1 / 6

Security Requirements

Marcus Leech Nortel Networks. Security Requirements. Business-Driven Requirements. Theft of service Session authentication Message integrity/authentication Encryption (theft of subscription video, etc) Customer separation Encryption Message integrity Session authentication.

woodsmark
Télécharger la présentation

Security Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Marcus Leech Nortel Networks Security Requirements

  2. Business-Driven Requirements • Theft of service • Session authentication • Message integrity/authentication • Encryption (theft of subscription video, etc) • Customer separation • Encryption • Message integrity • Session authentication

  3. Business-Driven Requirements (contd) • Billing ability • Session authentication • Message integrity • Content committment (subscriber auditability, etc) • Media/MAC consistency • Common key-management architecture and practices • Encapsulation (SDE) may be different from media-to-media

  4. Requirements Details • Session authentication • Individual identity/credential • Subscriber/human identity • end-point/hardware identification • Key management/agreement/distribution • Freshness of keying material • Flexible credentials • Ability to plug into existing infrastructures

  5. Requirement Details (cont) • Message Integrity • Requires freshness of keying material • Strong cryptographic MAC function • Replay protection • Encryption • Flexibility in algorithm choice • Negotiation of *fresh* keys • Wire speed performance for whatever MAC is in use • “reasonable” footprint for skinny hardware

  6. Requirement Details (contd) • Key management/agreement • Flexibility in credentials • Modern, publically analysed/available cryptographic primitives • Freshness guarantees • PFS? • Identity hiding? • Key translation/inter-MAC transport?

More Related