CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt Margaret Wasserman IETF 78, Maastricht July 2010.

Slides:

Advertisements

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

Advertisements

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

Internet Protocol Security (IP Sec)

IPv6 Source Address Validation and IETF Efforts Jun Bi CERNET/Tsinghua University APAN 26 August, 2008.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Network Localized Mobility Management using DHCP

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

Draft-tsou-bfd-ds-lite-02 Tina Tsou. Problem to solve – There is no status information of DS-Lite tunnel, e.g. tunnel up or down, which brings difficulties.

SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.

© Mobile Platform Laboratory | SAMSUNG Electronics IPv6 DAD Optimization Goals and Requirements Soohong Daniel Park / Youn-Hee Han / Greg Daley

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

1 DNSOPS / Vienna IETF / July 2003 / Bob Hinden IPv6 DNS Discovery, and why it is important Bob Hinden.

CSIS 4823 Data Communications Networking – IPv6

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Brett Neely IP Next Generation. To boldly go where no network has gone before...

Blue Cross Blue Shield of Michigan is a nonprofit corporation and independent licensee of the Blue Cross and Blue Shield Association. Internet Engineering.

1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

1 Julien Laganier MEXT WG, IETF-79, Nov Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

IPv6 WORKING GROUP December 2001 Salt Lake City IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 21 – Internet Security.

Karlstad University IP security Ge Zhang

Doc.: IEEE /0691r0 Submission May 2011 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

Engineering Workshops Purposes of Neighbor Solicitation.

1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.

Secure Neighbor Discovery in IPv6 Jari Arkko Ericsson Research James Kempf DoCoMo US Labs.

RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:

Introduction to Mobile IPv6

A Source Address Validation Architecture (SAVA) and IETF SAVI Working Group Jun Bi Tsinghua University/CERNET Oct 20, 2008.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

Spring 2004 Mobile IP School of Electronics and Information Kyung Hee University Choong Seon HONG

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

ICMPv6 Error Message Types Informational Message Types.

Is Cyber Security IPv6-Ready? HEPiXX – Vancouver, BC Bob Cowles October, 2011.

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

IPv6 over IEEE (6LoWPAN) BoF Wednesday, November 10, st IETF, Washington D.C. Jefferson East,

NATFW NSLP Status draft-ietf-nsis-nslp-natfw-12.txt M. Stiemerling, H. Tschofenig, C. Aoun, and E. Davies NSIS Working Group,

Dynamic Stateless GRE Tunnel Li Xue Dayong Guo 1.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.

英文标题 :40-47pt 副标题 :26-30pt 字体颜色 : 反白内部使用字体 : FrutigerNext LT Medium 外部使用字体 : Arial 中文标题 :35-47pt 字体 : 黑体副标题 :24-28pt 字体颜色 : 反白字体 : 细黑体.

2/25/2016CSI WG/IETF761 Open Source Project SEND & Extensions Beijing University of Posts & Telecommunications HUAWEI Yuhong LI (Speaker) Wendong WANG.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

IETF57 Mobility for IPv6 (MIP6) BoF IETF57 July 16 th, to 1130 hours Vienna, Austria.

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

David B. Johnson Rice University Department of Computer Science DSR Draft Status Monarch Project 57th IETF.

Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 1 The Layer-2 Insecurities of IPv6 and the Mitigation Techniques Eric Vyncke Cisco.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

IPv6 Working Group IETF55 Atlanta November URL for Thermometer

DoCoMo's Open Source SEND Status CSI BoF Julien Laganier, James Kempf,

<draft-ohba-pana-framework-00.txt>

Booting up on the Home Link

Secure Proxy ND Support for SEND draft-krishnan-csi-proxy-send-00

Lionel Morand DHCP options for PAA Lionel Morand

ARP Mediation Updates Himanshu Shah Ciena Corp

IPv6 Current version of the Internet Protocol is Version 4 (v4)

Presentation transcript:

CGA Extension Header for IPv6 draft-dong-savi-cga-header-03.txt Margaret Wasserman IETF 78, Maastricht July 2010

What are CGAs? Cryptographically Generated Addresses –Defined in RFC 3972 –Currently used for Secure Neighbor Discovery (SeND) –Proposed for use in DHCPv6 Private key associated with a particular node is used to generate the CGA & sign a packet w/CGA as source Peer receives packet (w/CGA as source), public key and signature –Can verify that packet was generated by a node with the associated private key

CGAs for Access Control Host-based access control lists (ACLs) continue to be widely used due to their simple and intuitive configuration requirements –Administrator configures a list of nodes (by IP address or FQDN) that are approved for access –Unfortunately, these lists are quite insecure, due to ease of address spoofing CGAs provide a secure alternative to insecure ACLs –Equivalent to public/private key exchange from a security standpoint –BUT… the ACL still consists of a list of nodes (by IP address), not a collection of keys

Proposed Extension Header Current focus is on concept, not specifics Three options –Request CGA extension header from peer –Send CGA Params –Send Signature Other means of sending this information have been suggested –Destination option –Via IKEv2

Next Steps Bar BOF at the NH Maastricht bar tonight from –Old-fashioned bar BOF: in a bar, no slides –For people interested in this technology to discuss how to proceed Mailing list: –To subscribe: