Download presentation
Presentation is loading. Please wait.
Published byCarol Lloyd Modified over 9 years ago
1
INRIA Rhône-Alpes - Planète research group Reed-Solomon FEC I-D LDPC-* FEC I-D TESLA I-D Simple-auth I-D IETF 70 th – Vancouver meeting, November 2007 Vincent Roca (INRIA)
2
2 - INRIA - Planète Situation Reed-Solomon FEC draft-ietf-rmt-bb-fec-rs-05.txtupdated LDPC FEC draft-ietf-rmt-bb-fec-ldpc-07.txtupdated TESLA source authentication for ALC/NORM draft-ietf-msec-tesla-for-alc-norm-03.txtupdated Simple auth. schemes for ALC/NORM draft-roca-rmt-simple-auth-for-alc-norm-01updated
3
3 - INRIA - Planète Part 1: Reed-Solomon FEC BB
4
4 - INRIA - Planète What’s new with the R-S document? “publication requested” in Sept. 2007 “proposed standard” category two versions published -04 (Oct. 2007) and -05 (Nov. 2007) version -05 takes into account comments on mailing list (Igor Slepchin and Alfred Hoenes): corrected error in “Determining the Max Src Block Length” changed the way the max_n parameter is calculated (floor ceil) from the target code rate for a better match
5
5 - INRIA - Planète What’s new with the R-S document (cont’) clarified that the “max_n algorithm” is only RECOMMENDED to be used. Receivers can estimate “n” for a given block, but MUST be prepared to handle symbols with an ESI > “estimated n” takes into account comment sent during IESG review (Magnus/Francis Dupont/Elwyn Davies/Stephen Kent/Russ Housley) a brand new « Security » section (but too detailed ;-) several details corrected… next step: new version (-06) under progress
6
6 - INRIA - Planète Part 2: LDPC-staircase/triangle FEC BB
7
7 - INRIA - Planète What’s new with the LDPC-* document? “publication requested” in Sept. 2007 “proposed standard” category one versions published -04 (Oct. 2007) and -05 (Nov. 2007) version -05 takes into account comments on mailing list (Alfred Hoenes + Igor Slepchin indirectly) better separation between mandatory and recommended procedures changed the way the max_n parameter is calculated (floor ceil) from the target code rate for a better match (no backward compatibility impact)
8
8 - INRIA - Planète What’s new with the LDPC-* document (cont’) takes into account comment sent during IESG review (Magnus/Brian Carpenter/Russ Housley/Jari Arkko) a brand new « Security » section (but too detailed ;-) several details corrected… removal of the C code’s copyright (with the permission of the authors and R. Neal) updated PRNG section: the scaling in [0; maxv[ algorithm is mandatory C implementation moved in annex (will be replaced by a pointer in next version, as agreed with Robin Whittle) next step: new version (-07) under progress
9
9 - INRIA - Planète Part 3: TESLA for ALC and NORM
10
10 - INRIA - Planète What’s new? most changes already done in -02 version (July 07) reminder: compact authentication tag without the “i” interval index field but instead one or two sub- fields when feasible authentication tag without key disclosure to reduce packet’s overhead optional embedded group MAC feature current version only improves the text, no new feature
11
11 - INRIA - Planète (Very preliminary) performance results test conditions: 512000 packets send, 512 bytes/packet (total of 250 kB) HMAC-SHA-1 with 160 bit keys 100 keys per TESLA key chain, 0.5s TESLA time interval measure the time taken to send all packets (no receiver) results (sender): TESLA (W/O group MAC): 6.362 s Group MAC authentication: 6.063 s Digital signatures authentication:776.548 s TESLA is only 4.93% slower than Group MAC auth. more detailed performance analysis under progress
12
12 - INRIA - Planète Work under progress under progress… we need to finish TESLA for ALC implementation (soon) useful to check the accuracy of the document we need to verify in particular the steps specified in 5.2 Authentication of received packets open points/questions to the group do we keep the optional weak group MAC? or do we add an external group MAC authentication scheme (I-D under progress) that can be used in the same session? would simplify the specs, but adds more overhead clarify what parameters are needed with digital signatures
13
13 - INRIA - Planète Part 4: Simple authentication schemes for ALC and NORM - slides already presented during IETF’69 -
14
14 - INRIA - Planète Simple auth schemes for ALC/NORM an I-D… that defines two basic authentication schemes for group communications shares the EXT_AUTH format ASID field is used goal is to have an appropriate set of authentication schemes for group comm. for per packet, transport level (i.e. within ALC/NORM) security it’s complementary to IPsec layer 3 security
15
15 - INRIA - Planète Simple auth schemes for ALC/NORM… (cont’) pros/cons in short +----------------+-------------+--------------+-------------+-------+ | | RSA Digital | ECC Digital | Group MAC | TESLA | | | Signature | Signature | | | +----------------+-------------+--------------+-------------+-------+ | True auth and | Yes | Yes | No (group | Yes | | integrity | | | security) | | | Immediate auth | Yes | Yes | Yes | No | | Processing | -- | + | ++ | + | | load | | | | | | Transmission | -- | + | ++ | + | | overhead | | | | | | Complexity | ++ | ++ | ++ | -- | | IPR/patents | ++ | -- | ++ | ++ | +----------------+-------------+--------------+-------------+-------+
16
16 - INRIA - Planète Simple auth schemes for ALC/NORM… (cont’) example: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HET (=1) | HEL (=33) | ASID | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + |.. Signature (128 bytes).. | + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HET (=1) | HEL (=4) | ASID | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + | Group MAC (10 bytes) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Digital Signature EXT_AUTH header extension using 1024 bit signatures Group MAC EXT_AUTH header extension using HMAC-SHA-1. 128 bytes 12 bytes
17
17 - INRIA - Planète To conclude with simple auth schemes it’s the logical follow-up to TESLA I-D provides a comprehensive set of techniques for the most basic security feature: source authentication and packet integrity a WG Item?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.