INRIA Rhône-Alpes - V. Roca - RMT Meeting IETF 71 st – Philadelphia, March 2008 Vincent Roca.

Slides:



Advertisements
Similar presentations
Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.
Advertisements

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
INRIA Rhône-Alpes - Planète research group 1 Security and RMT Protocols: TESLA I-D simple-auth I-D rmt-sec I-D IETF 69 th – Chicago meeting, July 2007.
FCAST update TESLA update IETF 76 – Hiroshima, November 2009 V. Roca (INRIA)
Digital Signatures and Hash Functions. Digital Signatures.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Principles of Information Security, 2nd edition1 Cryptography.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
The Project AH Computing. Functional Requirements  What the product must do!  Examples attractive welcome screen all options available as clickable.
Overview of Mini-Edit and other Tools Access DB Oracle DB You Need to Send Entries From Your Std To the Registry You Need to Get Back Updated Entries From.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
SIP working group status Keith Drage, Dean Willis.
Masud Hasan Secue VS Hushmail Project 2.
© 2012 IBM Corporation 3 rd Party Registration & Account Management 1 1 SMT 2015 Approved AMWG Change Requests.
Secure Socket Layer (SSL)
Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.
1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.
Moodle (Course Management Systems). Assignments 1 Assignments are a refreshingly simple method for collecting student work. They are a simple and flexible.
INRIA Rhône-Alpes - Planète research group Reed-Solomon FEC I-D LDPC-* FEC I-D TESLA I-D Simple-auth I-D IETF 70 th – Vancouver meeting, November 2007.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Word Lesson 13 Sharing Documents Microsoft Office 2010 Advanced Cable / Morrison 1.
Simple Authentication schemes for ALC and NORM draft-ietf-rmt-simple-auth-for-alc-norm-00 IETF 73 – Minneapolis, November 2008 Vincent Roca (INRIA)
0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 14.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
1 SIPREC Recording Metadata for SRS (draft-ietf-siprec-metadata-03) July 28, 2011 IETF 81 meeting Ram Mohan R On behalf of the team Team: Paul Kyzivat,
INRIA Rhône-Alpes - V. Roca - 1 FCAST: Scalable Object Delivery on top of the ALC Protocol IETF 68 th – Prague meeting, March 2007 Vincent Roca (INRIA)
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.
1 About Network Coding Related Patents Vincent Roca (Inria, France) IETF92, NWCRG meeting March 27 th 2015, Dallas.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Submission doc.: IEEE ai September 2012 Lei Wang, InterDigital CommunicationsSlide 1 Ad Hoc Discussions of ai Passive Scanning during.
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Private key
Submission doc.: IEEE 11-13/0526r1 May 2013 Donald Eastlake, HuaweiSlide 1 Sub-Setting Date: Authors:
BEA position on W3C ‘Web Services’ Standards Jags Ramnarayan 11th April 2001.
Simple Reed-Solomon FEC Scheme for FECFRAME draft-roca-fecframe-simple-rs-01 IETF 79 – Beijing, November 2010 V. Roca – M. Cunche (INRIA) J. Lacan – A.
Doc.: IEEE /0147r0 Submission January 2012 Rolf de Vegt (Qualcomm)) Slide ai Spec Development Process Update Proposal Date:
Doc.: IEEE /0568r0 Submission May 2012 Young Hoon Kwon, Huawei Slide 1 AP Discovery Information Broadcasting Date: Authors: NameAffiliationsAddressPhone .
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Doc.: Submission February 5, 2013 René Struik (Struik Security Consultancy)Slide 1 FILS Handling of Large Objects Date: Authors:
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
GOE FEC schemes GOE FEC schemes IETF83, March 26 th, 2012, Paris V. Roca, A. Roumy (Inria) B. Sayadi (ALU-BL)
Real time Stock quotes by web Service and Securing XML for Web Services security. Bismita Srichandan
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Doc.: Submission May 14, 2013 Rene Struik (Struik Security Consultancy)Slide 1 FILS Piggy-Backing Aspects Date: Authors: NameCompanyAddressPhone .
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
Open issues with PANA Protocol
IETF#67 – 5-10 November 2006 FECFRAME requirements (draft-ietf-fecframe-req-01) Mark Watson.
Goals of soBGP Verify the origin of advertisements
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
AP Discovery Information Broadcasting
FILS Handling of Large Objects
FILS Handling of Large Objects
ECE 544 Protocol Design Project: Description and Timeline
ECE 544 Project III Description and Timeline March 23, 2018
FILS Handling of Large Objects
Explanations for CR on NDP feedback report
Discussion on TESLA Based Frame Authentication
Presentation transcript:

INRIA Rhône-Alpes - V. Roca - RMT Meeting IETF 71 st – Philadelphia, March 2008 Vincent Roca

INRIA Rhône-Alpes - V. Roca - Outline RMT Security mTESLA for ALC/NORM status mSimple Authentication Schemes mRMT securityI-D: what’s next? FCAST mstatus mwhy should it be considered? mnext steps

INRIA Rhône-Alpes - V. Roca - RMT Security Discussion

INRIA Rhône-Alpes - V. Roca - TESLA for ALC/NORM status basically mIMHO the specification is now stable mready for WGLC? ( ⇒ wednesday MSEC meeting) mwe implemented most of it to cross-check the specification... mseems to work but we did not test it thoroughly, though ma serious test campaign is planned

INRIA Rhône-Alpes - V. Roca - TESLA for ALC/NORM status... (cont’) what we did in new version, in short mnew bootstrap information message format that contains a “key chain commitment” rather than disclosing a key ⇒ in line with some authentication tags madded a “crypto function type” field/IANA registry to be used with digital signatures mfinished description of the steps needed to authenticate incoming packets mclarified the use of multiple key chains metc. See (03/09/08) for technical details

INRIA Rhône-Alpes - V. Roca - Simple Auth Schemes for ALC/NORM no progress... mat IETF’70 the decision was to wait feedback from NRL guys who worked on NORM security mNORMS proposal is based on asymmetric crypto for downstream flow ⇒ it’s what the above I-D enables mNORMS proposal for upstream traffic is based on a (private?) TTP (Trusted Third Party), not necessarily a PKI certification authority. IMHO the proposal is not sufficiently mature at this level, but may contain interesting ideas to further develop ⇒ needs further discussion with the authors...

INRIA Rhône-Alpes - V. Roca - RMT security discussion I-D no progress... mwe (authors/group) clearly need to decide what we want to do with this doc... mour proposal: mrestrict its scope a little bit... it’s not a survey of all possible security aspects! mand decide that either we can come to IETF’72 with a consolidated document or we give up the work

INRIA Rhône-Alpes - V. Roca - FCAST Discussion

INRIA Rhône-Alpes - V. Roca - FCAST what has been done so far? minitial I-D in March 2007 ma few discussions on the mailing list ma call for volunteers (still open...) m...and that’s all for the moment why another file transfer application? 1. it’s lighter (this is one of the goals) 2. it’s efficient with both ALC and NORM 3. it addresses more efficiently simple use-cases 4. it bypasses Nokia’s IPR claim on FLUTE

INRIA Rhône-Alpes - V. Roca - 1- Is FCAST lighter? is it really lighter? myes if we remain in line with the 2000 proposal, i.e., append the meta-data to the file being sent in an aggregate object what is supposed to be lighter? mthe specifications... a little bit mthe implementation and processing overhead... yes mbecause there’s no need to keep a database of the session’s objects and their meta-data the meta-data of an object are processed immediately

INRIA Rhône-Alpes - V. Roca - Is FCAST lighter? (cont’) mbecause meta-data is processed only once, just on time whereas “FDT Instances can be equal to, a subset of, a superset of, or complement any other FDT Instance” ⇒ requires to process each and every FDT Instance mbecause the meta-data format/processing are simpler in, there is no XML format but a simple list: : CR as for the HTTP object metainformation ⇒ no need for an XML parser even with an XML format (other option) there would be fewer elements/attributes

INRIA Rhône-Alpes - V. Roca - Is FCAST lighter? (cont’) mbecause the sender does not have to care about the optimal transmission strategy for meta-data whereas with FDT Instances in on-demand: what tx rate for FDT Instance? how often (even with static session)?

INRIA Rhône-Alpes - V. Roca - 2- Is FCAST efficient with ALC and NORM? I implemented FAST/ALC/NORM it in the past mthe same application was running on top of both protocols without problem, with very minor per protocol adaptations msee for more info and a (very old!) open-source implementationhttp://planete-bcast.inrialpes.fr FCAST/NORM is more efficient than FLUTE/NORM in on-demand mode mwith FLUTE/NORM the FDT Instance is sent periodically mwith FCAST/NORM meta-data is sent once, just on time

INRIA Rhône-Alpes - V. Roca - 3- Is it more efficient with simple use-cases? use-case considered: meach receiver is interested by all the objects sent in the LCT channel(s) he has joined why is it more efficient? mFLUTE limited by FDT Inst/object interdependency mthe object cannot be processed before processing the associated meta-data in an FDT Instance mFCAST is not mbecause meta-data is directly attached to the object

INRIA Rhône-Alpes - V. Roca - Is it more efficient... (cont’) mRod’s suggestion to improve FLUTE’s behavior ( 01/24/08): mbundle meta-data (or subset) within an aggregate object myes we can streamline the FDT Instance (and send it more often) and move a subset of meta-data in the aggregate objects... m... but: it adds one more layer of complexity: composite objects it does not solve totally the interdependency problem since processing the FDT Instance is needed to know it’s a composite object

INRIA Rhône-Alpes - V. Roca - Is it more efficient... (cont’) another good point for FCAST mmeta-data benefits from the FEC encoding of the object mwhereas an FDT Instance fits within a small # of packets which makes their protection difficult m ⇒ repetition is often the only solution to improve robustness with FLUTE

INRIA Rhône-Alpes - V. Roca - 4- It bypasses Nokia’s IPR claim if we stay inline with the initial proposal, as already said: mFCAST is described in the first ALC I-D: mpublished on March 8th, 2000 mwhereas Nokia’s IPR claim: mDATACAST FILE TRANSMISSION WITH META-DATA RETENTION i?ipr_id=733https://datatracker.ietf.org/public/ipr_detail_show.cg i?ipr_id=733 mpriority date: January 31, 2003

INRIA Rhône-Alpes - V. Roca - What’s next? a final comment: mFLUTE is a versatile tool whereas FCAST is more specialized, with a more narrow scope. It’s important to keep this in mind while reading the previous slides... if the group agrees... mBrian and myself propose a mature -01 version for IETF’72 mother volunteers are still welcome

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.