inria rhône-alpes - planète research group reed-solomon fec i-d ldpc-* fec i-d tesla i-d...

INRIA Rhône-Alpes - Planète research group

Reed-Solomon FEC I-DLDPC-* FEC I-D

TESLA I-DSimple-auth I-D

IETF 70th – Vancouver meeting, November 2007

Vincent Roca (INRIA)

2 - INRIA - Planète

SituationSituation

Reed-Solomon FEC

draft-ietf-rmt-bb-fec-rs-05.txt updated

LDPC FEC

draft-ietf-rmt-bb-fec-ldpc-07.txt updated

TESLA source authentication for ALC/NORM

draft-ietf-msec-tesla-for-alc-norm-03.txt updated

Simple auth. schemes for ALC/NORM

draft-roca-rmt-simple-auth-for-alc-norm-01 updated


Part 1:

Reed-Solomon FEC BB


What’s new with the R-S document?What’s new with the R-S document?

“publication requested” in Sept. 2007

“proposed standard” category

two versions published

-04 (Oct. 2007) and -05 (Nov. 2007)

version -05 takes into account comments on mailing list (Igor

Slepchin and Alfred Hoenes):

corrected error in “Determining the Max Src Block Length”

changed the way the max_n parameter is calculated

(floorceil) from the target code rate for a better match


What’s new with the R-S document (cont’)What’s new with the R-S document (cont’)clarified that the “max_n algorithm” is only RECOMMENDED

to be used. Receivers can estimate “n” for a given block, but

MUST be prepared to handle symbols with an ESI >

“estimated n”

takes into account comment sent during IESG review

(Magnus/Francis Dupont/Elwyn Davies/Stephen Kent/Russ

Housley)

a brand new « Security » section (but too detailed ;-)

several details corrected…

next step:

new version (-06) under progress


Part 2:

LDPC-staircase/triangle FEC BB


What’s new with the LDPC-* document?What’s new with the LDPC-* document?

“publication requested” in Sept. 2007

“proposed standard” category

one versions published

-04 (Oct. 2007) and -05 (Nov. 2007)

version -05 takes into account comments on mailing list (Alfred

Hoenes + Igor Slepchin indirectly)

better separation between mandatory and recommended

procedures

changed the way the max_n parameter is calculated

(floorceil) from the target code rate for a better match (no

backward compatibility impact)


What’s new with the LDPC-* document (cont’)What’s new with the LDPC-* document (cont’)

takes into account comment sent during IESG review

(Magnus/Brian Carpenter/Russ Housley/Jari Arkko)

a brand new « Security » section (but too detailed ;-)

several details corrected…

removal of the C code’s copyright (with the permission of the

authors and R. Neal)

updated PRNG section:

• the scaling in [0; maxv[ algorithm is mandatory

• C implementation moved in annex (will be replaced by a

pointer in next version, as agreed with Robin Whittle)

next step:

new version (-07) under progress


Part 3:

TESLA for ALC and NORM


What’s new?What’s new?

most changes already done in -02 version (July 07)

reminder:

compact authentication tag

• without the “i” interval index field but instead one or two sub-

fields when feasible

authentication tag without key disclosure

• to reduce packet’s overhead

optional embedded group MAC feature

current version only improves the text, no new feature


(Very preliminary) performance results(Very preliminary) performance results

test conditions:

512000 packets send, 512 bytes/packet (total of 250 kB)

HMAC-SHA-1 with 160 bit keys

100 keys per TESLA key chain, 0.5s TESLA time interval

measure the time taken to send all packets (no receiver)

results (sender):

TESLA (W/O group MAC): 6.362 s

Group MAC authentication: 6.063 s

Digital signatures authentication: 776.548 s

TESLA is only 4.93% slower than Group MAC auth.

more detailed performance analysis under progress


Work under progressWork under progress

under progress…

we need to finish TESLA for ALC implementation (soon)

useful to check the accuracy of the document

we need to verify in particular the steps specified in

5.2 Authentication of received packets

open points/questions to the group

do we keep the optional weak group MAC?

or do we add an external group MAC authentication scheme

(I-D under progress) that can be used in the same session?

would simplify the specs, but adds more overhead

clarify what parameters are needed with digital signatures


Part 4:

Simple authentication schemes for

ALC and NORM

- slides already presented during

IETF’69 -


Simple auth schemes for ALC/NORMSimple auth schemes for ALC/NORM

an I-D…

that defines two basic authentication schemes for group

communications

shares the EXT_AUTH format ASID field is used

goal is to have an appropriate set of authentication

schemes for group comm.

for per packet, transport level (i.e. within ALC/NORM) security

it’s complementary to IPsec layer 3 security


Simple auth schemes for ALC/NORM… (cont’)Simple auth schemes for ALC/NORM… (cont’)

pros/cons in short

+----------------+-------------+--------------+-------------+-------+

| | RSA Digital | ECC Digital | Group MAC | TESLA |

| | Signature | Signature | | |

+----------------+-------------+--------------+-------------+-------+

| True auth and | Yes | Yes | No (group | Yes |

| integrity | | | security) | |

| Immediate auth | Yes | Yes | Yes | No |

| Processing | -- | + | ++ | + |

| load | | | | |

| Transmission | -- | + | ++ | + |

| overhead | | | | |

| Complexity | ++ | ++ | ++ | -- |

| IPR/patents | ++ | -- | ++ | ++ |

+----------------+-------------+--------------+-------------+-------+


Simple auth schemes for ALC/NORM… (cont’)Simple auth schemes for ALC/NORM… (cont’)

example: 0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| HET (=1) | HEL (=33) | ASID | 0 |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| |

+ +

| |

. .

. Signature (128 bytes) .

. .

| |

+ +

| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| HET (=1) | HEL (=4) | ASID | 0 |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| |

+ +

| Group MAC (10 bytes) |

+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| | Padding |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Digital Signature

EXT_AUTH header

extension using

1024 bit signatures

Group MAC

EXT_AUTH header

extension using

HMAC-SHA-1.

128

byt

es12

byt

es


To conclude with simple auth schemesTo conclude with simple auth schemes

it’s the logical follow-up to TESLA I-D

provides a comprehensive set of techniques for the most

basic security feature: source authentication and packet

integrity

a WG Item?

inria rhône-alpes - planète research group reed-solomon fec i-d ldpc-* fec i-d tesla i-d...

Documents