draft-ietf-lisp-sec-12

Slides:

Advertisements

Similar presentations

LISP Mobile Node LISP Mobile Node draft-meyer-lisp-mn-00.txt Dino Farinacci, Vince Fuller, Darrel Lewis and David Meyer IETF StockholmHiroshima LISP Working.

Advertisements

Internet Protocol Security (IP Sec)

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

IETF 72 – July 2008 Vince Fuller, Darrel Lewis, Eliot Lear, Scott Brim, Dave Oran, Noel Chiappa, John Curran, Dino Farinacci, and David Meyer LISP Deployment.

1 draft-fuller-lisp-ddt-01 DDT Security V. Fuller, D. Lewis, V. Ermagan Presenter: Vina Ermagan IETF 83, Paris – March 2012.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Petteri Sirén. Content Preface Locator/ID Separation Protocol (LISP) How LISP works Methods how LISP was studied Test cases Result Summary.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

LISP Mapping Request Format And related topics Joel M. Halpern

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 New LISP Mapping System: LISP-DDT Presentation to LNOG Darrel Lewis on behalf.

LISP BOF, IETF Dublin, July, 2008 Vince Fuller (for the LISP crew) LISP+ALT Mapping System.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.

NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.

LISP Deployment Scenarios Darrel Lewis and Margaret Wasserman IETF 76, Hiroshima, Japan.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

1 GDOI Changes to Update Draft draft-ietf-msec-gdoi-update-01 Sheela Rowles Brian Weis.

7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.

LISP Map Server LISP WG IETF-74 San Francisco draft-fuller-lisp-ms-00.txt Vince Fuller & Dino Farinacci.

LISP L2 and L3 EID mobility using a unified control plane draft-portoles-lisp-eid-mobility-00 IETF 95 – Buenos Aires Vrushali Ashtaputre Dino Farinacci.

1 LISP-DDT implementation status and deployment considerations Vince Fuller/Darrel Lewis, Cisco IETF-85 Atlanta, GA.

IDR WG, IETF Dublin, August, 2008 Vince Fuller (for the LISP crew) LISP+ALT Mapping System.

Richard EAP-WAI Authentication Protocol Stockholm, IETF 75th draft-richard-emu-wai-00.

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

LISP Control Plane for NVO3 <draft-maino-nvo3-lisp-cp-00>

Security Issues with Domain Name Systems

Analysis of secured VoIP services

LISP Implementation Report

IETF/IRTF Vancouver - December 2007

Draft-ermagan-lisp-nat-traversal-00 Vina Ermagan, Dino Farinacci, Darrel Lewis, Fabio Maino, Jesper Skriver, Chris White Presenter: Vina Ermagan IETF.

LISP BOF, IETF 72 Dublin, July, 2008 Darrel Lewis (for the LISP crew)

Secure Proxy ND Support for SEND draft-krishnan-csi-proxy-send-00

Phil Hunt, Hannes Tschofenig

Cryptography and Network Security

Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.

SECURING NETWORK TRAFFIC WITH IPSEC

UNIT.4 IP Security.

for IP Mobility Protocols

ERP extension for EAP Early-authentication Protocol (EEP)

Softwire Security Update

S/MIME T ANANDHAN.

The Tunneled Extensible Authentication Method (TEAM)

IDR WG, IETF Dublin, July, 2008 Vince Fuller (for the LISP crew)

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

Maryna Komarova (ENST)

draft-ipdvb-sec-01.txt ULE Security Requirements

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

A Blockchain-based Mapping System

Lecture 10: Network Security.

Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

draft-ietf-dtn-bpsec-06

PANA enabling IPsec based Access control

Return Path in SFC OAM

BPSec: AD Review Comments and Responses

LISP YANG model (-09 update)

Presentation transcript:

draft-ietf-lisp-sec-12 F. Maino, V. Ermagan, A. Cabellos, D. Saucez IETF 97, Seoul – November 2016

Agenda Most Significant Changes LISP-SEC Overview Q&A Scope Threat Model LISP-SEC Operations Q&A

Most Significant Changes Section 6 (Security Considerations) Section 6.1 (Mapping System Security) states assumptions on mapping system security Section 6.4 (Deploying LISP-SEC) warns that according to RFC2119 the security implications associated with the LISP-SEC threat model need to be well understood before ignoring each specific “SHOULD” recommendation. Two examples are brought up: allowing transport of unencrypted OTK between xTR and MS/MR allowing ETR/MS to choose HMAC algorithms different than the one specified by the ITR

Most Significant Changes (cont) Section 7 (IANA Considerations) rewritten to be compliant with RFC 5226. Registries have been requested, and provisioned with initial values, for: ECM Authentication Data Type Map-Reply Authentication Data Type LISP-SEC Authentication Data HMAC ID LISP-SEC Authentication Data Key Wrap ID LISP-SEC Authentication Data Key Derivation Function ID

LISP-SEC Overview

Scope Protect the Map-Request/Map-Reply exchange Map-Reply origin authentication, anti-replay and integrity protection Protect from over claiming attacks Prevent the ETR from over claiming EID prefixes

Threat Model Map Resolver Map Server ITR ETR Site Y Site X ITR ETR Mapping System Map Resolver Map Server 1.1.0.0/16 -> {RLOC} D=1.1.0.10, S=2.2.2.5 ITR EID 2.2.2.5 ETR Site Y Site X 1.1.0.0/16 ITR ETR

Threat Model The Mapping System is secure and well functioning, and delivers Map-Requests to their intended destinations as identified by the EID EID prefix authorization is delegated to mapping Server Configuration Mapping Server asserts EID prefix authorization Mapping Server is trusted to do proper RLOC mapping (proxy case) In the case of ALT Mapping System (as an example), GRE tunnels prevent Man-in-the-Middle (MiM) attacks and provide integrity and confidentiality of the information carried over ALT (i.e. the nonce and the OTK) GRE tunnels can be secured with IPsec Since the LISP-MN ETR is authoritative for his own EID prefix, we need to verify how the ETR certificate can be used to assert prefix authorization in RPKI

Threat Model (II) MiM attacks can be mounted outside, and only outside, of the Mapping System infrastructure ETR can mount prefix overclaiming attacks maliciously or unintentionally (e.g. because the ETR is hacked/compromised)

One-Time Keyed HMAC on Map-Request/Reply Mapping System OTK Map Resolver OTK-ETR = HKDF(OTK) Map-Request 1.1.0.10, n, OTK Map Server K 1.1.0.0/16 -> {RLOC} Map-Request 1.1.0.10, n AES_wrap_keyK(OTK) K’ Map-Request 1.1.0.10,n AES_wrap_keyK’(OTK-ETR=HKDF(OTK)) EID-AD: HMACOTK-MS[{EID prfx}] K D=1.1.0.10, S=2.2.2.5 ITR K’ 1.1.0.10: n=nonce, OTK=One Time Key EID 2.2.2.5 OTK-ETR Map-Reply 1.1.0.10, n EID-AD: HMACOTK-MS[{EID prfx}] LOC-AD: HMACOTK-ETR[{Rlocs}] ETR Site Y Site X 1.1.0.0/16 ETR ITR

Thanks!