Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.

Similar presentations


Presentation on theme: "Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt."— Presentation transcript:

1 Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt hassnaa.moustafa@orange-ftgroup.com hannes.tschofenig@siemens.com stefaan.de_cnodder@alcatel-lucent.be

2 Outline History of the draft Objectives Overview and threat model Changes since last version –Organization –Definitions –Attacks classification –Security requirements modification

3 History of The Draft July 2006 (IETF 66th Montreal): –Need for threats analysis and security requirements –Call for contributers October 2006: –Submission: draft-moustafa-ancp-security-threats-00 November 2006 (IETF 67th San Diego): –Draft presentation and feedbacks –Consensus for WG document December 2006 –New version submission: draft-ietf-ancp-security-threats-00

4 Objectives Investigating security threats that ANCP nodes could encounter and developing a threat model at the ANCP level. Deriving the security requirements for the ANCP. Out of scope: –Security policy negotiation, including authentication and authorization to define per-subscriber policy at the AAA/policy server

5 Overview and Threat Model +--------+ | AAA | | Server | +--------+ | +-----+ +-----+ +--------+ +-----+ +----------+ | CPE |---| HGW |---| | | | | | +-----+ +-----+ | Access | | | | Internet | | Node |-----------------| NAS |---| | +-----+ +-----+ | (AN) | | | | | | CPE |---| HGW |---| | | | | | +-----+ +-----+ +--------+ +-----+ +----------+ Attackers can be either on-path or off-path : active or passive Threat Model: –Off-path adversary at the CPE or HGW –Off-path adversary on the Internet or a Regional Network –On-path adversary at the network elements between the AN and the NAS –Adversary taking control over the NAS –Adversary taking control over the AN

6 Changes since last version 1/4 Re-wording and re-phrasing Definition of the CPE –"Device located inside a subscriber's premise that is connected to the LAN side of the HGW" Attacks classification –Attacks disrupting the communication of individual customers –Attacks disrupting the communication of a large fraction of customers –Attacks gaining profit for the attacker

7 Potential attacks re-formulation (Section 5 in last version) –Attacks types (Section 5 in current version) –Attacks forms (Section 6 in current version) –Removing "Network Snooping" (Section 5.7 in last version) Changes since last version 2/4 Attacks Types (Section 5) –DoS –Integrity violation –Downgrading –Traffic Analysis Attacks Forms (Section 6) –Message replay –Faked message injection –Messages modification –Man-in-the-middle –Eavesdropping

8 Clarification of AAA server in scope/out of scope issues (Section 7 in current draft) –Out of scope: user's authentication process and how the user gets authenticated and how the AAA server gets the authorization data –In scope: attacks concerning the communication between the NAS and the AAA server, once the AAA server gets the authentication data Attacks Against ANCP Defined Use Cases (Section 7 in the current draft) : –re-organization and some revisions –Major changes: Dynamic access loop attributes use case: –downgrading caused by man-in-the-middle attack –Removing network snooping from on-path and off-path passive attacks Access loop configuration use case: on-path passive attacks learning the configuration attributes Changes since last version 3/4

9 Security requirements update –The protocol solution MUST offer authentication of the AN to the NAS –The protocol solution MUST offer authentication of the NAS to the AN –The protocol solution MUST allow authorization to take place at the NAS and at the AN –The protocol solution MUST offer replay protection –The protocol solution MUST provide data origin authentication –The protocol solution MUST be robust against DoS attacks –The protocol solution SHOULD offer confidentiality protection –The protocol solution SHOULD distinguish the control messages from the data Changes since last version 4/4

10 Next Step Soliciting comments Considering the WG position for the Multicast use case Asking for LC


Download ppt "Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt."

Similar presentations


Ads by Google