[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Trying to find words to describe how PIDs are used.....
Repost: My last posting to the list seemed to have gone astray, so I
shall try an updated repost.
I was trying to use some of the email from others to propose some text
that answered the second set of questions.
> 2) Can we determine precisely what we man by a "Stream".
> Does a Stream always only have ONE originating source?
> That is, does the PID imply a specific intended source?
Here is some draft text, that could perhaps be placed at the end of
section 3.2. I'd be very pleased to receive comments/corrections so we
converge on some good description of this, since I think this relates
directly to the need for authentication.
THOUGHTS??? Comments and corrections please...
Best wishes,
Gorry
----
In a MPEG-2 Transmission network, the originating source of MPEG-2 TS
Packets is either a L2 interface device (media encoder, encapsulation
gateway, etc) or a L2 network device (TS multiplexor, etc). These
devices may, but do not necessarily, have an associated IP address. In
the case of an encapsulation gateway (e.g. ULE sender), the device may
operate at L2 or L3, and is not normally the originator of an IP traffic
flow, and usually the IP source address of the packets that it forwards
do not correspond to an IP address associated with the device. When
authentication of the IP source is required this must be provided by
IPsec, TLS, etc. operating at a higher layer.
The TS Packets are carried to the Receiver over a physical layer that
usually includes Forward Error Correction and synchronisation processing
that makes injection of single TS Packets very difficult. Replacement of
a sequence of packets is difficult, but possible.
Each Receiver needs to identify a TS Logical Channel (or MPEG-2 Stream)
to reassemble the fragments of PDUs sent by a L2 source [RFC4259]. In an
MPEG-2 TS, this association is made via the Packet Identifier, PID
[ISO-MPEG]. At the sender, each source associates a locally unique set
of PID values with each stream it originates. However, there is no
required relationship between the PID value used at the sender and that
received at the Receiver. Network devices may re-number the PID values
associated with one or more TS Logical Channels (Streams) to prevent
clashes at a multiplexor between input Streams with the same PID carried
on different input multiplexes. A device may also modify and/or insert
new SI data into the control plane (also sent as TS Packets identified
by PID value).
The Stream of TS Packets carried in a multiplex are usually received by
many Receivers. One method is to secure the entire Stream at teh MPEG-2
TS level. This approach is well-suited to TV-transmission, data-push,
etc, where the PID carries one or a set of flows with similar security
requirements. Where the Stream carries a set of IP traffic flows to
different destinations with a range of properties (multicast, unicast,
etc) this it is often not appropriate to provide IP confidentiality
services for the entire Stream. A finer-grain control is required that
at least allows control to the level of a single MAC/NPA address.
However, there is only one valid source of data for each MPEG-2 Stream
(i.e. PID). Although an attacker that is able to modify the content of
the received multiplex (e.g. replay data) could inject data locally with
an arbitrary PID value.
---