A ULE Security Approach for Satellite Networks on PLATINE Test Bed

The satellite network does not have the IP layer where the IPsec [2][3] is designed for. Therefore, a new algorithm is needed to secure the satellite link at link layer or physical layer. This paper will give a short analysis on the advantages and disadvantages of the MPEG-2 TS encryption and present an approach trying to use the extension header of Unidirectional Lightweight Encapsulation (ULE) [6] Protocol Data Unit (PDU) to provide the efficient security solution for satellite networks. This approach is just above the MPEG-2 TS layer and makes the link security as a part of the encapsulation layer. Thanks to a test bed platform named PLATINE developed by France partners and contributed by other partners within the SATSIX project on which the DVB-S and DVB-RCS have been implemented. The Unidirectional Lightweight Encapsulation (ULE) [6] mechanism working together with MPEG 2 Transport Stream (TS) as a part of the encapsulation in PLATINE is for the transport of IPv6 (& IPv4) Datagrams and other network protocol packets directly over the ISO MPEG-2 Transport Stream as TS Private Data. The proposed security approach is implemented within PLATINE to provide integrated security with ULE protocol at the link layer. The approach is based on the security requirements Internet draft [1] Introduction Current broadband satellite services are regarded as a niche market due to the high cost of launching a satellite system, and the relatively limited available bandwidth compared to terrestrial counterparts. To improve take-up of broadband satellite, it is essential to provide costeffective solutions, to efficiently accommodate new multimedia applications, and to integrate satellites into next generation networks. These issues are being addressed in the EU-funded IST FP6 project Satellite-based communications systems within IPv6 (SATSIX). This project will implement innovative concepts and for broadband satellite systems and services. The MPEG-2 Transport Stream (TS) has been widely accepted not only for providing digital TV services, but also as a subnetwork technology for building IP networks. RFC 4326 [6] describes the Unidirectional Lightweight Encapsulation (ULE) mechanism for the transport of IPv6 (& IPv4) Datagrams and other network protocol packets directly over the ISO MPEG-2 Transport Stream as TS Private Data. ULE specifies a base encapsulation format and supports an extension format that allows it to carry additional header information to assist in network/Receiver processing. The encapsulation satisfies the design and architectural requirement for a lightweight encapsulation defined in RFC 4259 [7] , which states that ULE must be robust to errors and