Security IP handoff

Kurzfassung des Vortrags No. 18

IP connectivity is fast becoming the default way to hand off real time media flows.
This brings with it incredible flexibility;
• multiple flows can be handed off in a single interface
• each flow can be any type of media flow (video, audio, metadata)
• each video and audio flow can be any format and resolution (e.g. video can be SD, HD, UHD, 8k)
• standard IT technology can be used for interfacing, transport and control

The challenge that is also brought by this flexibility is a significant one of security of the hand-off.
The security challenges exist for both the media flows themselves and the control signals that are typically required.

Media flows have several relatively unique properties compared with typical IT traffic:
• they are big and can be massive! (anything from 1Mbps to 20Gbps per flow!)
• they are usually multicast
• they are UDP – so packet loss is unacceptable
Classic IT firewalls are typically not viable to handle the above traffic profiles and don’t necessarily address the ‘border’ requirements

There are several things that need to be handled at the point of handoff between entities, including:
• Inherent blacklisting of all flows (full isolation)
• High bit rate multicast capable forwarding plane Network Address Translation
• Proxying of permitted control data flows in each direction
• Termination of internal protection mechanisms (e.g. 2022-7 RTP diversity packet merge)
• Termination of external protection mechanisms (e.g. 2022-7, FEC, ARQ)
• Tunnelling for external connectivity

This presentation will cover the requirements, the industry solutions that cover some of this and best practice for approaching this challenge