Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein.

Published byJoshua Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein."— Presentation transcript:

1 Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

2 Stein-65 Slide 2 Reminder At IETF64 security threats were presented: PWs have special features that may be exploited by hackers PW control plane does not mandate authentication PW user packets have no authentication/encryption options draft-stein-pwe3-sec-req-00.txt reviews security requirements here we will mention a few solution ideas …

3 Stein-65 Slide 3 Control Protocol Authentication Problem many of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided if it is not possible to impersonate a PE thus PWE control protocol needs a strong authentication mechanism Solution 1 – MD5 use MD5 signature option (shared key per peer) per RFC3036 every LDP message (even hellos) is authenticated MD5 may be replaced by SHA-1 or any other message digest Solution 2 – authentication TLV for initialization new optional TLV in the initialization message use public key mechanism reject if no authentication TLV or if authentication fails

4 Stein-65 Slide 4 PW Packet Authentication Problems PW label is the only identifier in packet CW sequence number can be used for DoS attack Solution add optional authentication field between control word and payload (becomes a control word extension) lightweight option 32 bit CW extension (must be negotiated via a new LDP TLV) computed based on limited-size input, for example: –sequence number + salt –sequence number + checksum of payload heavyweight option 64 or 128 bit CW extension (must be negotiated via a new LDP TLV) hash of sequence number + payload WARNING: if performed in SW enables DoS attack

5 Stein-65 Slide 5 PW Packet Encryption at IETF-64 we discussed encrypting the PW payload Problem PW is not reliable – may lose packets (don’t even know how many bytes lost) so, can’t use stream cipher, CBC, CFB, etc. modes Solution 1 use ECB mode on sequence number + payload (including sequence number blocks replay attacks) Solution 2 generate per-packet key based on secret key and sequence number use ECB mode on payload

Download ppt "Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Hashes and Message Digests

Hashes and Message Digests
Chapter 4: Modes of Operation CS 472: Fall 2012. Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Transport Layer Security (TLS) Bill Burr November 2, 2001.

Transport Layer Security (TLS) Bill Burr November 2, 2001.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Cryptography and Network Security

Cryptography and Network Security
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.

Similar presentations

Ads by Google