Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Hashes and Message Digests
Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Transport Layer Security (TLS) Bill Burr November 2, 2001.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
TDMoIP-LE Slide 1 TDMoIP-LE Using TDMoIP Loop Emulation for congestion control PWE3 – 56 rd IETF 19 Mar 2003 Yaakov (J) Stein.
S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security
SIP Security BY, Vivek Nemarugommula. vulnerabilities Registration Hijacking.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
Karlstad University IP security Ge Zhang
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 3 Read sections first (skipping 3.2.2)
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Chapter 6 IP Security. We have considered some application specific security mechanisms in last chapter eg. S/MIME, PGP, Kerberos however there are security.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Chapter 8 IP Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Yaakov (J) Stein RAD Data Communications, Ltd. PW usage nits.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IETF 69, July 2007Slide 1 Preferential Forwarding Status bit Definition draft-muley-dutta-pwe3-redundancy-bit-01.txt Praveen Muley, Pranjal K. Dutta, Mustapha.
Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
November 14, 2016 Secure MAC algorithms for use with NTP draft-aanchal4-ntp-mac-03 CFRG: IETF97 Aanchal Malhotra Sharon Goldberg.
PW MUX PWE – 71st IETF 10 March 2008 Yaakov (J) Stein.
CSE565: Computer Security Lecture 23 IP Security
MAC: Message Authentication Code
Security Of Wireless Sensor Networks
Symmetric-Key Encryption
Security of Wireless Sensor Networks
PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein.
Data plane round-table Feedback
Presentation transcript:

Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 2 Reminder At IETF64 security threats were presented: PWs have special features that may be exploited by hackers PW control plane does not mandate authentication PW user packets have no authentication/encryption options draft-stein-pwe3-sec-req-00.txt reviews security requirements here we will mention a few solution ideas …

Stein-65 Slide 3 Control Protocol Authentication Problem many of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided if it is not possible to impersonate a PE thus PWE control protocol needs a strong authentication mechanism Solution 1 – MD5 use MD5 signature option (shared key per peer) per RFC3036 every LDP message (even hellos) is authenticated MD5 may be replaced by SHA-1 or any other message digest Solution 2 – authentication TLV for initialization new optional TLV in the initialization message use public key mechanism reject if no authentication TLV or if authentication fails

Stein-65 Slide 4 PW Packet Authentication Problems PW label is the only identifier in packet CW sequence number can be used for DoS attack Solution add optional authentication field between control word and payload (becomes a control word extension) lightweight option 32 bit CW extension (must be negotiated via a new LDP TLV) computed based on limited-size input, for example: –sequence number + salt –sequence number + checksum of payload heavyweight option 64 or 128 bit CW extension (must be negotiated via a new LDP TLV) hash of sequence number + payload WARNING: if performed in SW enables DoS attack

Stein-65 Slide 5 PW Packet Encryption at IETF-64 we discussed encrypting the PW payload Problem PW is not reliable – may lose packets (don’t even know how many bytes lost) so, can’t use stream cipher, CBC, CFB, etc. modes Solution 1 use ECB mode on sequence number + payload (including sequence number blocks replay attacks) Solution 2 generate per-packet key based on secret key and sequence number use ECB mode on payload

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.