RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

Slides:



Advertisements
Similar presentations
Security Issues In Mobile IP
Advertisements

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 © 2002, Cisco Systems, Inc. All rights reserved. Protocol /IPSec Securing Routing/Signaling Protocols w/ IPSec David Ward
SSH Secure Login Connections over the Internet
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.
TCP/SYN Attack – use ACL to allow traffic from TCP connections that were established from the internal network and block packets from an external network.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
10/8/2015CST Computer Networks1 IP Routing CST 415.
CSCE 715: Network Systems Security
Ogier - 1 OSPF Database Exchange Summary List Optimization draft-ietf-ospf-dbex-opt-00.txt Richard Ogier Presented by Acee Lindem March 19, 2007 IETF 68.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 3 EIGRP.
Karlstad University IP security Ge Zhang
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
IP Routing Principles. Network-Layer Protocol Operations Each router provides network layer (routing) services X Y A B C Application Presentation Session.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 3 EIGRP.
4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.
CO5023 Single Area OSPF. Routing So far, we’ve looked at issues concerning the distribution and access layers. Routing is the process used to interconnect.
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
1 OSPFv3 Automated Group Keying Requirements draft-liu-ospfv3-automated-keying-req-01.txt Ya Liu, Russ White,
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
OSPF WG Cryptographic Algorithm Implementation Requirements for OSPF draft-bhatia-manral-crypto-req-ospf-00.txt Vishwas Manral, IPInfusion Manav Bhatia,
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
Role of Router. The Router as a Perimeter Device  Usually the main function of a router is considered as the forwarding of packets between two network.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
Cryptography CSS 329 Lecture 13:SSL.
19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy
Lecture 18 Page 1 CS 236 Online Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems.
Analysis of BFD Security According to KARP Design Guide draft-ietf-karp-bfd-analysis-01 draft-ietf-karp-bfd-analysis-01 Manav Bhatia Dacheng Zhang Mahesh.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
Chapter 18 IP Security  IP Security (IPSec)
RPSEC WG Issues with Routing Protocols security mechanisms
IT443 – Network Security Administration Instructor: Bo Sheng
IS-IS WG IS-IS Cryptographic Authentication Requirements
In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia
Dynamic Routing and OSPF
Presentation transcript:

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France

Basic Idea of the draft Security Issues in Unicast Routing Protocols Not about issues when no security mechanisms in place e.g. draft-ietf-rpsec-ospf-vuln-01.txt Issues that arise despite security mechanisms in place

Brief idea of overall work Security Issues even with security mechanisms in place Main issue - no key management and automatic key distribution mechanism Problem statement draft Decide on the problems to solve Come up with solution. Meet reasonable security requirements Be easy to deploy Use the credentials people actually have available Support automatic keying in the long-term

Replay attacks CPU Exhaustion Routing loops Black holes Traffic redirection

OSPFv3 Uses IPSec security RFC2401bis states: - If the key used to compute an ICV is manually distributed, a compliant implementation SHOULD NOT provide anti-replay service. Authentication/ Confidentiality for OSPFv3 states: - As it is not possible as per the current standards to provide replay protection while using manual keying, the proposed solution will not provide protection against replay attacks.

OSPFv3 issues Problem OSPF is stricter with receiving packets not expected Replaying packets (CPU Exhaustion/ Routing loops/ black holes/ traffic redirection) Hello Packets Database Description Packets LS Request Packets LS Acknowledgement packets LS Update Packets

OSPFv2 Provides inbuilt authentication mechanism Sender has to send packets in ascending order of sequence number Receiver can acknowledge as many packets with the same sequence number, but drop with lower sequence number

OSPFv2 issues Works over IP which can reorder packets Mechanisms like different prioritization of different packets cannot be done. Is a smaller issue (sometimes can result in adjacency reformation over VL) Manual keying is used. If all packets from a previous session between routers are stored and resent the neighbor could be misled to believing it is talking to the same router. Replay can be done till the next sequence number (no mechanism on how the sender needs to take care of sequence numbers - no perfect forward secrecy)

OSPFv2 issues Also Keyed MD5 is the default authentication algorithm used While there are no openly published attacks on that mechanism, some reports [Dobb96a, Dobb96b] create concern about the ultimate strength of the MD5 cryptographic hash function. Further, some end users, particularly several different governments, require the use of the SHA-1 hash function rather than any other such function for policy reasons. Draft to recommend HMAC construct already there for RIP/ IS-IS

IS-IS Provides for HMAC-MD5 While there are no openly published attacks on that mechanism, some reports [Dobb96a, Dobb96b] create concern about the ultimate strength of the MD5 cryptographic hash function. Further, some end users, particularly several different governments, require the use of the SHA-1 hash function rather than any other such function for policy reasons. TLV – Value field has Auth Type defined for HMAC-MD5

IS-IS issues No sequence number hence liable to replay attacks Slightly less vulnerable Wrong packets got are silently discarded Works directly over Layer-2 Entire flooding domain should have the same keys (changing keys difficult)

BGP Uses TCP for transporting information between peers. Suggestion of choosing Manual keys in RFC3562.

BGP Issues Most BGP implementations will hold packets for an interval negotiated at peering startup This technique allows a short period of time during which an attacker may inject BGP packets with false MD5 signatures into the network, and can expect those packets to be accepted, even though their MD5 signatures are not valid. Most vulnerabilities resolved

RIP Issues RIPv1 provides no security at all RIPv2 has authentication mechanism but provides no counter for replay protection

Feedback?