1 / 8

Enhancing IPSec Security Synchronization with Extended ESP Format

This document discusses advancements in IPSec security related to time packet identification and synchronization. Key aspects include insights from TICTOC and IETF 78 documents that outline requirements for time packet identification. A new flexible ESP format is introduced, which includes additional authentication information to better identify encrypted payloads without impacting the current IPv4 header. This solution aims to provide seamless integration in both IPv4 and IPv6, enhancing end-to-end frequency synchronization while coordinating discussions between Tictoc and IPSecMe groups.

zelda
Télécharger la présentation

Enhancing IPSec Security Synchronization with Extended ESP Format

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Extended ESP for IPSec Security Synchronization Rock

  2. Introduction • Aspects related to security planned to be studied in TICTOC • In IETF 78, two documents has discussed the requirements on identify time packet in IPSec, these documents could found in following link: • Packet Timing Security Aspects(Tictoc-2 from IETF-78: www.ietf.org/proceedings/78/slides/tictoc-2/tictoc-2.htm ) • Security requirement for 1588v2 over IPsec (tictoc-3 from IETF -78: www.ietf.org/proceedings/78/slides/tictoc-3/tictoc-3.htm ) • There is a new document gives a solution on how to mark the synchronization message when IPSec is implemented in end to end frequency synchronization. (draft-xu-tictoc-IPsec-security-for-synchronization-00)

  3. Current ESP Format • No reserved field for additional usage, such as identifying encrypted payload data.

  4. The New Flexible ESP Format The new ESP format contains additional authentication information. it is comprised of ESP special usage flags (one octet zeros), extended data type, extended data length, and the optional Authentication Payload.

  5. The New Flexible ESP Format Used In Time Packet • This figure gives sample usage of new ESP format for time packet. The value of the data type field and the format of Authentication Payload need further discussion.

  6. The Advantage on this solution • No impact on current IPv4 header, all the extension is on ESP. • This solution could also be used in IPv6 which already supports ESP. • The extension on ESP could be used not only to identify encrypted time packet, but also to identify other encrypted service packet when necessary.

  7. Issues • The solution is related to Tictoc and IPSecMe group, how to coordinate two groups to discuss this solution?

More Related