1 / 11

Softwire Security Analysis and Guidance for Mesh

Softwire Security Analysis and Guidance for Mesh. Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota. draft-ietf-softwire-security-requirements-XX.txt. 1. Outline. Mesh Network Model Security Reference Model Defensive Techniques Security Threats Security Requirement

lyn
Télécharger la présentation

Softwire Security Analysis and Guidance for Mesh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Softwire Security Analysis and Guidance for Mesh Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota draft-ietf-softwire-security-requirements-XX.txt 1

  2. Outline • Mesh Network Model • Security Reference Model • Defensive Techniques • Security Threats • Security Requirement • Defensive Techniques on Control Plane • Next Steps

  3. Network Model of Softwire Mesh • Peer Model • Softwire mesh network is peer model (PE based) as defined by Softwire Problem Statement document. • A dual stack AFBR is provided by a service provider • Mesh softwire is established by extended MP-BGP with tunnel SAFI. • Overlay Model • Overlay model (CE based) is not applied to Softwire mesh to avoid the special dual stack device in access networks. CE PE CE PE AFBR AFBR PE CE AFBR AFBR AFBR AFBR Overlay Model Peer Model

  4. PE PE PE PE CE CE CE CE CE CE CE CE CE P P P P Security Reference Model • Vulnerability to security threats for Control and Data Plane depends on whether AF(j) backbone is secure network or not • The probability of threat depends on whether the transit network consists of a single service provider network or multiple network domains. AF(i) Static Route or Routing Protocol Attack on Control Plane Route Reflector AF(i) BGP Update AF(i) AF(i) AFBR-2 AF(j) Backbone AF(i) AFBR-1 AF(i) AFBR-N AF(i) AF(i) Attack on Data Plane DoS Intrusion AF(i)

  5. Use of Defensive Techniques • Softwire Mesh MUST be able to prevent threat X. • This means that the softwire protocol for control and data plane should be capable of preventing threat X. • The features or defensive techniques that prevent threat X may or may not be used depending on the deployment and the operational issues. Reference: RFC4016

  6. PE PE PE PE CE CE CE CE CE CE CE CE CE P P P P Counter Measures against Security Threats AF(i) Static Route or Routing Protocol TCP MD5 or IPsec AF(i) Route Reflector BGP Update AF(i) AF(i) AFBR-2 AF(j) Backbone AF(i) AFBR-1 AF(i) AFBR-N AF(i) AF(i) IPsec Static Routing Packet Filtering IPsec tunnel supported by extended MP-BGP with Tunnel SAFI AF(i)

  7. Security Threats Threat Level Resource exhaution Unauthorized deletion of data traffic Service Disruption DoS Degradation of service quality Modification Replay Insertion of Non-authentic data traffic for spoofing and replay Service Theft Modification of data traffic Spoofing Unauthorized Observation of Data Traffic Snooping First Step in other Attacks Unathorized traffic pattern analysis Sniffing Reference: RFC4111

  8. Cryptographic Techniques and IPsec Encryption is to protect privacy although additional computation burden. IPsec needs to specify an encryption algorithm, key length etc. Applicability of encription depends on the trust model among transit and access networks. PE(AFBR) – CE PE(AFBR) – PE (AFBR) End-to-end or CE-CE [user provisoned model is ouside the scope of softwire mesh] At least, PE-PE IPsec is provisoned by a service provider Authentication CE-PE authentication PE-to-PE Authentication Access control techniques CE packet access list and Filering in PE Firewalls Defensive Techniques

  9. Protection within the transit network Control plane protection MP-BGP UPDATE may be authenticated by using TCP MD5 or IPsec. Data plane protection IPsec provides encription of secure user data IPsec, L2TPv3 in IPsec, and mGRE in IPsec softwire mesh encapsulations are defined. (draft-nalawade-kapoor-tunnel-safi-05.txt) Protection on the user access link BGP MD5 authentication on PE-CE links using eBGP Authentication/encryption mechanisms (i.e. IPsec) between ASes for inter-provider connection Protection against spoofing Security Requirement

  10. TCP MD5 (RFC2385) Offering Authentication and integrity on a point-to-point basis Protection from spoofing attacks and connection hijacking Lack of an automated key distribution Overly long-term use of symmetric keys IPsec ESP protocol offers authentication, data integrity, and anti-replay between BGP speakers (i.e. AFBRs) IKE protocol for automated key management in support of ESP PKI requires a substatial amount of computation, compared with shared secret version of IKE. Guidelines for mandating the use of IPsec is provided by draft-bellovin-useipsec-05.txt TCP MD5 or IPsec for MP-BGP UPDATE

  11. Issues and Next Steps • Automated key management for IPsec softwire mesh tunnel per RFC4107(Guidelines for Cryptograph Key Management): memo of 3/23/06 • Consideration for transit network consisting of multi-domains. Because Inter AS-AS connection is in the scope of softwire mesh. • Multicast case • Document update

More Related