Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Slides:



Advertisements
Similar presentations
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Advertisements

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
A Brief Taxonomy of Firewalls
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Chapter 13 – Network Security
Common Devices Used In Computer Networks
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Security Requirements for Software Defined Networks Internet Area WG IETF 85: Atlanta November 4, 2012 Margaret Wasserman
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
August 2, 2005draft-vidya-mipshop-fast-handover-aaa-00 Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-00.txt) Vidya Narayanan Narayanan.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Security Support for Multi-cast Traffic in M2M communication Document Number: IEEE C802.16p-10/0032 Date Submitted: Source: Inuk Jung, Kiseon.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
0 NAT/Firewall NSLP IETF 63th – August 2005 draft-ietf-nsis-nslp-natfw-07.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
IPSecurity.
Open issues with PANA Protocol
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
Encryption and Network Security
PANA Issues and Resolutions
Chapter 18 IP Security  IP Security (IPSec)
IT443 – Network Security Administration Instructor: Bo Sheng
Securing the Network Perimeter with ISA 2004
Module 4 Remote Login.
Introduction to Networking
* Essential Network Security Book Slides.
Firewalls Jiang Long Spring 2002.
Firewalls.
Presentation transcript:

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng Zhang Huawei

PCP Security Models PCP Base draft defines two threat models: – Simple Threat Model Not concerned about spoofing by on-link attackers Goal to be no _less_ secure than implicit mappings Imposes limits on PCP operation – Advanced Threat Model For use in all cases where the limitations of the simple threat model are not acceptable Requires authentication and integrity protection PCP Authentication draft proposes a security mechanism to address this threat model

Simple Threat Model A PCP Server is secure under this threat model if the PCP Server is constrained so that it does not configure any explicit mapping that it would not configure implicitly. Goal is to be secure against off-path attackers who cannot spoof a packet that appears to come from the internal network – Other nodes on the internal network are considered friendly/non-threats

Typical STM Limitations All internal hosts are within a single administrative domain, or can be securely partitioned by PCP Server Explicit mappings are created with the same lifetime as implicit mappings The PCP server does not support deleting or reducing the lifetime of existing mappings The PCP server does not support the THIRD_PARTY option MAP is supported only if the security policy on the device running the PCP Server would permit endpoint independent filtering of implicit mappings

Advanced Threat Model PCP Requests that do not meet the limitations of the Simple Threat Model must be authenticated and integrity protected – Includes all DELETE operations, THIRD_PARTY options, and mappings that would not be made implicitly A PCP client may send, and a server may accept, unauthenticated requests that match the Simple Threat Model _and_ authenticated requests that support the Advanced Threat Model

PCP Security Use Cases (1) Security infrastructure equipment (such as corporate firewalls) that does not create implicit mappings Equipment (such as CGNs or service provider firewalls) that serve multiple administrative domains and do not have a mechanism to securely partition traffic from those domains Any implementation that wants to be more permissive in authorizing explicit mappings than it is in authorizing implicit mappings Proxies or other implementations that support the THIRD_PARTY Option Implementations that wish to support any deployment scenario that does not meet the constraints described in the STM

PCP Security Goals Make simple things simple – Operations that fit within the Simple Threat Model don’t have to use PCP Authentication Make complex things possible – Operations that do _not_ meet the constraints of the STM can be performed using PCP Authentication

PCP Authentication Overview PCP Authentication relies on EAP for authentication and key derivation – Use of EAP is consistent with widely deployed enterprise security systems – Can also scale down to simple shared keys for a single proxy/PCP server combination Mechanism allows for both client-initiated and server-initiated security – Clients can choose to make secure requests – Servers can force authentication when needed Largely based on PANA (RFC 5191)

PA Messages In a PA session, PA-Request messages are sent from Servers to Clients, PA-Answer messages are sent from Clients to Servers. An EAP request message MUST be transported within a PA-Request message, and an EAP answer messages MUST be transported within a PA-Answer message. When a PCP device receives a PA- Request or a PA- Answer message from its partner and cannot generate a response within a pre-specified period, the PCP device will reply with a PA-Acknowledge message to indicate that the message has been received.

Session Initiated by PCC PCC-Initiation (SeqNum=0, Session ID=0) PA-Request (SeqNum=0 Session ID=ID) PCC PCS PCC-Initiation (SeqNum=1, Session ID=ID) PCC-Request (SeqNum=1, Session ID=ID)

Session Initiated by PCS Any PCP message other than a PA message PA-Request (SeqNum=0 Session ID=ID) PCC PCS PCC-Initiation (SeqNum=0, Session ID=ID) PCC-Request (SeqNum=1, Session ID=ID)

Algorithm Agility Session partners agree on a Pseudo-Random Function (PRF) for the transport key derivation and a MAC algorithm to provide data origin authentication for subsequent PCP signaling packets. – The Server appends a set of PRF Options and MAC Algorithm Options to the initial PA-Request message – The Client selects a PRF and a MAC algorithm, and sends back a PA-Answer with a PRF Option and a MAC Algorithm Option for the selected algorithms.

Authentication Results The last PA-Request message transported within a PA session carries the EAP authentication and PCP authorization results. If the EAP authentication succeeds, the result code of the last PA- Request is Authentication- Success If the EAP authentication fails, the result code of the last PA-Request is Authentication-Failed If the EAP authentication succeeds but Authorization fails, the result code of the last PA- Request is Authorization-Failed

Session Termination A PA session can be explicitly terminated by sending a termination-indicating PA Acknowledge message from either session partner After receiving a termination-indicating message from the session partner, the other PCP device involved in the session MUST response with a termination- indicating PA Acknowledge message and remove the PA SA immediately When the session partner initiating the termination process receives the acknowledge message, it will remove the associated PA SA immediately

PA Security Association (1) IP address and UDP port number of the Client IP address and UDP port number of the Server Session Identifier Sequence number for the next outgoing PCP message Sequence number for the next incoming PCP message Last transmitted message payload Retransmission interval MSK

PA Security Association (2) MAC algorithm: The algorithm that the transport key should use to generate digests for PCP messages. Pseudo-random function: The pseudo random function negotiated in the initial PA-Request and PA-Answer exchange for the transport key derivation Transport key: the key derived from the MSK to provide integrity protection and data origin authentication for the messages in the PA session. The life time of the transport key SHOULD be identical to the life time of the session.

Sequence Number (1) Every PCP packet exchanged during EAP authentication must carries an monotonically increased sequence number. During a PA session, each PCP device needs to maintain two sequence numbers, one for incoming packets and one for outgoing packets. When generating an outgoing PCP packet, the device attaches the next outgoing sequence number to the packet After confirming that an incoming packet is valid, the device increments the incoming sequence number by 1

Sequence Number (2) However, the above rules are not applied to following conditions – When receiving or sending out a PA- Acknowledgement message, the device MUST not increase the correspondent sequence number. – Message retransmission

Any Questions? Is the WG interested in adopting this document as a PCP WG Work Item?