1. Security Requirements
Marcus Leech
Nortel Networks

2. Business-Driven Requirements
Theft of service
Session authentication
Message integrity/authentication
Encryption (theft of subscription video, etc)
Customer separation
Encryption
Message integrity

3. Business-Driven Requirements (contd)
Billing ability
Session authentication
Message integrity
Content committment (subscriber auditability, etc)
Media/MAC consistency
Common key-management architecture and practices
Encapsulation (SDE) may be different from media-to-media

4. Requirements Details Session authentication
Individual identity/credential
Subscriber/human identity
end-point/hardware identification
Key management/agreement/distribution
Freshness of keying material
Flexible credentials
Ability to plug into existing infrastructures

5. Requirement Details (cont)
Message Integrity
Requires freshness of keying material
Strong cryptographic MAC function
Replay protection
Encryption
Flexibility in algorithm choice
Negotiation of *fresh* keys
Wire speed performance for whatever MAC is in use
“reasonable” footprint for skinny hardware

6. Requirement Details (contd)
Key management/agreement
Flexibility in credentials
Modern, publically analysed/available cryptographic primitives
Freshness guarantees
PFS?
Identity hiding?
Key translation/inter-MAC transport?