Securing the CASP Protocol Hannes Tschofenig CT IC 3

Creating a Security Solution for CASP Threat-Analysis Security Requirements Framework Thoughts Custom Security Existing Security Key Management (authentication, authorization, session key establishment), Signaling message protection (integrity, confidentiality, replay protection), authorization, denial of service protection, identity protection, topology hiding, protocol specific security issues

CASP Protocol Parts Implication for Security Many usage scenarios have to be supported Unlike RSVP a transport connection is established Unlike RSVP the next peer has to be known in advance before a CASP payload message is sent Using existing security mechanisms does not always fit 100% CASP tries to be more complete than RSVP Security also includes key management aspects and addresses framework issues

Security for the Discovery Component The Scout Protocol Threat Denial of service attacks, man-in-the-middle attacks, downgrading of security or capabilities Problems Other node is unknown (reason for discovery) Message is restricted to a single roundtrip and message size is small Security protection can easily introduce other attacks such as DoS Solution Scout message contains only very few protection mechanisms BUT Subsequent the subsequent message exchange has to repeat information and Has to provide some additional security verifications

Security for the Transport Layer Threat Attacks against the transport layer can cause a connection abort. Problems Vulnerability of TCP itself TLS does not protect TCP header Solution If attack is a concern then Use IPSec at network layer Use the more robust SCTP

Security for the Messaging Layer Threat Messaging layer contains security relevant information for a variety of attacks Problems More than a single security mechanisms has to be supported (for different parts of the network and different usage scenarios) Solution IPSec TLS (possibly with EAP on top of it) Many different key exchange protocols supported (IKE, KINK, SOI, etc.) Efficiency gained by reusing security association more a number of client-layers and a number of messages.

Security for the Client-Layers Threat Intermediate CASP node is able to inspect and modify information Problems Peer-to-Peer protection not always sufficient Examples: Authorization tokens, transport of local information, selectively protecting objects, transporting sensitive information Solution CMS used to selectively wrap objects and to provide protection for them. For investigation: Reusing of a CMS security association

Miscellaneous Issues Non-Repudiation Rarely required Supported for client-layer protocols by using digitally signed encapsulated objects (CMS) and possibly applying a counter-signature by the other party Denial of Service Prevention Network Topology Hiding Supported for Record Route object Additionally supported by removing addresses from a (strict or loose) route object

Miscellaneous Issues Authorization Supports both “online” or “offline” authorization “Online” authorization requires protocol interaction with third party entity (AAA-based). EAP/Diameter support is possible. Identity mapping possibly required “Offline” authorization supported via Kerberos authorization information or attribute certificate Authorization language is open issue – research required. Usage of specific authorization information is scenario and environment dependent.

Are there any questions?