1 GDOI Changes to Update Draft draft-ietf-msec-gdoi-update-01 Sheela Rowles Brian Weis.

Slides:

Advertisements

Similar presentations

Authentication Authorization Accounting and Auditing

Advertisements

Router Identification Problem Statement J.W. Atwood 2008/03/11

1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Access control for IP multicast T Petri Jokela

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

11/07/2003IETF-58 MSEC and AAA page 1 George Gross, IdentAware ™ Security IETF-58, Minneapolis, MN November 10 th 2003 Multicast.

EXPERIENCES IN THE FORMAL ANALYSIS OF THE GDOI PROTOCOL Catherine Meadows Code 5543 Center for High Assurance Computer Systems Naval Research Laboratory.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.

Sepucha_Date_01 Group Key Management Architecture Howie Weiss NASA/JPL/SPARTA

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

OPEN PROBLEMS IN PROTOCOL VERIFICATION Catherine Meadows Code 5543 Center for High Assurance Computer Systems Naval Research Laboratory Washington, DC.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Protected Extensible Authentication Protocol

CONTEXT BINDING: An Emerging Problem in Cryptographic Protocols Catherine Meadows Naval Research Laboratory Code 5543 Washington, DC 20375

Session-based Security Model for SNMPv3 (SNMPv3/SBSM) David T. Perkins Wes Hardaker IETF November 12, 2003.

ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.

Identity Management and DNS Services Tianyi XING.

EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

S/MIME and Certs Cullen Jennings

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,

PPP Configuration.

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.

Link-local security J.W. Atwood, S. Islam PIM Working Group 2007/12/04

1 OSPFv3 Automated Group Keying Requirements draft-liu-ospfv3-automated-keying-req-01.txt Ya Liu, Russ White,

Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.

SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:

Extensions to the Internet Threat Model

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

ATOCA & Security Hannes Tschofenig. Two Phases 2 Subscription Alert Delivery Re-use of Common Mechanism.

8/02/2005IETF-63 MSEC IPsec extensions page 1 Brian Weis, Cisco Systems George Gross, IdentAware ™ Security Dragan Ignjatic, Polycom IETF-63, Paris, France,

CLUE protocol CLUE design team meeting 07/10/ /10/2013.

Softwire Security Update Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota 67 IETF, San Diego.

Bootstrapping Key Infrastructures

Group Key Management Architecture

Informing AAA about what lower layer protocol is carrying EAP

draft-ietf-lisp-sec-12

Chairs: Derek Atkins and Hannes Tschofenig

In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia

69th IETF, 26 July 2007 Michael Behringer Francois Le Faucheur

Softwire Security Update

draft-ietf-geopriv-lbyr-requirements-02 status update

RFC PASSporT Construction 6.2 Verifier Behavior

draft-ipdvb-sec-01.txt ULE Security Requirements

AD RMS Templates Active Directory Rights Management Services (AD RMS)

RFC Verifier Behavior Step 4: Check the Freshness of Date

Tero Kivinen, AuthenTec

Tero Kivinen, AuthenTec

Web Authorization Protocol (OAuth)

OpenID Enhanced Authentication Profile (EAP) Working Group

Presentation transcript:

1 GDOI Changes to Update Draft draft-ietf-msec-gdoi-update-01 Sheela Rowles Brian Weis

2 Changes since Montreal IETF Address GDOI Attack

3 GCKS Authorization Mitigation of attack by Meadows & Pavlovic if GCKS performs authorization based on IKEv1 credentials. A rogue device can perpetrate a man-in-the- middle attack if the following conditions are true: 1.The rogue GDOI participant convinces an authorized member of the group (i.e., victim group member) that it is a key server for that group. 2.The victim group member, victim GCKS, and rogue group member all share IKEv1 authentication credentials. 3.The victim GCKS does not properly verify that the IKEv1 authentication credentials used to protect a GROUPKEY- PULL protocol are authorized to join the group.

4 GCKS Authorization (cont.) Attack Mitigations: A GDOI group member SHOULD be configured with policy describing which IKEv1 identities are authorized to act as GCKS for a group. A GDOI key server SHOULD perform one of the following authorization checks. 1.No CERT/POP: the GCKS SHOULD maintain a list of authorized group members for each group, where the group member identity is its IKEv1 authentication credentials. 2.Yes CERT/POP: the GCKS SHOULD verify that the identity in the CERT payload refers to the same identity in the IKEv1 authentication credentials.

5 POP Definition Point of POP is to prove that the Phase 1 Key Identity is the same as the owner of the key distributed in the CERT.

6 POP Change Original RFC: POP_HASH = hash(“pop”| Ni | Nr) Intended since Montreal IETF: POP_HASH = hash(“pop” | SKEYID_A | Ni | Nr) Finally: POP_HASH = hash(“pop” | IKE-INIT-PH1-ID | IKE-RESP-PH1-ID | Ni | Nr)