PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein.

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture 6: Web security: SSL
Transport Layer Security (TLS) Bill Burr November 2, 2001.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections first (skipping 3.2.2)
Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein.
Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein.
Multipath TCP ACM Queue, Volume 12 Issue 2, pp. 1-12, February 2014 Christoph Paasch and Olivier Bonaventure University College London 1.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.
K. Salah1 Security Protocols in the Internet IPSec.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Management Security in distributed and remote network management protocols.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Establishing Host Identity Protocol Opportunistic Mode with TCP Option
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
IPSec Detailed Description and VPN
draft-jounay-pwe3-dynamic-pw-update-00.txt IETF 70 PWE3 Working Group
Chapter 5 Network Security Protocols in Practice Part I
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
November 14, 2016 Secure MAC algorithms for use with NTP draft-aanchal4-ntp-mac-03 CFRG: IETF97 Aanchal Malhotra Sharon Goldberg.
Wireless Protocols WEP, WPA & WPA2.
PW MUX PWE – 71st IETF 10 March 2008 Yaakov (J) Stein.
Chapter 16 – IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom.
Chapter 18 IP Security  IP Security (IPSec)
RPSEC WG Issues with Routing Protocols security mechanisms
CSE 4905 IPsec II.
Secure Sockets Layer (SSL)
Long-haul Transport Protocols
In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia
Softwire Security Update
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
CSCE 815 Network Security Lecture 13
MAC: Message Authentication Code
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Network Security (contd.)
draft-ipdvb-sec-01.txt ULE Security Requirements
Cryptography and Network Security
SSL (Secure Socket Layer)
csci5233 computer security & integrity (Chap. 4)
NET 536 Network Security Lecture 5: IPSec and VPN
Security Of Wireless Sensor Networks
Symmetric-Key Encryption
Outline Using cryptography in networks IPSec SSL and TLS.
Transport Layer Security (TLS)
Security of Wireless Sensor Networks
TDM Agreement There is rough consensus in the TDM DT for:
Label Switched Path (LSP) Ping for IPv6 Pseudowire FECs
Extended BFD draft-mirmin-bfd-extended
Data plane round-table Feedback
Lecture 36.
CSE 5/7349 – February 15th 2006 IPSec.
Lecture 36.
Cryptography and Network Security
Presentation transcript:

PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein

Reminder At IETF64 security threats were presented: PWs have special features that may be exploited by hackers PW control plane does not mandate authentication PW user packets have no authentication/encryption options draft-stein-pwe3-sec-req-00.txt reviews security requirements here we will mention a few solution ideas …

Control Protocol Authentication Problem many of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided if it is not possible to impersonate a PE thus PWE control protocol needs a strong authentication mechanism Solution 1 – MD5 use MD5 signature option (shared key per peer) per RFC3036 TCP segments of every LDP message (even hellos) are authenticated MD5 may be replaced by SHA-1 or any other message digest Solution 2 – authentication TLV for initialization new optional TLV in the initialization message use public key mechanism reject if no authentication TLV or if authentication fails

PW Packet Authentication Problems PW label is the only identifier in packet CW sequence number can be used for DoS attack Solution add optional authentication field between control word and payload (becomes a control word extension) lightweight option 32 bit CW extension (must be negotiated via a new LDP TLV) computed based on limited-size input, for example: sequence number + salt sequence number + checksum of payload heavyweight option 64 or 128 bit CW extension (must be negotiated via a new LDP TLV) hash of sequence number + payload WARNING: if performed in SW enables DoS attack

PW Packet Encryption at IETF-64 we discussed encrypting the PW payload Problem PW is not reliable – may lose packets (don’t even know how many bytes lost) so, can’t use stream cipher, CBC, CFB, etc. modes Solution 1 use ECB mode on sequence number + payload (including sequence number blocks replay attacks) Solution 2 generate per-packet key based on secret key and sequence number use ECB mode on payload

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.