inria rhône-alpes - planète research group reed-solomon fec i-d ldpc-* fec i-d tesla i-d...
TRANSCRIPT
INRIA Rhône-Alpes - Planète research group
Reed-Solomon FEC I-DLDPC-* FEC I-D
TESLA I-DSimple-auth I-D
IETF 70th – Vancouver meeting, November 2007
Vincent Roca (INRIA)
2 - INRIA - Planète
SituationSituation
Reed-Solomon FEC
draft-ietf-rmt-bb-fec-rs-05.txt updated
LDPC FEC
draft-ietf-rmt-bb-fec-ldpc-07.txt updated
TESLA source authentication for ALC/NORM
draft-ietf-msec-tesla-for-alc-norm-03.txt updated
Simple auth. schemes for ALC/NORM
draft-roca-rmt-simple-auth-for-alc-norm-01 updated
3 - INRIA - Planète
Part 1:
Reed-Solomon FEC BB
4 - INRIA - Planète
What’s new with the R-S document?What’s new with the R-S document?
“publication requested” in Sept. 2007
“proposed standard” category
two versions published
-04 (Oct. 2007) and -05 (Nov. 2007)
version -05 takes into account comments on mailing list (Igor
Slepchin and Alfred Hoenes):
corrected error in “Determining the Max Src Block Length”
changed the way the max_n parameter is calculated
(floorceil) from the target code rate for a better match
5 - INRIA - Planète
What’s new with the R-S document (cont’)What’s new with the R-S document (cont’)clarified that the “max_n algorithm” is only RECOMMENDED
to be used. Receivers can estimate “n” for a given block, but
MUST be prepared to handle symbols with an ESI >
“estimated n”
takes into account comment sent during IESG review
(Magnus/Francis Dupont/Elwyn Davies/Stephen Kent/Russ
Housley)
a brand new « Security » section (but too detailed ;-)
several details corrected…
next step:
new version (-06) under progress
6 - INRIA - Planète
Part 2:
LDPC-staircase/triangle FEC BB
7 - INRIA - Planète
What’s new with the LDPC-* document?What’s new with the LDPC-* document?
“publication requested” in Sept. 2007
“proposed standard” category
one versions published
-04 (Oct. 2007) and -05 (Nov. 2007)
version -05 takes into account comments on mailing list (Alfred
Hoenes + Igor Slepchin indirectly)
better separation between mandatory and recommended
procedures
changed the way the max_n parameter is calculated
(floorceil) from the target code rate for a better match (no
backward compatibility impact)
8 - INRIA - Planète
What’s new with the LDPC-* document (cont’)What’s new with the LDPC-* document (cont’)
takes into account comment sent during IESG review
(Magnus/Brian Carpenter/Russ Housley/Jari Arkko)
a brand new « Security » section (but too detailed ;-)
several details corrected…
removal of the C code’s copyright (with the permission of the
authors and R. Neal)
updated PRNG section:
• the scaling in [0; maxv[ algorithm is mandatory
• C implementation moved in annex (will be replaced by a
pointer in next version, as agreed with Robin Whittle)
next step:
new version (-07) under progress
9 - INRIA - Planète
Part 3:
TESLA for ALC and NORM
10 - INRIA - Planète
What’s new?What’s new?
most changes already done in -02 version (July 07)
reminder:
compact authentication tag
• without the “i” interval index field but instead one or two sub-
fields when feasible
authentication tag without key disclosure
• to reduce packet’s overhead
optional embedded group MAC feature
current version only improves the text, no new feature
11 - INRIA - Planète
(Very preliminary) performance results(Very preliminary) performance results
test conditions:
512000 packets send, 512 bytes/packet (total of 250 kB)
HMAC-SHA-1 with 160 bit keys
100 keys per TESLA key chain, 0.5s TESLA time interval
measure the time taken to send all packets (no receiver)
results (sender):
TESLA (W/O group MAC): 6.362 s
Group MAC authentication: 6.063 s
Digital signatures authentication: 776.548 s
TESLA is only 4.93% slower than Group MAC auth.
more detailed performance analysis under progress
12 - INRIA - Planète
Work under progressWork under progress
under progress…
we need to finish TESLA for ALC implementation (soon)
useful to check the accuracy of the document
we need to verify in particular the steps specified in
5.2 Authentication of received packets
open points/questions to the group
do we keep the optional weak group MAC?
or do we add an external group MAC authentication scheme
(I-D under progress) that can be used in the same session?
would simplify the specs, but adds more overhead
clarify what parameters are needed with digital signatures
13 - INRIA - Planète
Part 4:
Simple authentication schemes for
ALC and NORM
- slides already presented during
IETF’69 -
14 - INRIA - Planète
Simple auth schemes for ALC/NORMSimple auth schemes for ALC/NORM
an I-D…
that defines two basic authentication schemes for group
communications
shares the EXT_AUTH format ASID field is used
goal is to have an appropriate set of authentication
schemes for group comm.
for per packet, transport level (i.e. within ALC/NORM) security
it’s complementary to IPsec layer 3 security
15 - INRIA - Planète
Simple auth schemes for ALC/NORM… (cont’)Simple auth schemes for ALC/NORM… (cont’)
pros/cons in short
+----------------+-------------+--------------+-------------+-------+
| | RSA Digital | ECC Digital | Group MAC | TESLA |
| | Signature | Signature | | |
+----------------+-------------+--------------+-------------+-------+
| True auth and | Yes | Yes | No (group | Yes |
| integrity | | | security) | |
| Immediate auth | Yes | Yes | Yes | No |
| Processing | -- | + | ++ | + |
| load | | | | |
| Transmission | -- | + | ++ | + |
| overhead | | | | |
| Complexity | ++ | ++ | ++ | -- |
| IPR/patents | ++ | -- | ++ | ++ |
+----------------+-------------+--------------+-------------+-------+
16 - INRIA - Planète
Simple auth schemes for ALC/NORM… (cont’)Simple auth schemes for ALC/NORM… (cont’)
example: 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HET (=1) | HEL (=33) | ASID | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
. .
. Signature (128 bytes) .
. .
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HET (=1) | HEL (=4) | ASID | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| Group MAC (10 bytes) |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Digital Signature
EXT_AUTH header
extension using
1024 bit signatures
Group MAC
EXT_AUTH header
extension using
HMAC-SHA-1.
128
byt
es12
byt
es
17 - INRIA - Planète
To conclude with simple auth schemesTo conclude with simple auth schemes
it’s the logical follow-up to TESLA I-D
provides a comprehensive set of techniques for the most
basic security feature: source authentication and packet
integrity
a WG Item?