Weak Identifier Multihoming Protocol (WIMP) draft-ylitalo-multi6-wimp-00.txt J. Ylitalo, V. Torvinen, E. Nordmark Vesa Torvinen Ericsson Research Nomadiclab,

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Web Security (SSL / TLS)

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

CONTEXT BINDING: An Emerging Problem in Cryptographic Protocols Catherine Meadows Naval Research Laboratory Code 5543 Washington, DC 20375

Georgy Melamed Eran Stiller

Host Identity Protocol

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .

IPSec/IKE Protocol Hacking ToorCon 2K2 – San Diego, CA Anton Rager Sr. Security Consultant Avaya Security Consulting.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

Cryptographic Hash Functions and Protocol Analysis

Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

Securing Open Source Enterprise VoIP Christian Stredicke/snom.

Secure Neighbor Discovery in IPv6 Jari Arkko Ericsson Research James Kempf DoCoMo US Labs.

Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

How To Not Make a Secure Protocol WEP Dan Petro.

1 Alternative (Future) Proposals for MIPv6 Security MIP6 BOF/WG IETF-57 Jari Arkko, Ericsson Research NomadicLab Charlie Perkins, Nokia Research Center.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao.

TCP/IP (Routing). Content DHCP And Mobile IP Internet Routing Protocol RIP (Routing Information Protocol) OSPF (Open Shortest Path First) BGP (Border.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.

03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on

1 Managing Security Additional notes. 2 Intercepting confidential messages Attacker Taps into the Conversation: Tries to Read Messages Client PC Server.

HIP-Based NAT Traversal in P2P-Environments

Challenge-Response New Authentication Scheme

DNS SD Privacy Christian Huitema, Daniel Kaiser

Presentation transcript:

Weak Identifier Multihoming Protocol (WIMP) draft-ylitalo-multi6-wimp-00.txt J. Ylitalo, V. Torvinen, E. Nordmark Vesa Torvinen Ericsson Research Nomadiclab, Finland 59th IETF - Seoul, Korea

Overview Experiments with "weak" authentication and light cryptographic operations –Up to times faster than public key operations? Context establishment and re-addressing separated –Initiation phase stateless for responder –Locators can change dynamically, and be private End-point identifiers are (currently) not routable –Initiator: ephemeral ID (hash of nonce) –Responder: hash of FQDN draft-ylitalo-multi6-wimp-00.txt

Basic operations Reverse hash chain H n = Hash(random) H n-1 = Hash(H n ) … H 0 = Hash(H 1 ) = anchor Secret splitting X xor pad = e(X) draft-ylitalo-multi6-wimp-00.txt INITIATOR RESPONDER INIT: mac(H0(I)) > CC: temporary_H0(R) < CCR: H0(I) > CONF: H0(R) < REA: H1(I), mac(H2(I)), locators > AC1: H1(R)_piece_1 < ACn: H1(R)_piece_n < ACR: H1(R), H2(I) >

Major issues End-point & flow IDs –Flow-id not inline with draft-ietf-ipv6-flow-label-09.txt –End-point IDs should be routable (cf. SIP) –Hijacking attack; attacker establish state in victim so that when victim tries to send packets to server, he will actually send them to attacker –DoS attack; easy generation of a storm of INIT messages (statelessness helps) Adopt solution from other drafts, e.g. NOID? draft-ylitalo-multi6-wimp-00.txt