Michael Noisternig scite author profile

There is growing interest in providing multimedia and broadband access over satellites. However there are several technical challenges need to be addressed. One challenge is security in terms of understanding threats and providing an effective security system. Also this paper presents a ULE security solution using ULE mandatory extension headers. The design issues and choices are discussed. The detailed security header format is described together with processing sequence in both transmitter and receiver sides.

show abstract

A lightweight security extension for ULE

Noisternig

Collini-Nocker

2007

View full text Add to dashboard Cite

The Unidirectional Lightweight Encapsulation (ULE) one, both sides of a communication must provide support for protocol is an efficient and extensible wrapper mechanism for IP such security mechanisms (and eventually must have shared over NMPEG-2 networks. Such networks are typically operated on cryptographic keys in advance). This will not be realizable broadcast wireless channels and are thus specifically vulnerable under many conditions where the two sides are not under to attacks. Passive attacks, such as eaves-dropping, are simple to central control. Another problem is the need to set up each perform and emphasize the importance for security and support connection separately in a secure way, which may introduce within ULE. significant overhead. Similar costs are also present with network layer security when a secure connection must be Inpthispapersa mnatory seurity tension of teiUL established for each host contacted. One of the biggest protocol IS discussed that IS designed with the aim of being o n-oedscrt eadn racs ik conservative in bandwidth consumption and lightweight in the shortcomings of end-to-end security regarding broadcast links sense that it allows for implementation in low-cost, resourceis that end-point addresses remain in the clear: neither the scarce (mobile) receiver devices. The focus of this work is on two source nor the destination address can be protected against aspects of a complete ULE security framework: the format of the eavesdropping, permitting an attacker to identify the security extension header, and security transforms for this communicating parties.extension.When only the ULE link is secured, this has, for one, the benefit of the broadcast link becoming transparent for the user Keywords-link layer security; privacy; ULE in the sense that he or she can rely on security assumptions as of wired links [8]. Of course, the IPsec protocol could be used I.INTRODUCTION in tunnel mode to create such a secure link. While this MPEG-2 [1] networks, while primarily designed for the approach has the advantage of IPsec's widespread availability, transmission of digital TV, are increasingly used for providing it will result in significant bandwidth overhead on the satellite IP services. The Unidirectional Lightweight Encapsulation link. Furthermore, the high complexity of IPsec (ULE) protocol [2] has been designed as an efficient implementations will make its realization within low-cost encapsulation of IPv4/IPv6 and other network layer packets receiver devices difficult. Last but not least, current IPsec over the MPEG-2 Transport Stream (TS), and allows specifications only define pairwise tunnels between two augmenting its functionality using a flexible extension header devices, thus this option is not applicable for multicast and mechanism. As such, the basic ULE encapsulation does not broadcast transmissions. offer any security services; however, MPEG-2 networks are Implementing security at the link layer allows addressing often operated on wireless channels, such as satellite DVB-S abov...

show abstract

Cryptographic transforms for a lightweight and efficient DVB link-layer security extension

Noisternig

2012

View full text Add to dashboard Cite

The Unidirectional Lightweight Encapsulation (ULE) and the Generic Stream Encapsulation (GSE) protocol have been defined as extensible mechanisms for the efficient carriage of IP data over Digital Video Broadcasting (DVB) links, but, in keeping overhead at minimum, they do not include any security functionality. This is an issue for DVB broadcast links, which are vulnerable due to their typically large coverage areas and the direct accessibility of a wireless communications channel, making eavesdropping easy. A list of security requirements for DVB networks has been derived jointly with independent authors in RFC 5458, and a joint security extension header design for the ULE protocol has been presented. This paper first describes a revised security extension header, which is applicable for both ULE and GSE as well as future GSE-like protocols such as defined in the new DVB-RCS2 standard. It then presents a set of cryptographic transforms to address each of the traffic security requirements identified. In particular, effective measures against traffic flow analysis attacks are described, which are of concern not only to military applications. The benefits of the proposed mechanisms are highlighted and contrasted in terms of bandwidth overhead and security functionality to traditional IPsec tunnel mode encapsulation and to base-band frame security such as envisaged for the DVB-RCS2 standard.

show abstract

GSSTP: a signalling transport protocol for DVB‐S2 GSE‐only transmission systems

Ewald

Fairhurst

Noisternig

et al. 2012

Satell Commun Network

View full text Add to dashboard Cite

SUMMARYThe current signalling framework for Digital Video Broadcasting systems is based on MPEG-2 encoded Program Specific Information and System Information tables that rely on the transport stream. It is expected that in the near future, this architecture will be replaced by one based on the Generic Stream Encapsulation protocol, paving the way for the convergence of DVB-S2 broadcast transmission networks and IP infrastructure. This paper presents a new lightweight Generic Stream Signalling Transport Protocol, which can be used to realise a transmission system based only on the Generic Stream Encapsulation and that efficiently supports filtering of Program Specific Information and System Information tables.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.