1 / 6

Security Requirements

This document outlines detailed security requirements for Nortel Networks, focusing on theft prevention, authentication, encryption, and key management practices. It covers topics such as session security, media consistency, and customer separation. The requirements include aspects like billing ability, subscriber auditability, and common key management practices. Emphasis is placed on individual identity protection, replay prevention, and flexibility in encryption algorithms and key negotiation. Additionally, modern cryptographic primitives and freshness guarantees are highlighted for enhanced security measures.

woodsmark
Download Presentation

Security Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Marcus Leech Nortel Networks Security Requirements

  2. Business-Driven Requirements • Theft of service • Session authentication • Message integrity/authentication • Encryption (theft of subscription video, etc) • Customer separation • Encryption • Message integrity • Session authentication

  3. Business-Driven Requirements (contd) • Billing ability • Session authentication • Message integrity • Content committment (subscriber auditability, etc) • Media/MAC consistency • Common key-management architecture and practices • Encapsulation (SDE) may be different from media-to-media

  4. Requirements Details • Session authentication • Individual identity/credential • Subscriber/human identity • end-point/hardware identification • Key management/agreement/distribution • Freshness of keying material • Flexible credentials • Ability to plug into existing infrastructures

  5. Requirement Details (cont) • Message Integrity • Requires freshness of keying material • Strong cryptographic MAC function • Replay protection • Encryption • Flexibility in algorithm choice • Negotiation of *fresh* keys • Wire speed performance for whatever MAC is in use • “reasonable” footprint for skinny hardware

  6. Requirement Details (contd) • Key management/agreement • Flexibility in credentials • Modern, publically analysed/available cryptographic primitives • Freshness guarantees • PFS? • Identity hiding? • Key translation/inter-MAC transport?

More Related