J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca The KARP Working Group J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca.

Slides:



Advertisements
Similar presentations
RadSec – A better RADIUS protocol
Advertisements

IS-IS ESN TLV draft-chunduri-isis-extended-sequence-no-tlv-01 Uma Chunduri, Wenhu Lu, Albert Tian Ericsson Inc. Naiming Shen Cisco Systems, Inc. IETF 83,
RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Circuit & Application Level Gateways CS-431 Dick Steflik.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Discussion on IEEE metrics guidelines Document Number: IEEE R0 Date Submitted: Source: Antonio BovoVoice:
IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.
Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.
Karlstad University IP security Ge Zhang
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.
IETF 55 Nov A Two-Level Architecture for Internet Signaling draft-braden-2level-signal-arch-01.txt Bob Braden, Bob Lindell USC Information.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
K. Salah1 Security Protocols in the Internet IPSec.
Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines Philip Matthews Alcatel-Lucent.
Analysis of BFD Security According to KARP Design Guide draft-ietf-karp-bfd-analysis-01 draft-ietf-karp-bfd-analysis-01 Manav Bhatia Dacheng Zhang Mahesh.
Presentaion on ipsecurity Presentaion given by arun saraswat To lavkush sharma sir arun saraswat1.
CSCI 465 Data Communications and Networks Lecture 26
IPSec Detailed Description and VPN
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
Network Security Gene Itkis
<draft-ohba-pana-framework-00.txt>
Luyuan Fang Michael Behringer Ross Callon Jean-Luis Le Roux
47th IETF - Adelaide Chris Lonvick
PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt
Phil Hunt, Hannes Tschofenig
Encryption and Network Security
IP-NNI Joint Task Force Status Update
Chapter 18 IP Security  IP Security (IPSec)
Kumiko Ono End-to-middle Security in SIP draft-ietf-sipping-e2m-sec-reqs-04 draft-ono-sipping-end2middle-security-03 Kumiko Ono.
RPSEC WG Issues with Routing Protocols security mechanisms
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Internet and Intranet Fundamentals
Distributed Keyservers
UNIT.4 IP Security.
Support for Flow bindings in MIPv6 and NEMO
for IP Mobility Protocols
Goals of soBGP Verify the origin of advertisements
In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia
PAA-EP protocol considerations PANA wg - IETF 57 Vienna
Softwire Security Update
10CS835 Information Security
HTTP Enabled Location Delivery (HELD)
IP-NNI Joint Task Force Status Update
Computer Security Network Security
Group Key Management for PIM-SM Routers
draft-ipdvb-sec-01.txt ULE Security Requirements
Virtual Private Networks (VPNs)
Securing the CASP Protocol
IETF Liaison Report May 2004 Dorothy Stanley – Agere Systems
Policy-Based IPSec Management (Role combination)
Security Risanuri Hidayat 21 February 2019 security.
PAA-2-EP protocol PANA wg - IETF 58 Minneapolis
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Unit 8 Network Security.
PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein.
Tero Kivinen, AuthenTec
Tero Kivinen, AuthenTec
Chapter 6 IP Security.
Discussion Issues on IMS-based NGN
Presentation transcript:

J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca The KARP Working Group J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca

History Unwanted Internet Traffic IAB Workshop - March 2006 RFC 4948 Identified securing the routing protocols’ packets on the wire as a goal Agreement between Security ADs and Routing ADs: Define a roadmap

Keying and Authentication for Routing Protocols (KARP) Two BoFs Working Group just before IETF-77 Scope Message Authentication Packet Integrity Possible later: privacy and non-repudiation

Design Choices Change completely Change slowly Run everything inside IPsec Change slowly Accept what is there and strengthen it Design mechanisms to make it easier to manage

Planned Approach Enhance the routing protocols’ current authentication mechanisms For example, the PIM-SM linklocal work Define one or more Key Management Protocols Create and manage the session keys The framework must accept manual keying as one possibility

Incremental Approach Crawl, Walk, Run Some existing routers will not be able to run new functionality New functionality alters the routing performance balance and this may not be acceptable Security ADs have agreed to accept less than the “perfect” solution (for now)

Current Documents Threat Analysis and Requirements Design Guidelines draft-ietf-karp-threats-reqs Design Guidelines draft-ietf-karp-design-guide Framework draft-ietf-karp-framework

Step 1 KeyStore Configured PSK Traffic Keys Basic Routing Proto Define protected elements Strong algos Algo agility Secure use of simple PSK’s Inter-conn. replay protection Intra-conn. replay protection Change parameters forces change of traffic keys Use new key within a connection without data loss Efficient re-keying Prevent in-scope DoS Support manual keying All for future use of KMP KeyStore Configured PSK Traffic Keys Basic Routing Proto

Step 2 ID’s KMP Function Proof of ID’s KeyStore Layer in KMP Define Identifier types/formats Define ID proof mechanisms Re-use KeyStore Re-use Routing Proto’s Manual key structure Common Elements: KeyStore KeyStore-to-Routing Proto API KMP-to-KeyStore API KMP-to-Routing Proto API KMP Function KMP-to- KeyStore API Manual Keyset KeyStore KMP-to-Routing Proto API KeyStore-to- Routing Proto API Common Auth Mechanisms/I.F.’s Traffic Keys Basic Routing Protos

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.