L3A: A Protocol for Layer Three Accounting

Alwyn Goodloe, Matthew Jacobs, Gaurav ShahUniversity of Pennsylvania

Carl A. GunterUniversity of Illinois

SOHO to Enterprise Example

Home Internet Office

C AP VPN SWPA to AP

Ipsec to Office

SSH to Server

Three levels ofAuthentication andEncryption!

Address TranslatorsAnd Firewalls

Multi-Tunnel Configuration

Application

Protocols to set upTunnels/

Security Objectives Of Tunnels

N/W Security/Key Exchange

Cramming Attacks

Client Server

AccountingSystem

SD

Professional Workstation 6000

PRO

Attacker

E2E SecurityTunnel

NetworkAccessServer(NAS)

NAS SecurityTunnel

UnauthenticatedIngress

Countermeasures

Add difficult-to-discover state to return port. Problematic: On-path attackers Establishing sufficient state

Example: Network Address Translation (NAT) Determined by four flow parameters Well known destinations give strategies for server ports

and addresses Weaknesses in NAT parameter selections Brute force: 10,000 pkts/sec on stock machine Observed 7 minutes for timeout

Tunnel as Countermeasure

NAS

Client ServerEncrypted and

Authenticated E2E Tunnel

AuthenticatedClient2NAS

Tunnel

AuthenticatedNAS2Server

Tunnel

Challenge: Coordinate the creation of the tunnels

Related Work

Accounting Simple Network

Management Protocol (SNMP)

RADIUS Juniper Networks:

GPRS gateway provides protection against “over-billing” attacks

Tunnel Configuration Solsoft Policy Server Z. Fu and S.F. Wu

2001 Cisco Dynamic

Multipoint VPN (DM VPN)

Cisco Tunnel Endpoint Discovery (TED)

L3A Set-Up

Client NAS Server

Req(cred)

Ack(cred)

Fin

SPD CS:(CN)

SPD CS:(CN)

SPD SC:(SN)

SPD:SC:(SN)

L3A Set-Up With Reuse

Client

Server1

Server2

NAS

Req(Cred)

SPD CS2:(CN)

SPD CS2:(CN)

SPD S2C:(S2N)

SPD S2C:(S2N)

Ack(cred)

L3A Tear-Down

eb d

f

1.delete(e)

remove e

remove f

2.delete(e,f)

3.TD-Req(n-s)

6.TD-Ack(n,s)

4.delete(c)

5.delete(c,d)

remove c

remove e, f

remove dremove c, d

remove a

remove bremove a, b

7.delete(a)

8.delete(a,b)

a c

Client NAS

Server

Implementation

Micron 600MHz Pentiums, 128 MB memory in C/S and 256 in NAS, 100 Mbps Ethernet links

FreeBSD 4.8, OpenSSL crypto, PF_KEY interface to SPD

IKE- our implementation of IKEv2 with support for nested tunnels

IKE-

Initiator

Update SADB:I->RUpdate SPDB:I->R

Update SADB:R->I

Update SPDB:R->I

Update SADB:I->R

Update SPDB:I->R

Update SADB:R->I

Update SPDB:R->I

1. SPI-i,0,F,KE-i,n-i

2. SPI-i,SPI-r,F, KE-r, n-r

3. SPI-i,SPI-r, E*(Sk-r,M)where M = ID-i,ID-r,Cert-i,Auth-i,TS-i,TS-r

4. SPI-i, SPI-r, E*(SK-r,N)where N = ID-i, Cert-r, Auth-r

SD

Professional Workstation 6000

PRO

SD

Professional Workstation 6000

PRO

Responder

Performance Measurements

Throughput How does L3A bulk transmission compare to no

accounting or other approaches to accounting? Latency

How does L3A set-up compare to other approaches in ms required for set-up and tear-down?

Both measured for a single client and server; NAS was only lightly loaded.

NAS

Client ServerEncrypted and

Authenticated E2E Tunnel

AuthenticatedClient2NAS

Tunnel

AuthenticatedNAS2Server

Tunnel

Throughput Cases

Base – no security End-to-end – IPsec with encryption and

authentication between client and server Typical – IPsec E2E and IPsec with

encryption and authentication between client and NAS

L3A – E2E and authenticated tunnels between client and NAS NAS and server

Throughput

0

10

20

30

40

50

60

70

80

90

Base End-to-end Typical L3A

Mb

/s

79.7

25.4

9.6

19.3

L3A is 100% faster than typical L3A is 32% slower than no accounting

Latency Cases

End-to-end – IPsec IKE- from end to end L3A without reuse L3A with reuse of client to NAS tunnel

Latency

0

20

40

60

80

100

120

140

160

180

End-to-end L3A w/ Reuse L3A w/o Reuse

Tim

e (m

s)

66

97.9

159.5

Latency to establish tunnels for accounting is 142% greater than end-to-end protection alone, but

In the most common case, it will be only 48% longer.

Conclusions

Introduced concept of cramming attacks Reviewed possible countermeasures and did

penetration study of NAT Proposed L3A protocol Implementation shows reasonable

performance Main contribution: progress on how to design

multi-tunnel protocols