www.pxl.it Locksat - Final meeting ESTEC 04/06/2007 Slide 1 ver A2 LOCKSAT Final Meeting
Dec 26, 2015
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide1
ver A2
LOCKSATFinal Meeting
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide2
ver A2
Meeting Agenda• Project Description• Partners• Project Activites and Scheduling• Output Documents• Locksat concept description• Selection of application scenarios for Proof
of Concept• Proof of Concept Activities• Result Analysis• Conclusions• Implementation Implications• Intellectual Property• Future Work
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide3
ver A2
Project Description
ITI “Innovation Triangle Initiative” Project
“Validate an innovative idea that could be used by the space industry to solve an identified space
problem”
Proof of Concept - Type A proposal
“This new idea can be based on a completely new concept or on a concept that has not yet been
applied to space” “Validation of new ideas and demonstration of its
advantages, possibly up to Technology Readiness Level 3 - TRL 3”
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide4
ver A2
Partners (1/2)
PXL has increased its abilities in fulfilling strategies aimed to communication and data security (COMSEC, TRANSEC) and in applying advanced software engineering methods (i.e. "software radio") for the development of radio equipments.
PXL uses Voice over IP (VOIP) technology in industrial and military contexts, where the same technology has to be tailored around the specific needs of these fields.
PXL was founded in 2001. The mission of the company is to provide highly specialized competences in design and development of solutions for telecommunication and industrial embedded systems.
Role in the Project:Primary Contractor
Other ESA projects we are involved in:• ITT-5148. Multinational Satellite
Adaptor• ITT-5149. Satellite IP services for Civil
Protection Agencies
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide5
ver A2
It is a recently established (2001) no-profit consortium among the University of Rome “Tor Vergata”, “Roma Tre”, University of L’Aquila and industrial partners like Telespazio and Selex Communications (Finmeccanica Companies) and Si-ies.
RadioLabs team gathers a wide range of expertise on the fields of analogue and digital microelectronics and in different areas on information technology.
RadioLabs is capable to test service and products with real users, in particular:
•large scale evaluation of prototypes;•identification of usability requirements;•concept and user needs analysis;•scenario development and testing
Partners (2/2)RadioLabs stands for “Consorsium University-Industry – Radio-communication Laboratories”.
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide6
ver A2
Project WPsLine WP TITLE Description Start Stop
1000 1100 Literature SurveyLiterature survey on state-ofart key distribution systems and local key generation and synchronization techniques
Ko+0 Ko+2
1200 Design description
Analysis of key management systems identified in WP1100 focusing the attention on those based on ocal key generation and synchronization. Performance comparison at conceptual level. Conceptual design of LOCKSAT.
Ko+1 Ko+9
1300 Scenario definitionIdentification of realistic satellite communication scenarios in terms of applications, system architectures… Define realistic study cases.
Ko+0 Ko+3
2000 2100 Simulation designIdentification of simulator characteristics and performance requirements. Design of software modules needed to evaluate performance of LOCKSAT.
Ko+3 Ko+5
2200 Simulation plan
Planning of the set of simulations to be performed, identification of parameters to analyse and data to collect from simulation runs, schedule definition for the simulation campaign.
Ko+4 Ko+5
2300Test of performance of
identified solution through computer simulation
Implementation of the simulator. Validation of the simulator. Definition of simulator inputs parameters on the basis of scenarios. Simulation campaign.
Ko+5 Ko+8
3000 3100 Implementation implicationIdentification of issues related to implementation of LOCKSAT in real operational systems.
Ko+7 Ko+9
3200Performance and result
analysis
Comparative analysis of performance of LOCKSAT and other selected key management systems. Identification of strengths and weaknesses.
Ko+7 Ko+9
4000 4000 Management Ko+0 Ko+9
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide7
ver A2
Project Gantt
Line WP TITLE KO+1 KO+2 KO+3 KO+4 KO+5 KO+6 KO+7 KO+8 KO+91000
1100 Literature Survey1200 Design description1300 Scenario definition
20002100 Simulation design2200 Simulation plan
2300
Test of performance of identified solution through computer
simulation3000
3100 I mplementation implication3200 Performance and result analysis
40004000 Management
KO01/09/2006
BMR131/10/2006
BMR231/10/2006
BMR328/02/2007
MTR09/03/2007
BMR430/04/2007
FP04/06/2007
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide8
ver A2
Project DocumentsLine WP TITLE Output Names Date Type Ver1000
1100 Literature Survey Locksat_TER1_ver_A4.pdf 30/10/2006 Final A41200 Design description Locksat_TER3_ver_D1.pdf 27/04/2007 Final D11300 Scenario definition Locksat_TER2_ver_B1.pdf 15/12/2006 Final B1
20002100 Simulation design Locksat_TER4_ver_B2.pdf 24/01/2007 Final B22200 Simulation plan Locksat_TER5_ver_A1.pdf 31/01/2007 Final A1
2300Test of performance of
identified solution through computer simulation
Simulator SW 01/06/2007 Final
30003100 Implementation implication Locksat_TER6_ver_B3.pdf 01/06/2007 Final B3
3200Performance and result
analysisLocksat_TER7_ver_B3.pdf 01/06/2007 Final B3
4000Locksat_BMR1_verA1.pdf 30/10/2006 Final A1Locksat_BMR2_verA1.pdf 30/12/2006 Final A1Locksat_BMR3_verA1.pdf 27/02/2007 Final A1Locksat_BMR4_verA1.pdf 04/05/2007 Final A1Locksat_BMR5_verA1.pdf 01/06/2007 Final A1
LOCKSAT_MTR_ver_A3.pdf 05/03/2007 Final A3Locksat_MoM_1_v3.pdf 24/04/2006 Final Ver3Locksat_MoM_9_v2.pdf 02/04/2007 Final Ver2
4000 Management
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide9
ver A2
Locksat Concept Description (1/6)
What Locksat is?
LOCKSAT is the acronym of LOCal Key Synchronization and generation for data security in sATellite communications.
Locksat is a security key renewal algorithm that allows frequent key renewal (re-keying) without exchanging of data messages over the un-secure channel
What does Locksat mean?
In satellite environment propagation delay strongly impact re-keying performance because each re-keying phase requires at least one or two round-trip time to be executed.
Where Locksat idea comes from?
• Spread Spectrum Frequency Hopping Systems• Networks of Simple Distributed Systems
Locksat Background
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide10
ver A2
Locksat Concept Description (2/6)Locksat Basic Concepts (1/3)• Generation of symmetric encryption keys at both sides of the
communication channel• Encrypt and decrypt data using an encryption key extracted from a shared
sequence of keys
Receiver and Transmitter must agree upon the usage of a known Ordered Set of Keys (OSK)
PRNGServic
e#i Seed TRSF
Service#i WOD
Service#iOSK
OSN#i
OSN Generator
OSNStore#i
No Key Transfer
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide11
ver A2
Locksat Concept Description (3/6)
Locksat Basic Concepts (2/3)• Key renewal planned on time basis and synchronized between the two
communication parties
Receiver and Transmitter must agree upon key renewal time
t
tick_time
T = 5 x tick_timeK[i]=OSK(i)Key Hop #i
Key Hop Period
Receiver and Transmitteruse their Local Time Source
Local Time Source is referenced to a Global Time Source with a LASTER (Local Accurate
Stable Time External Reference)
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide12
ver A2
Locksat Concept Description (4/6)
Locksat Basic Concepts (3/3)• Key renewal planned on time basis and synchronized between the two
communication parties
Receiver compensates network delay and clock drifts using a key window
t_0t
Key Hop Period
n=0K[0]
n=1K[1]
n=2K[2]
n=3K[3]
n=4K[4]
n=5K[5]
n=6K[6]
KW[2] =K[1],K[2],K[3]
KW[1] =K[0],K[1],K[2]
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide13
ver A2
Locksat Concept Description (5/6)Application Scenario
Locksat can be used to supply key management for security services implemented at various layers of the OSI stack (e.g. IP layer, Application Layer, Link layer etc.) for various configuration scenarios (unicast or multicast) even in non satellite environment.Satellite systems emphasize Locksat performance.
Selection Criteria for Proof of Concept• Most promising applications (diffusion and market penetration)• Integration in standard architecture/protocols
Satellite TV-Broadcasting
IP data over Satellite
DVB-CA DVB-RCS-IP
Suitable Application Scenario has to be selected for Proof of Concept
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide14
ver A2
Locksat Concept Description (6/6)
DVB-CA DVB-RCS-IP
• Secure Audio/Video Broadcasting
• Based on standard DVB and DVB-CA
• Frequent CW renewal• No Key Window at receiver• No Laster at receiver
• Secure IP VPN over satellite• Secure IP End-to-End channel
over satellite• Use of a Laster• Key Window at receiver
• No channel bandwidth used for key renewal
• Speed up CW renewal (i.e. mitigate card-sharing issues)
• SA renewal time less then RTT • No channel bandwidth used for key
renewal• No Delay in Data transfer during
key renewal (SA expiration)
Adaptation to selected scenariosPeculiarities of the selected scenarios led to two different design.
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide15
ver A2
Locksat Proof of Concept (1/8)Approach• DVB-RCS-IP:
• Implementation of a simulation platform• DVB-CA:
• Analysis of real traffic traces• Comparison with other key management:
• Theoretical analysis• Analysis of real traffic traces
Tools• DVB-RCS-IP:
• The Ns-2 network simulator platform• DVB-RCS DAMA add-on module• Locksat add-on module
• DVB-CA:• Linux Based STB to capture and analyze real traffic
• Comparison with other key management:• Windows OS IPSec implementation• Ehtereal to capture and analyze real traffic• Iperf to generate tcp real traffic• NIST IPSec implementation reference documentation
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide16
ver A2
Locksat Proof of Concept (2/8)
DVB-RCS-IPSimulation description
• Secure IP VPN over satellite
• Secure IP End-to-End channel over satellite
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide17
ver A2
Locksat Proof of Concept (3/8)
DVB-RCS-IP Terms of Comparative Evaluation
Evaluation Parameters:
•Efficiency•Extra overhaead. The amount of extra-information to
transfer along the network for exchanging the new key.•Throughput decrease. The key renewal process could
lead to a reduction in the in-band data rate for• data transmission interruption during renewal• temporary missynchronization of tx and rx keys at
SA expiration.•Key renewal delay•Key renewal frequency
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide18
ver A2
Locksat Proof of Concept (4/8)
DVB-RCS -IP
Profile Name Return Link Forward LinkP1 256 kbit/s CRA 2 Mbit/sP2 64 kbit/s CRA+192
kbit VBDC2 Mbit/s
P3 256 kbit/s RBDC 2 Mbit/s
Profile ST1 Profile ST2 CBR ST1 (kbit/s)
CBR ST2 (kbit/s)
VBR ST1 (kbit/s)
VBR ST2 (kbit/s)
TOT uplink BW
P1 P1 256 256 - - 512P2 P2 64 64 192 192 320P3 P3 - - 256 256 256
Source/Sink Name Transport Protocol BW requirements DescriptionSRC1/SINK1 udp 128 kbit/s 5/6 VoIP comm..SRC2/SINK2 tcp Max allowed ftp transferSRC3/SINK3 tcp Max allowed Web browsing
Simulation scenario
Traffic sources
DAMA profile combinations
DAMA profiles
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide19
ver A2
Locksat Proof of Concept (5/8)
DVB-RCS -IP
• Traffic has been scheduled in order to stress Locksat mechanisms.
• Specifically, entries and exits of heterogeneous data flows, from both ST1 and ST2, in combination to the DAMA allocation loops maximize delay variations.
Traffic scheduling
• Scheduled traffic of ST1 (ftp, web), used to analyse performance,always exceeds maximum link bandwidth (congestion).
• ST1 modem buffer is considered infinite (no dropping).
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide20
ver A2
Locksat Proof of Concept (6/8)
DVB-CASimulation description• Secure
Audio/Video Broadcasting
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide21
ver A2
Locksat Proof of Concept (7/8)
DVB-CA Terms of Comparative Evaluation
Evaluation Parameters:
•Efficiency. The amount of extra-information to transfer along the network for exchanging the new key (number and the size of ECM messages)
•Key renewal frequency. Time elapsing between two subsequent key renewals
Comparative evaluation based on analysis of recorded traffic patterns coming from satellite TV services
•Typical ECM messages size•Typical ECM messages frequency•Typical CW update frequency
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide22
ver A2
Locksat Proof of Concept (8/8)DVB-CA• To evaluate potential benefits of the Locksat system (internal
sync mode) in the DVB-CA scenario, traces of the following transponder have been stored and analyzed:
Hotbird Transponder 63Provider: Sky Italia
Freq: 11977HSR: 27500FEC: 2/3
Channels: 10 (all scrambled)Encryption: 0919h, 093bh (Videoguard News Datacom NDS)
• 10 scrambled channels are multiplexed, and for each channel ECM, Video and Audio PIDs are monitored. To opposite, an unique EMM PID is active for all the channel.
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide23
ver A2
Locksat Result Analysis (1/4)
DVB-RCS -IP
TX side
TX source scheduling RTT perceived by FTP source
DAMA P2 -- Key Hop=0,25 ms
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide24
ver A2
Locksat Result Analysis (2/4)
DVB-RCS -IPDAMA P2 -- Key Hop=0,25 ms
Distance from Key Window center
Locksat window threshold
Packets discarded by Locksat
Current key compared to RX key window boundaries
Keys out of window
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide25
ver A2
Locksat Result Analysis (3/4)
DAMA PROFILE: 1 Locksat (KH=0,1) Locksat (KH=0,25) Locksat (KH=0,5) IPsec (default)Theoretical
IpsecKey renewal time 0,1 s 0,25 s 0,5 s 300 s [1-1.5] s
Key lifetime 0,5 s 1,25 s 2,5 s >300 s [2-3] sExtra overhead per key
exchange- - - 900 bytes* 900 bytes*
Bandwidth needed for key renewal
- - - negligible [4.8-7.2] kbit/s*
Amount of dropped packet
medium low negligible not estimated not estimated
DAMA PROFILE: 2 Locksat (KH=0,1) Locksat (KH=0,25) Locksat (KH=0,5) IPsec (default) Theoreticl Ipsec
Key renewal time 0,1 s 0,25 s 0,5 s 300 s [1.4-2.1] sKey lifetime 0,5 s 1,25 s 2,5 s >300 s [2.8-4.2] s
Extra overhead per key exchange
- - - 900 bytes* 900 bytes*
Bandwidth needed for key renewal
- - - negligible [3.4-5,1] kbit/s*
Amount of dropped packet
high medium negligible not estimated not estimated
DAMA PROFILE: 3 Locksat (KH=0,1) Locksat (KH=0,25) Locksat (KH=0,5) IPsec (default)Theoretical
IpsecKey renewal time 0,1 s 0,25 s 0,5 s 300 s [1.4-2.1] s
Key lifetime 0,5 s 1,25 s 2,5 s >300 s [2.8-4.2] sExtra overhead per key
exchange- - - 900 bytes* 900 bytes*
Bandwidth needed for key renewal
- - - negligible [3.4-5,1] kbit/s*
Amount of dropped packet
high low negligible not estimated not estimated
DVB-RCS -IP vs IPSec/IKE
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide26
ver A2
Locksat Result Analysis (4/4)
DVB-CA
Performance comparison
Key renewal frequency
Overhead for ECM (per transponder)
DVB-CA 10 seconds 150 kbit/s
Locksat DVB internal sync
~25 milliseconds -
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide27
ver A2
Conclusions (1/3)• Locksat concept has been proven in this scenario through
simulation
• Locksat achieved good perfomance compared to IPSec/IKE
• In high stress conditions (ST is congested) a key lifetime of 2,5 sec guarantee good throughput performance
•Key life time of 0,5 sec allows good performance in normal conditions (ST buffers not always congested)
• Stress points
•Working at IP level large delay variations makes rx/tx synchronization challenging (i.e. network congestion)
• Mitigating stress points
•Security constraints (key lifetime) can be balanced with network delay variations in order to maintain service availability
•Countermeasures could be taken to limit congestion at ST
DVB-RCS -IP
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide28
ver A2
Conclusions (2/3)
•Locksat concept has been proven in this scenario
•Locksat improves performance of the current DVB-CA
•A key lifetime of approximately 25 msec
•No external Laster needed (current STB may be used)
•No data transferred to renew CWs
DVB-CA
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide29
ver A2
Conclusions (3/3)
•In links with high RTT (Round Trip Time)
•When frequent key renewal is needed
•When bandwidth is a precious resource and security is needed (no data exchange for key renewal)
•In links with limited delay variations (i.e. OSI level 2) keys may be frequently renewed
•When time reference is transported with data
Why and Where use Locksat?
Same concept could be applied and tailored to different application scenarios
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide30
ver A2
Implemetation Implications (1/1)
•A preliminary scheme for Locksat implementation in DVB-CA architecture has been developed
•Simulcrypt or Multicrypt CA module with Smart Card for STB
•Proposal for integration in a Simulcrypt environment
DVB-CA
•A preliminary architecture for Locksat implementation in a VPN termination appliance has been developed
•A preliminary block function architecture for integration in IPSec framework
DVB-RCS-IP
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide31
ver A2
Intellectual Property (1/1)
A preliminary patent research has been realized during the work for both general concepts and their adaptation to the described scenarios
We currently checking the opportunity to patent Locksat
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide32
ver A2
Future Work (1/1)
We are going to prepare a new proposal for next step of ITI projects
“Demonstration of Feasibility and Use”
Type B
component and/or breadboard development possibly up to validation in laboratory
www.pxl.itLocksat - Final
meetingESTEC 04/06/2007
Slide33
ver A2
Questions ?
Thanks for attention