MIKEY, Revisited Lakshminath Dondeti Thanks to: Dragan Ignjatic, Ran Canetti and others.

Slides:

Advertisements

Similar presentations

Message Sessions Draft-campbell-simple-im-sessions-01 Ben Campbell

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

DTMF-Relay Info-Package draft-kaplan-dispatch-info-dtmf-package-00 Hadriel Kaplan.

MIKEY Capability Discovery Seokung Yoon (Korea Information Security Agency) draft-seokung-msec-mikey-capability-discovery-00.txt.

Overview of SIP Media Security Options

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

IPsec – IKE CS 470 Introduction to Applied Cryptography

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.

SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

1 Transport Layer Computer Networks. 2 Where are we?

IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.

I-D: draft-rahman-mipshop-mih-transport-01.txt Transport of Media Independent Handover Messages Over IP 67 th IETF Annual Meeting MIPSHOP Working Group.

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.

Doc.: IEEE Submission Proposed MAC Frame Structure July, 2014 Slide 1,

Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

1 Monami6 Working Group IETF 66 July 2006 Montréal, Canada Thierry Ernst (INRIA) Nicolas Montavont (ENST Bretagne)

IPSec VPN: How does it really work? Yasushi Kono (ComputerLinks Frankfurt)

TCP-AO Key Management Sandra Murphy

Transient BCE for Proxy Mobile IPv6 draft-ietf-mipshop-transient-bce-pmipv6-00.txt Oliver Marco

Rfc4474bis-01 IETF 90 (Toronto) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed,

1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.

Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

IETF66 DIME WG John Loughney, Hannes Tschofenig and Victor Fajardo 3588-bis: Current Issues.

MSEC Montreal, July 26 Ran Canetti and Lakshminath Dondeti

Diameter Overload DIME WG IETF 87 July, Starting Point DIAMETER_TOO_BUSY provides little guidance on what a Diameter client should do when it receives.

An additional mode of key distribution in MIKEY draft-ignjatic-msec-mikey-rsa-r-00 D. Ignjatic, L. Dondeti, F. Audet.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.

1 Header Compression over IPsec (HCoIPsec) Emre Ertekin, Christos Christou, Rohan Jasani {

August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

EAP over HRPD Comments Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.

1 Internet Key Exchange Rocky K. C. Chang 20 March 2007.

User Application Control (Keypress Events) SIPPING WG - IETF 53 Robert Fairlie-Cuninghame, Bert Culpepper, Jean-François Mulé.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Thoughts on the LMAP protocol(s) LMAP Interim meeting, Dublin, 15 th September 2014 Philip Eardley Al Morton Jason Weil 1.

CSE Retargeting to AE, IPE, and NoDN Hosted Resources

CSE Retargeting to AE, IPE, and NoDN Hosted Resources

Brian Weis IETF-62, Minneapolis, MN Mar 10, 2005

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

PANA Issues and Resolutions

CSE 4905 IPsec II.

EAP-GEE Lakshminath Dondeti Vidya Narayanan

IETF80, Prague Diameter Maintenance and Extensions (DIME) WG

draft-jeyatharan-netext-pmip-partial-handoff-02

Extending Option Space Discussion Overview and its requirements

Tero Kivinen, AuthenTec

Tero Kivinen, AuthenTec

Presentation transcript:

MIKEY, Revisited Lakshminath Dondeti Thanks to: Dragan Ignjatic, Ran Canetti and others

IETF-66, Montreal, July 2006MSEC WG meeting2 A brief history of MIKEY, and issues  A long time ago MIKEY was standardized via MSEC Efficient 1 RT protocol, using TSs for replay protection  Several modes, PSK, RSA, DH  DHHMAC and RSA-R also became MSEC items MIKEY transport was to be either  UDP, port 2269 (which was dropped before 3830 was published, but used by 3GPP MBMS), OR  SDP ( )  MIKEY is said to be non-deployable None of the modes address Forking, Retargeting, Call Forwarding and Media Clipping No mode negotiation, introducing serious hurdles for deployment Time synchronization requirement is considered another roadblock

IETF-66, Montreal, July 2006MSEC WG meeting3 Solution1: use some other protocol  Let’s just find other protocols Several proposals came about  DTLS-based  New protocols What’s common in the new proposals?  Media-path transport  Mode and algorithm negotiation supported  Nonce-based replay protection, DH-based AKE protocols What’s missing?  SRTP policy negotiation  Support for group key management

IETF-66, Montreal, July 2006MSEC WG meeting4 Solution2: small fixes to MIKEY  Let’s fix MIKEY! If that’s the goal, what needs to be fixed Need mode negotiation and support for sending credentials  Solution: use MIKEY-DH modes only, and perhaps a 3 rd message to avoid clipping  What about latency?  Signaling path is slower than media path (This is a problem)  What about Time Synchronization?  If there are 3 messages, we can use nonce-based replay protection  This may re-introduce the clipping problem

IETF-66, Montreal, July 2006MSEC WG meeting5 Solution 3: MIKEYv2, a re- design(1/3)  Media-path transport seems like an obvious first step See the SIP-path vs. Media-path transport RTPsec presentation  Some choices to consider... Is DH necessary?  Seems like it, if PFS is at least an optional feature to support Should GSA establishment be supported?  Yes, better start with that rather than add it later Should we re-use MIKEY payloads?  Yes, makes sense; they support SRTP policy negotiation  Need an authenticated key management (AKM) protocol using nonces for replay protection

IETF-66, Montreal, July 2006MSEC WG meeting6 Solution 3: MIKEYv2, a re- design(2/3)  More choices to consider … Should we use SIGMA as the basis?  Makes perfect sense  Turns out some of these are at odds with each other While we want to re-use MIKEY payloads, the HDR field is not sufficient for a multi-RT AKM protocol  The CSB ID in the MIKEY HDR field is not sufficient to demultiplex multiple simultaneous MIKEY protocol runs  Perhaps we might use the IKEv2 HDR instead? Or introduce some of the fields into the MIKEY HDR.  At any rate, MIKEY HDR field needs to change.

IETF-66, Montreal, July 2006MSEC WG meeting7 Solution 3: MIKEYv2, a re- design(3/3)  More design choices: Is ID protection necessary?  What kind?  Active/Passive Initiator/Responder ID protection are the choices  SIGMA can provide this Who starts the KM protocol?  Answerer, it seems like  The answerer does have an idea of who the offerer is  No Active Responder ID protection possible

IETF-66, Montreal, July 2006MSEC WG meeting8 Summary of MIKEYv2  An AKM protocol that Re-uses MIKEY as much as possible And SIGMA and IKEv2 where necessary Supports algorithm negotiation Solves forking, clipping etc., Supports GKM Runs in the media-path  Does this seem like a meaningful protocol to develop for SRTP keying? Why/why not?