530 likes | 674 Vues
Participant Access Control in IP Multicasting. PhD Thesis Defence. Salekul Islam Supervisor: Dr. J. William Atwood Computer Science and Software Engineering Concordia University. Project Highlights. Access Control: Authentication, Authorization & Accounting. Participant:
E N D
Participant Access Control in IP Multicasting PhD Thesis Defence Salekul Islam Supervisor: Dr. J. William Atwood Computer Science and Software Engineering Concordia University
Project Highlights Access Control: Authentication, Authorization & Accounting Participant: Receivers & Sender(s) Receiver Access Control IGMP with Access Control (IGMP-AC) Verification by PROMELA/SPIN Validation by AVISPA Access Control Architecture Sender Access Control PANA, IKEv2 and IPsec SA Policy Framework Inter-domain Access Control Architecture Diameter Agents Mobile Multicast: Receiver Access Control & Secured Handoff Data Distribution Control Multicast SA Participant Access Control in IP Multicasting
Existing Multicast Service Model DDT: Data Distribution Tree Routing Protocol Builds DDT Sends multicast data AR3 CR3 CR3 CR1 Receivers EUs AR1 CR2 Sender AR2 IGMP Messages EUs Join/Leave Data forwarding using DDT Participant Access Control in IP Multicasting
Existing Multicast Service Model : Vulnerabilities Adversary Sender AR1 Forged data AR3 CR3 CR3 CR1 Receivers EUs AR1 CR2 Sender AR2 Routing Protocol Join AR4 IGMP Join Adversary Receiver Participant Access Control in IP Multicasting
Multicast-based Applications Participant Access Control in IP Multicasting
Motivation: Revenue Generation Architecture • Secure Multicasting • Protecting control messages—routing protocol specific • Protecting multicast data—encryption and authentication • Securing multicasting only fails to happen in large scale commercial deployment • A revenue generation architecture considers • Participant access control—AAA for sender(s) and receivers • Policy enforcement • E-commerce communications Participant Access Control in IP Multicasting
Why Access Control? • Effects of forged IGMP messages • Join message pulls distribution tree, may create DoS • Leave message prunes distribution tree, prevents legitimate users from receiving • IGMP security—only authenticates IGMP messages • Attacks by a forged sender • Replay attack • Sender address spoofing attack • May create DoS • GKM fails to prevent these attacks Participant Access Control in IP Multicasting
How to deploy access control? Coupling access control with IGMP Per-packet cryptographic protection at AR • Receiver access control for a secured group • While joining/leaving • Changing reception state at ARs • Sender access control for a secured group • Sending data Participant Access Control in IP Multicasting
Overview of Our Access Control Architecture AR3 CR3 Receivers EUs AR1 CR1 Sender CR2 AR2 • Sender Access Control • AAA for sender(s) • Per-packet protection • Data Distribution Control • Protects distribution tree from • forged sender • Not routing protocol security • Receiver Access Control • AAA for receivers/EUs Participant Access Control in IP Multicasting
Access Control and Authentication in Unicast • Access Control is achieved by AAA framework • RADIUS—with limited functionalities • Diameter—next generation AAA protocol • Extensible • Large AVP • Agent support • For authentication IETF has designed • Extensible Authentication Protocol (EAP) • Protocol for carrying Authentication for Network Access (PANA)—EAP lower layer Participant Access Control in IP Multicasting
Authentication, Authorization and Accounting (AAA) Framework NAS: Network Access Server End User Database AAA Server Network Authentication Authorization Access is granted Accept Accounting NAS AAA Client AAA protocol EU credentials Requesting access to network End User Participant Access Control in IP Multicasting
Extensible Authentication Protocol (EAP) By peer or authenticator AAA Server EAP Server NAS/ EAP Authenticator End User EAP Peer EAP Diameter (EAP) Peer to authenticator Authenticator to peer (Initiate EAP) Encapsulated over Diameter • EAP summary • Authentication framework • Multiple authentication • EAP methods • Four EAP messages • Request, Response • Success, Failure EAP Request1 EAP Response1 Diameter (EAP Response1) Diameter (EAP Request2) EAP Request2 EAP ResponseN Diameter (EAP ResponseN) Diameter (EAP Success) EAP Success Participant Access Control in IP Multicasting
Protocol for carrying Authentication for Network Access (PANA) PaC : PANA Client AS : Authentication Server EP : Enforcement Point PAA : PANA Authentication Agent RADIUS/ Diameter PAA PaC AS PANA SNMP/API EP IKE • PANA summary • Network access protocol • Works as EAP lower layer • Four entities: PaC, PAA, AS, EP Participant Access Control in IP Multicasting
Key Challenges for Access Control Architecture • The most generic architecture • Deployable for multi-domain distributed groups • Supports wide range of authentication • Independent of routing protocol • Supports both ASM and SSM • A scalable solution • Minimum workload for on-tree routers and end hosts • A distributed solution (e.g., using AAA) • Reuse standard frameworks/protocols • Fits easily in the existing Internet service model • Will reduce the work of service providers Participant Access Control in IP Multicasting
Proposed Architecture GO/MR Out of the scope of the thesis FI Updates Registration Participants Database & Policy Server AAAS CR1 Diameter CR2 AR3 CR3 IGMP Carrying EU auth. info AR1 Sender NAS AR2 EUs NAS Participant Access Control in IP Multicasting
Receiver Access Control: Related Work Based on IGMPv2 Specific authentication No authorization & accounting Suffer from common attacks Participant Access Control in IP Multicasting
IGMP Extension: Requirements A generic client-server authentication An authentication framework (e.g., EAP) should be deployable Must be based on IGMPv3 and support “source filtering” Works in in parallel with IGMPv3 and Open multicast group Only authenticated/authorized EUs are allowed to modify IGMP reception states Performs EU authentication as few times as possible Not inclined to a particular business model or to a specificrelation between NSP and CP Not restricted to single domain Reuses standard protocols and framework Participant Access Control in IP Multicasting
Receiver Access Control using IGMP-AC Participants Database AAA Server Diameter (EAP) AR3 CR3 IGMP-AC (EAP) AR1 CR1 Sender CR2 AR2 EUs NAS • IGMP with Access Control (IGMP-AC) • Extended version of IGMPv3 • Encapsulates EAP packets • Verification using SPIN • Validation using AVISPA Participant Access Control in IP Multicasting
IGMP-AC Protocol • State Diagrams for Host, AR and AAAS • Additional messages • Authentication Unicast Query (auquery) • Authentication Report(areport) • Authentication Result(aresult) • Required reception states • Host: (G, S, EU id, authentication info, filter mode) • AR: (G, S, EU id, authorization and accounting info, filter mode) Participant Access Control in IP Multicasting
IGMP-AC Verification by PROMELA/SPIN Participant Access Control in IP Multicasting
Verification Results PROMELA model from the state diagrams Simple model, but satisfies all states/transition of state diagrams First, random simulation runs and no error reported Simulator generates Message Sequence Chart (MSC) Next, SPIN produces the Verifier (C program) from PROMELA model Different search techniques: Exhaustive, Depth-first, Breadth-first, Bit-state storage and Hash compact. Search for errors: Assert violation, Invalid end-state, Non-progress cycle, Never claim and Unreachable state Reaches depth up to > 800 Output confirms free from error, no unreachable state Participant Access Control in IP Multicasting
End User Authentication using Extensible Authentication Protocol (EAP) EAP Encapsulation over IGMP-AC EU/ Peer EAP method AAA Server EAP method EAP peer AR/Authenticator/NAS EAP layer EAP auth EAP auth EAP auth EAP peer IGMP-AC IGMP-AC EAP layer EAP layer EAP layer Lower layers Lower layers AAA/IP AAA/IP Participant Access Control in IP Multicasting
EAP Method Example EAP Internet Key Exchange (EAP-IKEv2) Method Standard EAP messages P <- S: EAP-Request/Identity P -> S: EAP-Response/Identity(Id) 3. P <- S: EAP-Req (HDR, SAs, KEs, Ns) 4. P -> S: EAP-Res (HDR, SAp, KEp, Np, [SK{IDp}]) 5. P <- S: EAP-Req (HDR, SK{IDs, AUTH}) 6. P -> S: EAP-Res (HDR, SK{IDp, AUTH}) 7. P <- S: EAP-Success D-H exchange Mutual auth. by AUTH P : Peer/EUN : NonceHDR : Header S : Server/AAASID : IdentitySA : Cryptographic Algorithm KE : Deffie-Hellman componentAUTH : Authentication payload SK{x} : x is encrypted and authenticated Participant Access Control in IP Multicasting
Security Properties Validation of EAP-IKEv2 Simplified AVISPA Model of EAP-IKEv2 Security Goals P <- S: request_id P -> S: respond_id.P P <- S: SA.KEs.Ns P -> S: SA.KEp.Np.[{IDp}_SKp] P <- S: {S.{AUTHs}_inv(Ks)}_SKs P -> S: {P.{AUTHp}_inv(Kp)}_SKp P <- S: success Mutual authentication Key establishment Confidentiality Replay protection KEs : exp(G, DHs) AUTHs : SA.KEs.Ns.Np KEp : exp(G, DHp) AUTHp : SA.KEp.Np.Ns SKp : hash(Ns.Np.exp(exp(G,DHs),DHp) SKs : hash(Ns.Np.exp(exp(G,DHp),DHs) Participant Access Control in IP Multicasting
MitM Attack on P2P Model Peer Intruder Server Intruder convinced P he was talking with S! ATTACK TRACE (s,10) -> i: request_id i -> (p,3) : request_id (p,3) -> i : respond_id.p i -> (s,10): respond_id.i (s,10) -> i: SA(3).exp(g,DHs(3)).Ns(3) i -> (p,3) : SA(3).exp(g,DHs(3)).Ns(3) (p,3) -> i : SA(3).exp(g,DHp(4)).Np(4) i -> (s,10): SA(3).exp(g,DHp(4)).Np(4) (s,10) -> i: {s.{SA(3).exp(g,DHs(3)).Ns(3).Np(4)}_inv(ks)} _(f(Ns(3).Np(4).exp(exp(g,DHp(4)),DHs(3)))) i -> (p,3) : {s.{SA(3).exp(g,DHs(3)).Ns(3).Np(4)}_inv(ks)} _(f(Ns(3).Np(4).exp(exp(g,DHs(3)),DHp(4)))) Replaces “p” with “i” Participant Access Control in IP Multicasting
Fixing the Attacks Newly added 5. P <- S: hash{MID.SKs}.{S.{AUTHs}_inv(Ks)}_SKs 6. P -> S: hash{MID.SKp}.{P.{AUTHp}_inv(Kp)}_SKp Specified as mandatory • Still AVISPA could find the attacks • Second modification fixed the attacks Developed from the P2P model by adding authenticator between peer and server 4. P -> S: SA.KEp.Np.{IDp}_SKp% for symmetric key authentication 4. P -> S: SA.KEp.Np.{P}_SKp% for asymmetric key/password % authentication • AVISPA reported the pass-through model attack free First modification Participant Access Control in IP Multicasting
Sender Access Control: Related Work Lack of accounting Specific authentication Suffer from common attacks Dependent on specific protocol Participant Access Control in IP Multicasting
Sender Access Control AAA-Key AAA Server PaC-EP-Master-Key IKE-pre-shared-Key AAA-Key IKE-pre-Shared-Key Diameter (EAP) AR3 CR3 Sender AR1 CR1 PANA (EAP) CR2 AR2 IKEv2 1. Anti-replay 2. Prevents source address spoofing 3. Minimizes DoS IPsec SA EUs NAS Participant Access Control in IP Multicasting
Benefits of Sender Access Control • Provides AAA functionalities • Per-packet cryptographic protection • Minimum overhead and fast packet processing • Independent of routing protocol • Serves both ASM and SSM groups • Security services by IPsec SA • Anti-replay • Prevents source address spoofing • Minimizes DoS Participant Access Control in IP Multicasting
Policy Framework: Requirements • Extends the proposed access control architecture • Entities of MSEC FW will be present • Based on IETF Policy FW, should have • PDP: Policy Decision Point • PEP: Policy Enforcement Point • Policy repository • Divides policy into Data Control Policy and Access Control Policy • Independent of policy specification language and transport protocol Participant Access Control in IP Multicasting
Policy Framework PDP: Policy Decision Point PEP: Policy Enforcement Point Group Owner Policy Repository (XACML) Policy Management Tool Sender Sender GC/KS PDP NAS/PEP AR3 NAS/PEP AR1 Policy Protocol (SAML) AAA Server AAA Server NAS/PEP AR4 NAS/PEP AR2 Receivers Receivers Participant Access Control in IP Multicasting
Inter-domain Communication: Diameter Agents NAS: Network Access Server DRL: Diameter ReLay Agent DRD: Diameter ReDirect Agent HMS: HoMe AAA Server DRD Network Access Identifier (NAI) (e.g., bob@example.com) 2. Request Contains route to reach example.com 3. Redirect Notification No route for HMS NAS DRL HMS 1. Request 4. Request 5. Answer 6. Answer example.net example.net example.com Performs route lookup in Realm Routing Table Participant Access Control in IP Multicasting
Inter-domain Receiver Access Control Participants’ Database Group Owner AAA (EAP) NW3 Home AAAS Sends NAI of EU AAA AAA (EAP) Redirect Relay IGMP-AC (EAP) NW1 NW2 AR1 AR1 BR1 BR2 Sender MBGP EUs Participant Access Control in IP Multicasting
Inter-domain Sender Access Control Participants’ Database Group Owner AAA (EAP) NW3 Home AAAS Checkpoint at entrance of NW1 AAA (EAP) AAA Relay Redirect Sender AR1 AR1 CR BR1 BR2 PANA (EAP) MBGP NW2 NW1 IKEv2 EUs IPsec SA Participant Access Control in IP Multicasting
Data Distribution Control Data Distribution Multicast SA (MSA) NW2 AR2 BR2 EUs NW1 MBGP AR1 BR1 Sender DR NW3 AR3 BR3 EUs Checkpoints Participant Access Control in IP Multicasting
Multicast Security Association (MSA) MSA Get MSA parameters S GCKS Constructs MSA Transports data R1 R2 Rn • MSA provides: • Multicast data integrity • Anti-replay • Prevention of source address spoofing Participant Access Control in IP Multicasting
Data Distribution Control Centralized MSA NW2 AR2 BR2 EUs NW1 MBGP AR1 BR1 Sender DR NW3 AR3 BR3 EUs Sender Receivers Participant Access Control in IP Multicasting
Data Distribution Control Only BRs and ARs are member of MSA Receiver of MSA1 Sender of MSA2 Distributed MSA MSA2 NW2 MSA1 AR2 BR2 EUs NW1 DR MBGP AR1 BR1 Sender NW3 Sender Receivers AR3 BR3 EUs MSA3 Participant Access Control in IP Multicasting
Establishing the MSA: Extended PIM (S, G) Join Centralized MSA Distributed MSA S S MSA1 MSA DR DR PIM (S, G) Join BR11 BR12 MSA2 BR11 BR12 MSA3 AR21 AR22 AR23 AR24 AR21 AR22 AR23 AR24 Cost for a d-ary height h tree: Cost for a d-ary height h tree: Participant Access Control in IP Multicasting
Comparison of Performance Participant Access Control in IP Multicasting
Summary of Two Methods Low for distributed Low for centralized Scalable & flexible for distributed Low for centralized Flexible for distributed Participant Access Control in IP Multicasting
Receiver Mobility and Secured Handoff: Related Work Researchers have concentrated in two issues: Reducing handoff time Optimizing communication between mobile host and IGMP router Receiver access control and secured handoff are absent! Aggregating many multiple IGMP messages Advanced joining the DDT Deploying Handoff Agent—proxy for MN and replies IGMP query Allowing MN to go into sleep mode Sending unsolicited join without IGMP query Tuning IGMP query timer Participant Access Control in IP Multicasting
Mobile Receiver Access Control and Secured Handoff Source MR: Multicast Router MN: Mobile Node LAAAS: Local AAAS HAAAS: Home AAAS HAAAS DR MR Multicast DDT CR2 CR1 Routing Protocol Join Domain1 Multiple round-trips AAA (EAP) AAA (EAP) MR NAS NAS NAS LAAAS MR IGMP-AC (EAP) Domain3 Domain2 Handoff MN (EU) MN (EU) Participant Access Control in IP Multicasting
EAP Re-authentication (ERP) Optional message MN/EU MR/AR Local AAAS Peer ER Authenticator Local ER Server EAP-Initiate/ Re-auth-Start EAP-Initiate / Re-auth AAA(EAP-Initiate / Re-auth) AAA(rMSK, EAP-Finish / Re-auth) EAP-Finish / Re-auth) Single Round-trip from Peer to Local ER Server Participant Access Control in IP Multicasting
ERP Key Hierarchy Established at the end of EAP session Authenticator MR/NAS Local ER Server EAP Server Peer/EU MSK EMSK MSK EMSK DSRK DSRK DSRK Mutual authentication DS-rRK DS-rRK rMSK rMSK DS-rIK rMSK DS-rIK MSK : Master Session Key EMSK : Extended Master Session Key DSRK : Domain Specific Root Key DS-rRK: Domain Specific re-authentication Root Key rMSK : re-authentication Master Session Key DS-rIK : Domain Specific root Integrity Key Participant Access Control in IP Multicasting
Mobile Receiver Access Control in Wireless Networks Home EAP Server ER : EAP Re-authentication ERP: EAP Re-authentication Protocol Home Domain DSRK2 AAA (EAP) DSRK1 Local ER Server2 Domain1 Domain2 Local ER Server1 AAA (ERP) AAA (EAP) AAA (ERP) AAA (ERP) NAS3 NAS4 NAS2 NAS1 IGMP-AC (ERP) IGMP-AC (ERP) IGMP-AC (ERP) IGMP-AC (EAP) Micro Mobility Macro Mobility Peer Peer Peer Peer Participant Access Control in IP Multicasting
Conclusion: Major Contributions • Developing a participant access control architecture • A complete access control architecture • Provides policy enforcement and acknowledges e-commerce • Supports inter-domain multicast groups for the first time • Receiver access control using IGMP-AC • Verification using PROMELA/SPIN • Validation of EAP-IKEv2 by AVISPA, fixing MitM attack • Successfully overcome limitations of previous IGMP extensions • Sender access control • Per-packet cryptographic protection • Prevents anti-replay, sender address spoofing, minimizes DoS Participant Access Control in IP Multicasting
Conclusion: Major Contributions • Developing access control policy framework • Unique FW—both fits with MSEC FW and follows IETF Policy FW • A novel inter-domain data distribution control • Two alternate ways to deploy MSAs: Centralized and Distributed • MSA construction methods—explained in depth • Compared the two methods • Mobile Multicast • Receiver access control by IGMP-AC • Secured handoff with low latency Participant Access Control in IP Multicasting
Conclusion: Impacts of Our Research • Access control is acknowledged as key component to be solved by • IETF MBONED Working Group • ITU-T IPTV Focus Group • We have projected • Missing components in MBONED framework • The additional problems to be addressed • Mobile multicast architecture will open new horizon of wireless networks for IP multicast • Will facilitatethe e-commerce researchers with an extendible framework Participant Access Control in IP Multicasting
Conclusion: Future Work • Complete the development of the protocols • Define the packet format • Specify timers’ values • Presented our architecture in MBONED Meeting during 69th IETF Meeting, 2007 • Actively working on writing Internet Drafts • Explaining the IGMP-AC protocol • Describing the EAP/ERP encapsulation over IGMP-AC for mobile multicast • Moreover, inter-domain DDT control for ASM groups • Extend mobile multicast architecture for source mobility Participant Access Control in IP Multicasting