Engineering Letters, 18:2, EL_18_2_04 ______
Secure IP over Satellite DVB Using Chaotic Sequences Daniel Caragata, Safwan El Assad, Bassem Bakhache, Ion Tutanescu
1 platforms, isolated villages etc.), easy implementation in Abstract - Satellite connections are expected to play an disaster stricken zones (areas affected by earthquakes, fire, important role in providing Internet Protocol services as a war etc.) or an alternative to land infrastructures. These are complement of the next generation terrestrial network. DVB-S the reasons why the satellites have gained a very important (Digital Video Broadcasting – Satellite) is one of the most widely used standards to transmit video, audio and data over satellite. place in today’s communication systems and are supposed to This paper proposes a security system for IP over DVB-S that be a very important part of the next generation Internet satisfies all the security requirements while respecting the architecture. characteristics of satellite links, such as the importance of Nowadays the Internet is the most important communication efficient bandwidth utilization and high latency time. The usage network as it has become very widespread (more that 20% of of chaos is proposed both for the generation of new keys and for world population is using it [1]) and the services it may the data encryption. support are very diverse: news, shopping, bank accounts A theoretical analysis of the system and a simulation of FTP and HTTP traffic are presented and discussed to show the cost access, money transfer, video and audio conferencing etc. of the security enhancement and to provide the necessary tools DVB-S [14] is an open standard ratified by European for security parameters setup. Telecommunication Standard Institute, ETSI, in 1994. It is a part of the DVB standards family along with Digital Video Index Terms – Chaotic functions, DVB, Internet Protocol, Broadcasting – Cable, DVB – C, Digital Video Broadcasting satellite, security. – Terrestrial, DVB – T, and Digital Video Broadcasting – Handled, DVB-H. DVB-S2 was proposed in 2003 as the next generation of DVB-S [15]. It uses the advances made in I. INTRODUCTION coding and modulation technology. The Digital Video th One of the most impressive prophecies of the 20 century Broadcasting, Return Channel via Satellite, DVB-RCS, was made by Arthur C. Clarke in 1945 in an article published standard was developed in 1999 and its main feature is that it in Wireless World [25]. The scientist and fiction novel writer enables a two-way communication, the forward channel being presented the concept of using extra terrestrial satellites that similar to that of DVB-S. would rotate around the earth with a 24-hours orbit to provide DVB standards were initially proposed to offer video and communication services. audio services. Later, some encapsulation methods were “An artificial satellite at the correct distance from the earth proposed to enable IP links over DVB. The Unidirectional could make one revolution every 24 hours, i.e., it would Lightweight Encapsulation, ULE, has proven to be the most remain stationary above the same spot and would be within optical range of nearly half of the earth's surface. Three successful. Even though the ULE standard is in its mature repeater stations, 120 degrees apart in the correct orbit, could state, the optimal security solution remains to be studied. give television and microwave coverage to the entire planet”. In recent years, the study of chaos has attracted great Although this statement made little impact at the time, it can interest in many fields of scientific research. One of the fields be considered the birth of modern extra-terrestrial where the theory of chaos finds practical implementation is communication systems. the field of telecommunications. Thus, properties such as high The first operational space communication system was sensitivity to initial conditions and non-periodic deterministic used by the U.S. Navy. They began bouncing radio signals off behaviour of chaotic maps can be harvested in order to realise the Moon in 1954 and were able to provide a link between chaos based crypto-systems or new communication systems, Hawaii and Washington DC from 1959 to 1963 using the to name just a few. Communications by Moon Relay (CMR) system [26]. This paper is organized as follows. In Section II we present Satellites have some very important characteristics: how Internet over satellite works and what are the security accessibility in isolated places (top of mountains, deserts, oil requirements for it. In Section III we propose a security mechanism that uses: a multilevel key management technique, 1 Manuscript received January 14, 2010. a simplified extension header, and chaotic functions for key D. Caragata and S. El Assad are with IREENA, Ecole Polytechnique de generation and data encryption. In Section IV we analyze the l’Université de Nantes, rue Christian Pauc, BP 50609, 44306, Nantes, France (e-mail {daniel.caragata, safwan.elassad}@univ-nantes.fr, tel: + 33 data overhead and the period of Master Key usage in order to 6 76 32 28 36, fax : + 33 2 40 68 32 32). study the cost of security and to provide the necessary tools B. Bakhache is with the Electronics and Communications Department of for the correct setup of the security parameters. We also the Faculty of Engineering – Lebanese University, Beirut, Liban. simulate the system using real HTTP and FTP data. In Section ([email protected]). I. Tutanescu and D. Caragata are with Electronics, Communications and V we present a simplified version of the security system we Computers Faculty of University of Pitesti, str. Targu din Vale, nr. 1, propose, one that does not use the extension header. The 110040, Pitesti, Romania. ([email protected]).
(Advance online publication: 13 May 2010)
Engineering Letters, 18:2, EL_18_2_04 ______
advantages and drawbacks of this approach are studied. In header and a trailer to the network level PDU. The header is section VI we present our conclusion. formed of: • D: a one bit field indicating the presence or II. INTERNET OVER DVB-S absence of the optional field NPA (see below). • L1: a 15 bits field indicating the length of the
A. General overview SNDU starting from the first byte after the T1 field The general structure of the communication system that and including the CRC trailer. The length is allows Internet access over satellite DVB is presented in expressed in bytes. Figure 1. The Internet Service Provider, ISP, has access to the • T1: a 16 bits field indicating the type of network Internet and sends IP packets to his clients (satellite terminals) PDU being carried by the SNDU. Its values are using the satellite link. The IP packets need to be encapsulated assigned by the Internet Assigned Numbers and are carried by a MPEG-2 stream. Authority, IANA. • NPA@: Network Point of Attachment address is a 48 bits optional field that can carry the destination address of the SNDU. Usually it is a MAC address. IP IP IP The SNDU data is represented by the network level PDU and the SNDU trailer is a CRC-32 code applied to the whole Satellite SNDU. IP terminals IP If no additional information about the PDU is required then Intenet ISP IP the standard ULE header will be used. This adds very little additional information. If other services are to be provided, such as security, ULE allows a flexible mechanism for the extension of the SNDU header. Its format is presented in Figure 3. Return IP IP packet channels Header Data Trailer IP IP packet D L1 T1 NPA@ H1 T2 PDU CRC transfered by SNDU satellite Fig. 1: Satellite IP communication. Fig. 3: ULE extension header. A MPEG-2 Transport Stream, MPEG-2 TS, is created by The field T1 does not indicate the type of network PDU that multiplexing several MPEG-2 Elementary Streams, MPEG-2 is carried, but the type of extension header. Its values are also ES, and it consists of a continuous stream of data frames with assigned by IANA. a fixed length of 188 bytes. Each frame has a header of at least The field H1 is the extension header and its structure is 4 bytes and a payload of maximum 184 bytes. The only field determined by the type T1. There are predefined extension of the header that is of interest for our paper is the Packet headers (such as the format for a bridged payload [3]) and Identifier, PID. It is a 13 bits field that is used to determine to unassigned values of extension header types that can be used which ES the payload of the frame belongs. for new extension headers. We propose a security mechanism for the data link layer connection between the ISP and the satellite terminals. T2 indicates the type of PDU that is being carried, similar to the field T1 of the ULE without the extension header. B. ULE Encapsulation Network level Packet Data Units, PDU, must be C. Transmitter and receiver base station encapsulated in order to be transported over the satellite link. A typical architecture of a transmission base station that There are two possible encapsulation methods, MPE [2] and allows the transmission of IP datagrams through DVB-S, also ULE [3]. It has been shown in [4], [5] and [6] that ULE has named provider or ISP, should comprise a router with access many advantages over MPE such as improved efficiency and to Internet, an IP encapsulator, a MPEG 2 multiplexer, a native support for a wide range of network protocols. It is modulator and a satellite antenna as shown in Figure 4. therefore becoming the predominant method of encapsulation in DVB-S/DVB-RCS. Router IP Encapsulator The standard ULE encapsulation method is presented in Figure 2.
Modulator Header Data Trailer Satellite D L1 T1 NPA@ PDU CRC Antenna MPEG Multiplexer SNDU
Fig. 4: Transmission base station or provider. Fig. 2: Standard ULE encapsulation. The receiver base station, Figure 5, contains a satellite ULE creates a Sub Network Data Unit, SNDU, by adding a antenna, a demodulator, a MPEG 2 demultiplexer, an IP
(Advance online publication: 13 May 2010)
Engineering Letters, 18:2, EL_18_2_04 ______
Packet Recovery Unit, IPPRU, a router and the final user Based on the topology of the systems using IP over DVB, which may be a computer or a Local Area Network, LAN, if the security threats have been divided into three categories: the router uses Network Address Translation, NAT. • Monitoring: in this case the attacker monitors the ULE broadcast to gain information about the ULE IPPRU Router data, about the communicating parties or even access the transmitted information. For this case, Demodulator measures must be taken to protect the ULE payload and the identities of the communicating Satellite parties. Antenna • Locally conducting active attacks on the MPEG-TS multiplex: in this case, the attacker is MPEG Demultiplexer presumed to modify the original transmission of the ISP and provide his own version of the Fig. 5: Receiver base station, or user. transmission to an isolated ULE receiver or a small group of receivers (e.g. a company site).
D. The return channel The ISP may not be aware of these attacks. The Opposed to TV broadcasting, TCP/IP communications need measures that must be taken to prevent this kind of a return channel in order to work properly. A key attack are data authenticity and data integrity as characteristic of most TCP/IP communications is the high well as the prevention of old message replay. asymmetry between the forward and the return channel. This • Globally conducting active attacks on the is not the case for all TCP/IP applications, the exceptions are MPEG-TS multiplex: in this case the attacker is e-mails, chat or heavy AJAX based pages. However, it is presumed sophisticated enough to override the common practice for systems that provide Internet access via entire MPEG-TS transmission multiplex. The satellite to use different channels for forward and reverse provider is normally aware of this attack and the communications. There is no special condition for the reverse measures that must be taken are similar to the case channel. Depending on users’ requirements, it may be Dial Up of the local active attack. ISDN, GPRS, other satellite data systems, etc. The active attacks described above can be divided into two E. Security requirements classes: IP over satellite DVB is a wireless communication protocol • Insider attacks: the attacks are performed by and thus susceptible to several attacks [7], [8]. The existing adversaries from the network and that have access threats can be devised in two categories: passive and active. to the secret materiel. Passive attacks are considered the major threats for our • Outsider attacks: the attacks are performed by communication system. Examples of passive threats are: the adversaries without access to the secret materiel. attacker is monitoring the transmission to extract the traffic between the IP endpoints, the attacker is monitoring the traffic The security requirements that have been derived in order to to obtain information about the communicating parties. This counter these attacks are: information may be the amount of traffic, the time the parties • Data confidentiality: is the most important security are active, different statistics about the traffic associated with requirement because any unauthorized receiver a certain NPA/MAC address. Due to the ease of interception can access the PDU that are being transmitted. this threat is of particular interest for DVB broadcasting networks. • Data integrity and authentication: are required to Active attacks require that the intruder injects his own counteract active threats. messages into the bitstream or modifies the bitstream. Examples of active attacks are: • Protection against replay attacks: sequence • Masquerading: when the attacker pretends to have numbers are suggested to prevent replay attacks. a different identity. • Link layer terminal authentication: it is required as • Repudiation: when the originator of a message part of the key management protocol. denies having sent that message or when the receiver denies having received the message. Other general requirements are: • Replay attacks: when the attacker sends multiple • ULE key management functions must be copies of an authentic message. decoupled from ULE security services such as • Denial of service: when the attacker prevents an encryption or authentication. entity from performing its proper function. • Algorithm agility must be supported in order to allow upgrading the encryption and authentication Active threats are considered major threats for the Internet algorithm if they become obsolete community where masquerading or modification of IP • The security extension header must be compatible packets are relatively easy to perform. This motivates the with other ULE extension headers. mandatory use of sequence number in IPSec. However, active attacks are much more difficult to perform in a MPEG-2 Trying to respond to these security requirements, two broadcasting environment. security systems have been proposed, one in [9], [10] and the other in [11]. We have used the advantages of both in order to
(Advance online publication: 13 May 2010)
Engineering Letters, 18:2, EL_18_2_04 ______
present a novel and improved security system for satellite Our proposed security enhancement takes these Internet [33]. considerations into account and uses the return path only to allow users to send alarm messages if they have lost the key III. PROPOSED SYSTEM management information. We propose the use of a multilayer key management
A. General description structure [19], [20]: The security system that we propose responds to the security requirements and takes into consideration the characteristics MK – 1024 bits of satellite communications. A 32 bit extension header, called Packet Number, PN, is used. This field provides protection IK3 – 1024 bits against replay attacks and is used as a nonce in the key deriving process. IK2 – 512 bits We propose that the CRC trailer of the SNDU be replaced by a Message Authentication Code, MAC. This will provide IK1 – 256 bits data integrity and data authenticity. All the PDU are encrypted. We propose a key derivation SK – 128 bits system that allows the encryption of each PDU with a different key and we also propose the encryption of the MAC Fig. 7: Multilayer key management system. trailer in order to have improved security. The link layer terminal authentication is realized by the The Master Key, MK, is the top level key of the structure. It multilayer key management system. It is based on a private is agreed upon between the ISP and the terminal at a previous key that has been previously exchanged between the ISP and stage, using a smart card. The MK can only be changed using the terminals by other means of communication than the other means of communication, not the satellite link. satellite link. The number of Intermediary Keys, IK, and the size of keys can be chosen by the ISP as it sees fit, taking into account the B. SNDU structure particular security requirements and the bit rate of the The structure of the SNDU is presented in Figure 6: T1 is the protected connection. However, they can be chosen at the type of the extension header. As mentioned above, IANA initialization stage. Once fixed, they cannot be modified. We must assign a value for it. T2 carries the type of the propose and analyze a system that has 3 intermediate keys: encapsulated PDU. Intermediary Key 1, IK1, with a length of 256 bits, In order to enhance the security of the MAC code, and to Intermediary Key 2, IK2, with a length of 512 bits and broaden the range of choices for it, it will also be encrypted. Intermediary Key 3, IK3, with a length of 1024 bits: The MAC will not protect just the PDU that is encapsulated All data is encrypted and authenticated using an Ephemeral but also the ULE header, thus providing protection against a wider range of active attacks. Key, EK. This key is derived from the Session Key, SK, the NPA address and the Packet Number, PN. The requirements for the two keys, SK and MK, are very 0 6 1 1 3 different. SK must be changed as frequently as possible, while MK should be changed only in case of compromise or D L1 T1 Authenticated Authenticated periodically at long time intervals. The SK should have a NPA@ length that would balance good security and cost of processing. We recommend a length of 128 bits. On the other NPA@ PN hand, MK should have a much longer length because the PN T2 security of the whole system depends on it. We recommend a
Encrypted length of at least 1024 bits. PDU The SK will be used for a limited amount of data. In order to MAC decide whether the SK will be changed or not, the provider will count the total number of bytes encrypted and authenticated with the current SK. When the counter reaches a Fig. 6: SNDU secured. certain threshold, Session Key Threshold, SKTh, a new SK will be generated by the ISP and will be sent encrypted using
C. Proposed key management system IK1 to the terminal. We propose a key management system that takes into The IK1 will also be used a limited number at times, IK1Th, consideration the security requirements for IP over satellite Intermediary Key 1 Threshold. When IK1 needs to be DVB, stressed out in [7] and [8], as well as the characteristics changed a new value for it will be generated and it will be sent of IP satellite communications in order to provide an efficient encrypted with the next level key, IK2. IK2 and IK3 are implementation. treated in a similar manner. The values of SKTh, IK1Th, The system for which we propose the security enhancement IK2Th, and IK3Th are the parameters of the key management is characterized by a high asymmetry in bandwidth between protocol. the forward and the return paths. However both paths must be used to have proper Internet browsing and key management.
(Advance online publication: 13 May 2010)
Engineering Letters, 18:2, EL_18_2_04 ______
D. Proposed key generator y(n )= F [ y ( n − 1)] = We propose the use of chaotic sequences, both for key y( n −1) generation and for data encryption. if0≤ y ( n − 1) <≤−< p p (4) The proposed chaotic generator [17], [21] for the generation === 1−y (n −−−− 1) of the keys consists of two parallel generators as seen in if p≤ y( n − 1) <≤−< 0.5 Figure 8. Each one is looked at as a non linear recursive 1−−− p filter (non linear IIR Filter). Different non-linear functions FNL(x) were tested: Skew Tent map, xLnx, x×exp[cos(x)], We have quantized the chaotic map in order to make it run pwlcm, etc. over the integer set, as follows: Y (n )= F [ Y ( n − 1)] =
N Y (n −−−1) 2 × if0≤ Y ( n − 1) < P P (5) === N N 2−Y ( n −−−− 1) N 2 × if P≤ Y( n − 1) < 2 N 2 −−− P Where Y denotes the biggest integer, not bigger than Y, Y(n) is the discrete state ranging from 0 to 2 N −1 and P is the discrete control parameter with 0
15
10
X(n+1) Fig. 8: Proposed chaotic generator. 5 All coefficients c11, c12, c13, c21, c22, and c23 can take values ranging from 1 to 2 N −1, where N is the number of bits used to represent the value of the coefficients. The general equation for this generator is defined by the following 0 equations: 0 5 10 15 3 X(n) 6 1 = u1 ∑ i 11 −×+ inYcnkFNLnY )]([)(()( (1) x 10 i=1 3 Fig. 9: Mapping result. 2 = u2 ∑ i 22 nYcnkFNLnY −×+ 1([)(()( )] (2) i=1
= 1 ⊕ 2 nYnYnY )()()( (3)
Our experiments have shown that the best properties, in terms of cryptographic characteristics and ease of implementation, are obtained when the Skew Tent map is used. The Skew Tent map is a non linear ergodic function and it has uniform invariant density function in its definition interval. The Skew Tent map is composed of two linear segments and is given by:
(Advance online publication: 13 May 2010)
Engineering Letters, 18:2, EL_18_2_04 ______
Begin
0.8 Initializations, secret key, initial conditions
0.6 i=0
0.4 yes i