast over Satellite“ International Journal for Satellit

32、e Communications, Special Issue on QoS for Satellite IP Paper number: 2002-Q08, 2003. 19 IETF RFC 3547: “The Group Domain of Interpretation“. 20 H. Cruickshank, S. Iyengar and M. P. Howarth and Z. Sun: “Key management and multi-layer IPSec for in satellite multicast“ Joint COST 272-280 Workshop, Eur

33、opean Space Agency (ESA), Holland, June 2003. 21 Z. Sun, and H Cruickshank, S. Iyengar and M. P. Howarth: “IP multicast over satellite“ proceedings of the 21st AIAA International Communication Satellite Systems Conference and Exhibit, April 2003. 22 S. Josset, L. Duquerroy, M. nen, M. Annoni, G. Boi

34、ero, N. Salis: “Satellite IP SEc: An optimized way of securing multicast wireless communications“, Information Security Solutions Europe - ISSE 2002, Disneyland Paris, 2-4 October 2002. 23 Z. Sun, H. Cruickshank, S. Iyengar and M. Howarth: “IP Multicast over Satellites - Technology Challenges“, proc

35、eedings of the 20th AIAA International Communication Satellite Systems Conference and Exhibit, Montreal, Canada, 12-15 May 2002. 24 IETF draft-ietf-msec-ipsec-multicast-issues-01.txt: “IP Multicast issues with IPSec“. 25 U. Reimers: “Video Broadcasting. The International Standard for Digital Televis

36、ion“ published by Springer, ISBN 3-540-60946-6. 2001. 26 S. Iyengar, H. Cruickshank and Z. Sun: “Security issues in IP Multicast over GEO Satellites“, AIAA 19th conference in Toulouse, April 2001. 27 S. Setia.: “Kronos: A Scalable Group Re-Keying Approach For Secure Multicast“, Proceedings IEEE Symp

37、. on Research in Security and Privacy 2000, pp.215-228. 28 H. Cruickshank, Z. Sun, S, Iyengar: “Secure IP multicast over GEO satellites“, IEE Colloquium on Broadband Satellite: the Critical Success Factors Technology, Services Support for use of scrambling and Conditional Access (CA) within digital

38、broadcasting systems“. 38 B. Schneier: “Applied cryptography“. ETSI ETSI TR 102 287 V1.1.1 (2004-05) 8 39 M. Howarth, S. Iyengar, Z. Sun and H. Cruickshank: “Dynamics of key management in satellite multicast“. Accepted for publication in the IEEE JSAC special issue on Broadband IP Networks via Satel

39、lites, which will be published in the first quarter of 2004. 40 IETF draft-ietf-msec-mikey-05.txt: “MIKEY: Multimedia Internet KEYing“. 41 IETF draft-duquer-fmke-00: “The Flat Multicast Key Exchange protocol“, L. Duquerroy, S. Josset. 42 IETF draft-irtf-gsec-lifecycle-00.txt: “Life cycle key managem

40、ent costs in secure multicast“. 43 IETF draft-ietf-msec-gsakmp-sec-03.txt: “Group Secure Association Key Management Protocol (GSAKMP)“. 44 ITU-T Recommendation X.509: “Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks“. 45 IETF RFC

41、 2246: “The TLS Protocol Version 1.0“. 46 IETF RFC 3135: “Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations“. 47 IETF RFC 822: “Standard for the format of ARPA Internet text messages“. 48 IETF RFC 2015: “MIME Security with Pretty Good Privacy (PGP)“. 49 IETF RFC 2407: “The

42、 Internet IP Security Domain of Interpretation for ISAKMP“. 50 IETF draft-duquer-fmke-00.txt: “The Flat Multicast Key Exchange protocol“. 51 draft-ietf-msec-gsakmp-sec-04.txt: “GSAKMP“. 3 Definitions, symbols and abbreviations 3.1 Definitions For the purposes of the present document, the following t

43、erms and definitions apply: authentication: communicating parties are assured of each others identity authorization: checking that an authentic user is authorized to perform specific tasks cipher key: value that is used to determine the transformation of plain text to cipher text in a cryptographic

44、algorithm cipher text: data produced through the use of encipherment confidentiality: only trusted users can access the content of the data decipherment: reversible encipherment hash/message digest: mathematical formula that converts a message of any length into a unique fixed-length string of digit

45、s (typically 160 bits) known as “message digest“ that represents the original message NOTE: A hash is a one-way function - that is, it is infeasible to reverse the process to determine the original message. Also, a hash function will not produce the same message digest from two different inputs. dig

46、ital signature: electronic signature that can be used to authenticate the identity of the sender of a message, or of the signer of a document NOTE: It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. ETSI ETSI TR 102 287 V1.1.1 (200

47、4-05) 9 digital certificates: electronic document that establishes your credentials when doing business or other transactions on the web NOTE: They are issued by a certificate authority and contain a users name, expiration dates, a copy of the certificate holders public key, and the digital signatur

48、e of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard such as ITU-T Recommendation X.509 44. encipherment: cryptographic transformation of data to produce cipher text integrity: prevention of unauthorized m

49、odification of information using secret key message authentication code or public key digital signature non-repudiation: a user cannot deny the fact that it has accessed a service or data plain text: unencrypted source data 3.2 Symbols For the purposes of the present document, the following symbols apply: Concatenation C/N Carrier to Noise ratio 3.3 Abbreviations For the purposes of the present document, the following abbrevia

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1