Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maureen Stillman March 17, 2003

Published byKarel van der Wolf Modified over 6 years ago

Similar presentations

Presentation on theme: "Maureen Stillman March 17, 2003"— Presentation transcript:

1 Maureen Stillman March 17, 2003 maureen.stillman@nokia.com
Rserpool Security Maureen Stillman March 17, 2003

2 Design Team objectives
Revisit i-d draft-ietf-rserpool-threats-00.txt Add directives from Transport Area Directors Secure Rserpool infrastructure does not include application (PU-PE data) Support client (PU) to ENRP server authentication PU authenticates ENRP server to prevent rogue ENRP servers

3 PE and ENRP security Mandatory to implement TLS OR IPsec security
Choice is design decision left to the designers and network architects Using IPsec Must implement draft-ietf-ipsec-sctp-04 Using TLS MUST support TLS with SCTP as described in RFC 3436 or TLS over TCP as described in RFC 2246

4 PU Authenticates ENRP server
Consensus reached by the security design team TLS would be used by the PU to authenticate the ENRP server (mandatory to implement) Other methods of authentication are optional TLS was deemed mandatory to implement for reasons of interoperability

5 Open Issue Even if the PU “trusts” the ENRP server, ENRP might have gotten registrations from rougue PEs Do we need to require that the PEs be authenticated to the ENRP server as well?

6 Threats to consider What are the threats?
Rouge ENRP servers Rouge registrations from PEs or unauthorized PEs PE thinks it has registered with a “good” ENRP server, but it is really a rouge Corrupted data Sent from the ENRP server to the PU Sent from the PE to the ENRP server PU-PE authentication addresses only #1

7 Issues What I really want to know is that the addresses served up to the PU are “trusted” Want to know that all the PEs have registered with a “trusted” ENRP server Therefore, the real threat is the one of bogus addresses for PEs or no addresses for the PEs Do we need data integrity as well? (yes)

8 Security Architecture
PU PU authentication, integrity authentication, integrity Mutual authentication, integrity ENRP Server PE PE Mutual authentication, integrity

9 The big question Do we need to make mandatory implementation of the previous architecture? If we don’t when PU queries the ENRP server and authenticates, it doesn’t necessarily mean anything about the data it gets

10 Still not done – control channel
Need to define the control channel Need to secure the control channel as it is part of the Rserpool infrastructure

11 Next steps Design team should keep meeting
When the control channel definition is complete, we will need to define the security for it Are we there yet? Are there other open issues? Join the security design team to help

Download ppt "Maureen Stillman March 17, 2003"

Similar presentations

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.

SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
1 SASP v1 (Server/Application State Protocol) draft-bivens-sasp-00.txt Alan Bivens IBM Research New York, USA IETF 60.

1 SASP v1 (Server/Application State Protocol) draft-bivens-sasp-00.txt Alan Bivens IBM Research New York, USA IETF 60.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs458-658 Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.

0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
Technology Integration: RSerPool & Server Load-balancing Curt Kersey, Cisco Systems Aron Silverton, Motorola Labs.

Technology Integration: RSerPool & Server Load-balancing Curt Kersey, Cisco Systems Aron Silverton, Motorola Labs.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.

Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.

Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.
3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.

3Com Confidential Proprietary 3G CDMA AAA Function Yingchun Xu 3COM.
© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.
Example of OOR Architecture Open Ontology Repository Architecture – Some Considerations March, 2008 Dr. Ravi Sharma Senior Enterprise Architect Technology.

Example of OOR Architecture Open Ontology Repository Architecture – Some Considerations March, 2008 Dr. Ravi Sharma Senior Enterprise Architect Technology.
Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.

Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Similar presentations

Ads by Google