RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

Slides:



Advertisements
Similar presentations
U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
Advertisements

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Computer Security and Penetration Testing
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Applied Cryptography for Network Security
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
K. Salah1 Security Protocols in the Internet IPSec.
SSH Secure Login Connections over the Internet
J.H.Saltzer, D.P.Reed, C.C.Clark End-to-End Arguments in System Design Reading Group 19/11/03 Torsten Ackemann.
Cryptography and Network Security
IP Security: Security Across the Protocol Stack
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
IGMP
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Karlstad University IP security Ge Zhang
Practical Byzantine Fault Tolerance
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
A Technical Review of ROC, Cryptographic Context, Indices, and Sliding Windows.
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )
K. Salah1 Security Protocols in the Internet IPSec.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
CS457 Introduction to Information Security Systems
IPSecurity.
Denial of Service attack in IPv6 networks and Counter measurements
Analysis of secured VoIP services
Network Security Mechanisms
Inter domain signaling protocol
Encryption and Network Security
Some Important Network Characteristics for Security
Outline Basics of network security Definitions Sample attacks
CSE 4905 Network Security Overview
Security in Networking
Computer Networks Protocols
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism to protect RSVP message integrity hop by hop." - RFC 2747 F.Baker, B.Lindell, M.Talwar. January 2000, IETF (Internet Engineering Task Force) RFC 2747 Presented by: Colin Coghill September, 2000.

Contents * What is RSVP? When might we need it? How does it operate? What would we lose if we don't protect it? * RSVP Authentication. Overview. Some details. * Notes and Conclusions. * Questions.

What is RSVP? * Resource ReSerVation Protocol * RSVP is defined in RFC "The RSVP protocol is used by a host to request specific qualities of service from the network..." * It is an "Out of Band" signalling protocol. * RSVP messages travel only in one direction.

An RSVP Conversation Client Video Server Router

An RSVP Conversation Client Video Server Router Request

An RSVP Conversation Client Video Server Router Request Guaranteed bandwidth.

An RSVP Conversation Client Video Server Router Request

An RSVP Conversation Client Video Server Router

What is at risk? What do we stand to lose if RSVP is successfully attacked? * Network Resources. (Bandwidth, Real-time traffic, Reliability) * Service or Quality. (A denial of service attack on a competitor might make them lose customers)

Authentication Overview * RSVP Authentication gives us message integrity and node authentication. * It leaves us with a choice of algorithms, although HMAC-MD5 is suggested. * Both the message, and the authentication information are not confidential. * If a message fails to authenticate, it will usually be ignored.

INTEGRITY Object

Sequence Number * Provides protection from replay attacks. * Can be any increasing value. eg. A counter, or maybe based on a realtime clock. * 64 bit number. May wrap. * The server should not accept out-of-order packets.

Notes * RFC 2747 contains a lot of detail. * It is expected that a standard key management system will be used. * Receiver will ignore invalid messages, hoping that a correct one will be received before a timeout. * IPsec wasn't chosen because it has issues with firewalls.

Conclusions * I think the subject of network resource allocation will become important over the next few years. * RSVP Authentication is protecting resources which are tempting for the amateur cracker to attack. * While RSVP Authentication seems sensible and secure, I believe there may still be a way to attack RSVP itself.

Question 1 The RSVP Protocol will usually ignore packets that fail to authenticate correctly. * Could this be abused by someone who can alter packets "on the wire"?

Question 2 I've included a summary of RSVP itself, whereas the main point of the presentation is supposed to be on a proposed authentication method for it. * When evaluating a security method, should you spend much time investigating its environment? * If so, how much?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.