Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.

Published byVirgil Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano."— Presentation transcript:

1 A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano

2 IETF 75 - ROLL WG, July 2009 2 of 13 Overview Objective Approach Security needs ROLL issues Threat, attacks, and counters ROLL security features Moving forward

3 IETF 75 - ROLL WG, July 2009 3 of 13 Objective Enumerate pertinent security issues in LLNs specific to routing Facilitate –Assessment of a routing protocol's security threats –Identification of the necessary features of a secured ROLL protocol –Provide a framework applicable to any generic routing protocol

4 IETF 75 - ROLL WG, July 2009 4 of 13 Approach (1/3) Four steps –Examine ROLL security issues –Analyze threats and attacks –Consider the countermeasures –Make recommendations for securing ROLL The basis –Identify the assets and points of access of routing –Evaluate their security needs based on the CIA model in the context of LLNs

5 IETF 75 - ROLL WG, July 2009 5 of 13 Approach (2/3) The CIA principles are widely employed to understand, uncover, and formulate security needs –Confidentiality concerns unauthorized disclosure –Integrity concerns unauthorized alteration –Availability concerns if information and resources are accessible when needed They can be limiting for certain applications –Other views include, e.g., non-repudiation

6 IETF 75 - ROLL WG, July 2009 6 of 13 Approach (3/3) Data flow diagram decomposition of routing

7 IETF 75 - ROLL WG, July 2009 7 of 13 Security Needs Routing/topology information –Integrity, confidentiality, and authorized use Neighbor discovery process –Not to undermine routing availability Routing/topology exchange process –Authentication, integrity, and confidentiality Communication channels and node resources –Availability Stored information, and routing and route generation processes –Confidentiality and Integrity

8 IETF 75 - ROLL WG, July 2009 8 of 13 ROLL Issues Limited energy reserve, memory, and processing resources Large scale of rolled out network Autonomous operations Certain types of networks may have highly directional traffic Unattended locations and limited physical security Support for mobility Support for multicast and anycast

9 IETF 75 - ROLL WG, July 2009 9 of 13 Threats, Attacks, and Counters Confidentiality –Routing exchange exposure –Routing information (routes and network topology) exposure Integrity –Routing information manipulation –Node identity misappropriation Availability –Routing exchange interference or disruption –Network traffic forwarding disruption –Communications resource disruption –Node resource exhaustion

10 IETF 75 - ROLL WG, July 2009 10 of 13 ROLL Security Features (1/2) Confidentiality –SHOULD provide payload encryption and privacy, e.g., when geographic information is used –MAY provide tunneling and load balancing Integrity –MUST verify the liveliness of both principals of a connection, message freshness, and message sequence and integrity Availability –MAY restrict neighborhood cardinality, randomly use multiple paths and/or destinations, set quotas to limit transmit or receive volume, and use geographic insights for flow control

11 IETF 75 - ROLL WG, July 2009 11 of 13 ROLL Security Features (2/2) Additional Considerations –If a LLN employs multicast and/or anycast, it MUST secure these protocols –MUST provide adequate physical tamper resistance to ensure the integrity of stored routing information. –MUST include a process for key and credential distribution; a LLN is encouraged to have procedures for their revocation and replacement

12 IETF 75 - ROLL WG, July 2009 12 of 13 Moving Forward (1/2) To consider constraints due to operations or application needs –Examples include ease of installation and protection of safety sensitive applications –Do these constraints necessarily translate to different ROLL security needs and strengths? –If so, do we solve it by different security levels, e.g., none, default, and high?

13 IETF 75 - ROLL WG, July 2009 13 of 13 Moving Forward (2/2) To consider integration of trust mechanisms –How is it relative to authentication? –Does it also address insider attacks? To consider routing in context –Link layer security needed for (D)DOS which also impedes ROLL –Heterogeneous devices of various configurations and the cascade vulnerability problem

Download ppt "A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Group #1: Protocols for Wireless Mobile Environments.

Group #1: Protocols for Wireless Mobile Environments.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Similar presentations

Ads by Google