Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

Published byAlexandrina Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism."— Presentation transcript:

1 RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism to protect RSVP message integrity hop by hop." - RFC 2747 F.Baker, B.Lindell, M.Talwar. January 2000, IETF (Internet Engineering Task Force) RFC 2747 Presented by: Colin Coghill September, 2000.

2 Contents * What is RSVP? When might we need it? How does it operate? What would we lose if we don't protect it? * RSVP Authentication. Overview. Some details. * Notes and Conclusions. * Questions.

3 What is RSVP? * Resource ReSerVation Protocol * RSVP is defined in RFC 2205. "The RSVP protocol is used by a host to request specific qualities of service from the network..." * It is an "Out of Band" signalling protocol. * RSVP messages travel only in one direction.

4 An RSVP Conversation Client Video Server Router

5 An RSVP Conversation Client Video Server Router Request

6 An RSVP Conversation Client Video Server Router Request Guaranteed bandwidth.

7 An RSVP Conversation Client Video Server Router Request

8 An RSVP Conversation Client Video Server Router

9 What is at risk? What do we stand to lose if RSVP is successfully attacked? * Network Resources. (Bandwidth, Real-time traffic, Reliability) * Service or Quality. (A denial of service attack on a competitor might make them lose customers)

10 Authentication Overview * RSVP Authentication gives us message integrity and node authentication. * It leaves us with a choice of algorithms, although HMAC-MD5 is suggested. * Both the message, and the authentication information are not confidential. * If a message fails to authenticate, it will usually be ignored.

11 INTEGRITY Object

12 Sequence Number * Provides protection from replay attacks. * Can be any increasing value. eg. A counter, or maybe based on a realtime clock. * 64 bit number. May wrap. * The server should not accept out-of-order packets.

13 Notes * RFC 2747 contains a lot of detail. * It is expected that a standard key management system will be used. * Receiver will ignore invalid messages, hoping that a correct one will be received before a timeout. * IPsec wasn't chosen because it has issues with firewalls.

14 Conclusions * I think the subject of network resource allocation will become important over the next few years. * RSVP Authentication is protecting resources which are tempting for the amateur cracker to attack. * While RSVP Authentication seems sensible and secure, I believe there may still be a way to attack RSVP itself.

15 Question 1 The RSVP Protocol will usually ignore packets that fail to authenticate correctly. * Could this be abused by someone who can alter packets "on the wire"?

16 Question 2 I've included a summary of RSVP itself, whereas the main point of the presentation is supposed to be on a proposed authentication method for it. * When evaluating a security method, should you spend much time investigating its environment? * If so, how much?

Download ppt "RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism."

Similar presentations

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.

1 IPSec—An Overview Somesh Jha Somesh Jha University of Wisconsin University of Wisconsin.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.

CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Similar presentations

Ads by Google