Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Slides:

Advertisements

Similar presentations

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

Digital Signatures and Hash Functions. Digital Signatures.

Software Certification and Attestation Rajat Moona Director General, C-DAC.

IETF OAuth Proof-of-Possession

1 IETF OAuth Proof-of-Possession Hannes Tschofenig.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Applied Cryptography for Network Security

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Chapter 8 Web Security.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date:

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Karlstad University IP security Ge Zhang

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Network Security David Lazăr.

IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.

(c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/ Nobuhiro Electric.

Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

ROLL RPL Security IETF 77 status

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

IETF66 DIME WG John Loughney, Hannes Tschofenig and Victor Fajardo 3588-bis: Current Issues.

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

End-to-middle Security in SIP draft-ono-sipping-end2middle-security-04 Kumiko Ono IETF62.

IETF68 DIME WG Open Issues for RFC3588bis Victor Fajardo (draft-ietf-dime-rfc3588bis-02.txt)

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

K. Salah1 Security Protocols in the Internet IPSec.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Cryptography CSS 329 Lecture 13:SSL.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Phil Hunt, Hannes Tschofenig

Cryptographic Hash Function

Securing the CASP Protocol

The Secure Sockets Layer (SSL) Protocol

Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS

Electronic Payment Security Technologies

Diameter ABFAB Application

Presentation transcript:

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig Dime WG, IETF#83

Overview Two aspects: Authentication and Key Exchange Actual AVP protection. Requirements. Strawman solutions proposal.

Requirements Provide end-to-end security properties to Diameter on top of existing hop-by-hop security model. Works with existing request routing and through agents that might modify parts of the message (like rearrange AVPs). Decouple key management from actual e2e AVP security protection. Offer both integrity and confidentiality protection. Easy to integrate into existing Diameter applications (integrity protection).

Strawman Proposal in draft-korhonen-dime-e2e-security-00 This solution focuses on protecting Diameter AVPs. To offer the functionality two AVPs are defined: Signed-Data (octet string) for integrity protection of one or more AVPs. Encrypted-Data (octet string) for confidentiality protection of one or more AVPs. Re-use existing security mechanisms. A few choices available including: CMS XML DSIG/Encryption JSON We use JSON due to ease of implementation: JSON Web signature (JWS) for integrity protection JSON Web Encryption (JWE) for confidentiality protection Not tied to a specific Diameter application. Authentication and key management is not part of this proposal: Likely that “one size fits all” approach will not work due to different deployment environments

Signed-Data AVP The AVP carries JSON Web Signature (JWS) of one or more of AVPs. Each protected AVP is hashed and the hash is included into the JWS payload. Hashed AVPs are linked to “originals” using their AVP Code. If there are multiple instances of the same AVP, you hash them all and do one by one verification -> allows for rearranging AVPs and detection of addition/removal/modification of AVPs. Both JWS Payload and signature use the same hash algorithm of the cryptographic algorithm indicated in the JWS Header. Can be included into existing Diameter applications.

Encrypted-Data AVP The AVP carries JSON Web Encryption (JWE) data structure and the JWE Payload embeds of one or more protected AVPs. Cannot be used with existing Diameter applications since encrypted AVPs are embedded inside the Encrypted-Data AVP(s).

Error Handling Transient failures DIAMETER_KEY_UNKNOWN - A Signed-Data or an Encrypted-Data AVP is received that was generated using a key that cannot be found in the key store. To recover a new end-to-end key establishment procedure may need to be invoked. Permanent failures DIAMETER_DECRYPTION_ERROR - This error code is returned when an Encrypted-Data AVP is received and the decryption fails for an unknown reason. DIAMETER_SIGNATURE_ERROR - This error code is returned when a Signed-Data AVP is received and the verification fails for an unknown reason.

Questions? Comments?