datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

Security Requirements for the Unidirectional Lightweight Encapsulation (ULE) Protocol
RFC 5458

Network Working Group                                     H. Cruickshank
Request for Comments: 5458                          University of Surrey
Category: Informational                                        P. Pillai
                                                  University of Bradford
                                                           M. Noisternig
                                                  University of Salzburg
                                                              S. Iyengar
                                                                  Logica
                                                              March 2009

                       Security Requirements for
      the Unidirectional Lightweight Encapsulation (ULE) Protocol

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   The MPEG-2 standard defined by ISO 13818-1 supports a range of
   transmission methods for a variety of services.  This document
   provides a threat analysis and derives the security requirements when
   using the Transport Stream, TS, to support an Internet network-layer
   using Unidirectional Lightweight Encapsulation (ULE) defined in RFC
   4326.  The document also provides the motivation for link-layer
   security for a ULE Stream.  A ULE Stream may be used to send IPv4
   packets, IPv6 packets, and other Protocol Data Units (PDUs) to an
   arbitrarily large number of Receivers supporting unicast and/or
   multicast transmission.

   The analysis also describes applicability to the Generic Stream
   Encapsulation (GSE) defined by the Digital Video Broadcasting (DVB)
   Project.

Cruickshank, et al.          Informational                      [Page 1]
RFC 5458             Security Requirements for ULE            March 2009

Table of Contents

   1. Introduction ....................................................3
   2. Requirements Notation ...........................................4
   3. Threat Analysis .................................................7
      3.1. System Components ..........................................7
      3.2. Threats ....................................................9
      3.3. Threat Cases ..............................................10
   4. Security Requirements for IP over MPEG-2 TS ....................11
   5. Design Recommendations for ULE Security Extension Header .......14
   6. Compatibility with Generic Stream Encapsulation ................15
   7. Summary ........................................................15
   8. Security Considerations ........................................15
   9. Acknowledgments ................................................16
   10. References ....................................................16
      10.1. Normative References .....................................16
      10.2. Informative References ...................................17
   Appendix A. ULE Security Framework ................................19
      A.1. Building Block ............................................19
      A.2. Interface Definition ......................................22
   Appendix B. Motivation for ULE Link-Layer Security ................23
      B.1. Security at the IP Layer (Using IPsec) ....................23
      B.2. Link Security below the Encapsulation Layer ...............24
      B.3. Link Security as a Part of the Encapsulation Layer ........25

Cruickshank, et al.          Informational                      [Page 2]
RFC 5458             Security Requirements for ULE            March 2009

1.  Introduction

   The MPEG-2 Transport Stream (TS) has been widely accepted not only
   for providing digital TV services, but also as a subnetwork
   technology for building IP networks.  RFC 4326 [RFC4326] describes
   the Unidirectional Lightweight Encapsulation (ULE) mechanism for the
   transport of IPv4 and IPv6 Datagrams and other network protocol
   packets directly over the ISO MPEG-2 Transport Stream as TS Private
   Data.  ULE specifies a base encapsulation format and supports an
   Extension Header format that allows it to carry additional header
   information to assist in network/Receiver processing.  The

[include full document text]