[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Security Considerations section for draft-fair-ipdvb-req-04. txt



The suggestion made in the email from Haitham Cruickshank did not seem a
reasonable one to me; but I stand ready to hear additional, relevant
reasons.  To start, I would like to probe the reasons  that I found lacking
in applicability a bit.. see embedded excerpts and responses.

Art
::{)>
Art Allison
Director Advanced Engineering
NAB
1771 N St NW
Washington DC 20036
202 429 5418


-----Original Message-----
From: Haitham Cruickshank [mailto:H.Cruickshank@eim.surrey.ac.uk]
Sent: Wednesday, March 17, 2004 6:00 AM
To: ip-dvb@erg.abdn.ac.uk
Subject: Security Considerations section for draft-fair-ipdvb-req-04.txt


Hi All,
<snip>

However, subnetwork security is important [LINK] and should be
encouraged, on the principle that it is better than the default
situation, which all too often is no security at all.  Users of
especially vulnerable subnets (such as radio/broadcast networks and /or
shared media Internet access) often have control over at most one
endpoint - usually a client and therefore cannot enforce the use of
end-to-end mechanisms.
AA> Just what is the alleged vulnerability? To what exactly?

A related role for subnetwork security is to protect users against
traffic analysis, i.e., identifying the communicating parties and
determining their communication patterns and volumes even when their
actual contents are protected by strong end-to-end security mechanisms
(this is important for networks such broadacst/radio, were
eaves-dropping is easy). 
AA> Let us explore this a bit. What communication pattern? All that I can
see is that the emission station sends x% of their packets using ULE. How is
a traffic analysis of any kind going to harm a broadcaster in any way?
Please describe how this a threat to the transmitter operator?
/ 

Finally an important role for subnetwork
security is the protection of the subnetwork itself.  Possible threats
to subnetwork assets include theft of service 

AA> Please explain what service is protected from being stolen by this
addition.
If the contents are not usable, (and each service has many means to so
insure), what can one do with these packets?
/

and denial of service;
shared media subnets tend to be especially vulnerable to such attacks
AA>I don't see this in the RF domain. One way to deny service from a DTV
transmitter is to create interfering RF energy that prevents reception.
While possible, RF DFing works fine to track down and eliminate the attacker
were it to occur- and it wipes out all reception, not just some packets. I
fail to see a motive for anyone to make such an investment, the cost of
which is directly related to the number of receivers interfered with. For a
satellite service it is much harder to interrupt as one must get into the
aperture of the antenna.

But you posit a even more complex and sophisticated attack... here is what I
think would be required to do selective denial of service at the MPEG packet
level:
One would have to demodulate the stream, then strip <just> the packets that
contain the service to be denied, the re-emit the altered stream (replacing
the deleted packets with null or faked packets) and recreate the RF
modulation. And even then the attacker would only affect those where he
could achieve local undesired to desired signal levels (as he has to
override the desired stream with his undesired stream).  
/

Security concerns not just the packet data being communicated, but also
the control protocols.
AA> Please explain how the control protocols could be altered in the real
word considering the RF systems.
/

Appropriate security functions must therefore be
provided for ipdvb support protocols [LINK].

AA> Please provide additional information to show what risk is mitigated in
order to support your assertion that this 'must' be done. So far you have
not enabled me to see any concrete basis for this complexity, nor that there
is even a very small real attack risk. 

Art
::{)>
Art Allison
Director Advanced Engineering
NAB
1771 N St NW
Washington DC 20036
202 429 5418