1、 TIA STANDARD Satellite Network Modem System (SNMS) Encryption RequirementsTIA-1073.002 July 2006 TELECOMMUNICATIONS INDUSTRY ASSOCIATION Representing the telecommunications industry in association with the Electronic Industries Alliance NOTICE TIA Engineering Standards and Publications are designed
2、 to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence
3、 of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA membe
4、rs, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties ad
5、opting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applica
6、bility of regulatory limitations before its use. (From Project No. 3-0209, formulated under the cognizance of the TIA, TR-34.1 Subcommittee on Communications and Interoperability ). Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION Standards and Technology Department 2500 Wilson Boulevard Arlingt
7、on, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call Global Engineering Documents, USA and Canada (1-800-854-7179) International (303-397-7956) or search online at http:/www.tiaonline.org/standards/ca
8、talog/ All rights reserved Printed in U.S.A. NOTICE OF COPYRIGHT This document is copyrighted by the TIA. Reproduction of these documents either in hard copy or soft copy (including posting on the web) is prohibited without copyright permission. For copyright permission to reproduce portions of this
9、 document, please contact TIA Standards Department or go to the TIA website (www.tiaonline.org) for details on how to request permission. Details are located at: http:/www.tiaonline.org/standards/catalog/info.cfm#copyright OR Telecommunications Industry Association Standards (b) there is no assuranc
10、e that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellect
11、ual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder
12、thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instea
13、d left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its
14、contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference
15、 consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy
16、 of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a cla
17、im of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document.
18、ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGH
19、TS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED T
20、O IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DA
21、MAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A
22、 FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. iPublication Information Revision Number Date Released Comments 000 October 21, 2004 Initial 1.0 January 13, 2005 Completely rewritten. 2.0 January 21, 2005 Incorporate
23、Comments from TIA group 3.0 February 4, 2005 Incorporate Comments from TIA group 4.0 April 8, 2005 Incorporate Comments from TIA group including Barry Sweeney and James Cottrell. Security requirements created as a separate document with number TIA/EIA-xxx-002. 4.1 April 22, 2005 Incorporate review c
24、omments by James Cottrell and Stephen J Hryckiewicz at Mitre 4.2 May 2, 2005 Incorporate review comments by James Cottrell 4.3 May 9, 2005 Incorporate review comments by James Cottrell 4.4 June 2, 2005 Incorporate review comments by James Cottrell/Mitre, Steve Hryckiewicz/Mitre, Naresh Jain/Comtech,
25、 Girish Chandran/Newtec, and Moorthy Hariharan/ViaSat 4.5 July 7, 2005 Incorporate review comments by James Cottrell/Mitre 4.6 July 17, 2005 Incorporate review comments by James Cottrell/Mitre 4.7 August 8, 2005 Incorporate review comments by Paul Heywood and James Cottrell and Army 4.8 September 23
26、, 2005 Incorporate review comments by James Cottrell, Steve Hryckiewicz and made editorial changes 4.81 May 18, 2006 Publication edits iiTable of Contents Table of Figures. iii 1 Scope. 1 2 References. 2 3 Definitions, symbols and abbreviations 3 3.1 Definitions. 3 3.2 Symbols. 3 3.3 Acronyms 3 4 Re
27、ference models for satellite interactive networks in DVB . 6 4.1 Hub-Spoke Topology 6 4.2 Mesh Topology . 7 5 Forward Link (not used) . 8 6 Return link base-band physical layer specification and multiple access definition (not used) 8 7 Synchronization procedures (not used). 8 8 Control and manageme
28、nt (not used). 8 9 Security, identification, encryption 8 9.1 General Requirements. 8 9.2 TDM Forward link 10 9.3 TDMA Return and Mesh Links 13 9.4 Security . 14 9.4.1 Cryptographic primitives 18 9.4.1.1 Public key exchange . 18 9.4.1.2 Hashing . 19 9.4.1.3 Encryption. 20 9.4.1.4 Pseudo-random numbe
29、rs. 20 9.4.2 Main Key Exchange (MKE) . 22 9.4.3 Quick Key Exchange (QKE) 24 9.4.4 Explicit Key Exchange (EKE) 24 9.4.5 Key derivation. 25 9.4.6 Security establishment 25 9.4.7 Persistent state variables . 25 9.4.8 Guaranteed delivery 26 9.4.9 Security messages 26 9.4.9.1 Main Key Exchange 26 9.4.9.2
30、 Main Key Exchange Response . 28 9.4.9.3 Quick Key Exchange 28 9.4.9.4 Quick Key Exchange Response 29 9.4.9.5 Explicit Key Exchange 30 9.4.9.6 Explicit Key Exchange Response . 31 9.4.9.7 Wait. 32 9.4.9.8 Key Change. 32 9.4.9.9 Superframe Composition Table (SCT) . 33 iiiTable of Figures Figure 1: SNM
31、S Standard Document Tree. 2 Figure 2: High Level Diagram of DVB-RCS Hub-Spoke 7 Figure 3: High Level Diagram of DVB-RCS Mesh Network 8 Figure 4: Information Assurance Architecture . 9 Figure 5: Encapsulation structure using DVB-S2 with encryption of MPE or ULE payload 11 Figure 6: Return and Forward
32、 Link Nonce for CTR Mode 27 11 Scope TIA/EIA-1073 is a multi-part standard that when taken in total, defines the requirements for a Satellite Network Modem System using Time Division Multiplexing (TDM) and Multi-Frequency Time Division Multiple Access (MF-TDMA) signaling. The Satellite Network Modem
33、 System (SNMS) standard defines the technical requirements for meeting the functional capabilities described in TIA/EIA-157 1. The SNMS standard defines the requirements for Hub-Spoke as well as Mesh satellite network topologies operating over transponded/transparent satellite systems. The collectio
34、n of parts making up TIA/EIA-1073 is depicted below in Figure 1. The present document, SNMS Encryption Requirements (TIA/EIA-1073-002), provides the general requirements necessary to achieve security for hub-spoke and mesh network topologies. The general requirements that shall be met by the SNMS re
35、ference publications were developed by ETSI (European Telecommunications Standards Institute). These referenced publications are freely available at http:/www.etsi.org. The SNMS shall fully meet the DVB-S2 and DVB-RCS requirements in ETSI EN 301 790 and ETSI EN 302 307 2, 3 unless otherwise specifie
36、d by this document. In addition, the encryption requirements specify modifications to, additions to, and/or deletions to the specifications in 2, 3, and other requirements necessary to provide the capabilities described in TIA/EIA-157. These modifications use the same paragraph number system as in t
37、he reference documents. 2SNMS Network Layer Protocols(TIA/EIA-1073-001)DVB-RCS GuidelinesETSI TR 101 790 Satellite Network Modem System (SNMS) General Requirements(TIA/EIA-1073-000)DVB-RCSETSI EN 301 790 DVB-S2ETSI EN 302 307 SNMS Encryption Requirements(TIA/EIA-1073-002)IP Modem FCD(TIA/EIA-157)C2P
38、 Annex JUnder development in TIA 34.1.7SNMS Mesh Control Protocol SMCPFigure 1: SNMS Standard Document Tree 2 References The following references have been used in this document: 1. IP Modem Functional Capabilities Description (FCD), TIA/EIA-157 2. Digital Video Broadcasting (DVB); Interaction Chann
39、el for Satellite Distribution Systems; ETSI EN 301 790 v1.4.1 (2003-03). 3. Digital Video Broadcasting (DVB); Second generation framing structure, channel coding and modulation systems for Broadcasting, Interactive Services, News Gathering and other broadband satellite applications, ETSI EN 302 307
40、v1.1.1 (2004-06). 4. Digital Video Broadcasting (DVB); Interaction channel for Satellite Distribution Systems; Guidelines for the use of EN 301 790; ETSI TR 101 790, V1.2.1 (2005-03). 5. National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) number 197,
41、2001, “the Advanced Encryption Standard (AES).” 36. National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) number 198, March 6, 2002, “The Keyed-Hash Message Authentication Code (HMAC) 7. National Institute of Standards and Technology (NIST) Federal Info
42、rmation Processing Standard (FIPS) number 180-1, 1995, “the Secure Hashing Algoritthm (SHA)-1.” 8. National Institute of Standards and Technology (NIST) Federal Information Processing Standard (FIPS) number 140-2, December 2002, “Security Requirements for Cryptographic Modules.” 9. CNNS Instruction
43、No. 4009, National Information Assurance (IA) Glossary, May 2003. 3 Definitions, symbols and abbreviations 3.1 Definitions For purposes of the present document, the following term and definition applies: Nonce: a nonce is a locally generated pseudorandom random number. 3.2 Symbols 3.3 Acronyms The f
44、ollowing acronyms have been used in this document: Acronym Description AAL ATM Adaptation Layer ACM Adaptive Coding and Modulation ARP Address Resolution Protocol ATM Asynchronous Transfer Mode AVBDC Absolute Volume Based Dynamic Capacity BER Bit Error Rate BUC Block Up-Converter CCM Constant Coding
45、 and Modulation CMT Correction Message Table COS Class of Service 4CRA Continuous Rate Assignment CRSC Circular Recursive Systematic Convolutional CSC Common Signaling Channel (Burst) CTR Counter Mode for Block Cipher DAMA Demand Assignment Multiple Access DHCP Dynamic Host Configuration Protocol Di
46、ffServ Differentiated Services for IP QoS DNS Domain Name Service DSM-CC Digital Storage Medium Command and Control DVBDigital Video Broadcast DVB-S Digital Video Broadcast via Satellite DVB-ASI Digital Video Broadcast-Asynchronous Serial Interface DVB-MPE DVB Multi-Protocol Encapsulation DVB-RCS DV
47、B-Return Channel via Satellite EKE Explicit Key Exchange FCA Free Capacity Assignment FCT Frame Composition Table FEC Forward Error Correction FTP File Transfer Protocol GPS Global Positioning System ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol IP Internet Protocol
48、LNB Low Noise Block Down Converter LSB Least Significant Bit MAC Address Media Access Control Address MF-TDMA Multi-Frequency Time Division Multiple Access MKE Main Key Exchange MPE Multi-Protocol Encapsulation MPEG Moving Picture Experts Group MPEG-2 Standard for compression and framing, from the M
49、oving Picture Expert Group MPEG2-TS MPEG-2 Transport Stream Data Unit MSB Most Significant Bit DVB is a registered trademark of the DVB Project5NAT Network Address Translation NCC Network Control Center NCR Network Clock Reference NIT Network Information Table PCR Program Clock Reference PDU Protocol Data Unit PEP Protocol Enhancement Proxy PID Program Identifier or Packet Identifier PIM Protocol Independent Multicast PIM-DM Protocol Independent Multicast Dense Mode PIM-SM Protocol Independent Multicast Sparse Mode PPPoE Point-to-Point Protocol over Et