Page 385 - 5G Basics - Core Network Aspects
P. 385

Core network aspects                                            1


            After  the  discussion  above  on  various  complex  issues  to  be  taken  care  of  by  the  combination  of  the
            MC-Streaming service overlying upon the multi-connection architecture, MC-Streaming is recommended to
            adopt mechanisms to avoid redundant authentication operations.
            Single Sign On (SSO), for instance, or a unified registration mechanism can optionally be deployed to simplify
            the authentication procedure across multiple networks. This authentication results in one access network
            that can also optionally be utilized to complete the authentication of other access networks.

            10.2.3  Digital right management

            For MC-Streaming, there also exist security threats such as unauthorized usage, illegal copy and so on.
            In the multi-connection environment, the transmission paths of streaming content are more complicated
            than that of a legacy network environment. Operations such as streaming content distribution, transmission,
            acquisition, storage and redistribution between content sources, and terminal devices are susceptible to
            network  attacks,  causing  security  threats  such  as  content  intercepted,  tempered,  unauthorized  usage,
            unauthorized copying or unauthorized redistribution.
            Unlike the general data service, a streaming flow is composed of media content, such as audio streaming,
            video  streaming,  image  streaming,  etc.  In  order  to  prevent  unauthorized  use  and  illegal  copy,  it  is
            recommended that multi-connection streaming supports Digital Right Management (DRM) to protect the
            copyright  of  streaming  content.  Using  DRM,  only  authorized  subscribers  have  permission  to  access  the
            streaming content. Otherwise, an illegal copy of it cannot be replayed, even when it is been obtained. DRM
            solutions  include  digital  watermarking,  copyright  protection,  content  tracking,  digital  signature,  data
            encryption and others.

            10.3    Network security

            Network  access  authentication  is  a  prerequisite  to  protect  network  security.  In  multi-connection,
            authentication and authorization are also recommended to be supported to ensure security.

            Therefore,  the  content  of  MC-Streaming  is  also  recommended  to  be  protected  during  its  transmission
            throughout  the  networks,  as  well  as  when  it  is  acquired,  consumed,  stored  and  retransmitted  by  end
            subscribers. The protection mechanisms include encryption, watermarking, tracing, identification and other
            mechanisms. Otherwise, illegal network monitoring may break data confidentiality.
            Detection and prevention mechanisms are recommended to be deployed against network attacks such as
            denial of service (DoS) and network intrusion, since these threats target specific network elements (e.g.,
            routers and switches) and resources (e.g., bandwidth).
            Different  access  networks may  provide  different security  levels,  which may  cause vulnerabilities to MC-
            Streaming.  For example, the  payment  for  data when  ordering  a  video  is  not suitable  to  be  transmitted
            through WLAN, which is easily monitored and not safe enough. Among the solutions for this case include for
            instance selecting a network with a higher security level and encrypting data before transmission. In addition,
            it is also important to provide protection from attacks; e.g., DoS attacks from less secure intruding networks.

            10.3.1  Access control
            Access  control means to protect  against  unauthorized  usage  of  network  resources.  It  ensures  that  only
            authorized personnel or devices are allowed to access network elements, store information, and modify
            information flows, services and applications.

            For MC-Streaming, subscribers are able to access the service through multiple access networks. Different
            access networks have different security mechanisms and provide different security levels. It is required that
            MC-Streaming prevents unauthorized users from accessing networks and services through networks with
            lower security levels. Otherwise, security issues may arise, such as information disclosure and other related
            security problems to this service and to its underlying networks. Therefore, MC-Streaming is recommended
            to provide unified access control mechanisms to protect user requests from different access networks.






                                                                                                         375
   380   381   382   383   384   385   386   387   388   389   390