Security Requirements Marcus Leech Nortel Networks

Business-Driven Requirements Theft of service Session authentication Message integrity/authentication Encryption (theft of subscription video, etc) Customer separation Encryption Message integrity

Business-Driven Requirements (contd) Billing ability Session authentication Message integrity Content committment (subscriber auditability, etc) Media/MAC consistency Common key-management architecture and practices Encapsulation (SDE) may be different from media-to-media

Requirements Details Session authentication Individual identity/credential Subscriber/human identity end-point/hardware identification Key management/agreement/distribution Freshness of keying material Flexible credentials Ability to plug into existing infrastructures

Requirement Details (cont) Message Integrity Requires freshness of keying material Strong cryptographic MAC function Replay protection Encryption Flexibility in algorithm choice Negotiation of *fresh* keys Wire speed performance for whatever MAC is in use “reasonable” footprint for skinny hardware

Requirement Details (contd) Key management/agreement Flexibility in credentials Modern, publically analysed/available cryptographic primitives Freshness guarantees PFS? Identity hiding? Key translation/inter-MAC transport?