report on the security and privacy working group karen sollins mit may 30, 2007
TRANSCRIPT
Report on theSecurity and Privacy Working
GroupKaren Sollins
MIT
May 30, 2007
5/30/07 Sollins/PrivSec Report 2
The “Take-away”
Authentication in the core of the network would provide significant added value.
Authentication can valuably be scoped to reduce the problem space.
Both trust and engineering play crucial roles in making it feasible.
5/30/07 Sollins/PrivSec Report 3
Objective
Consider the value and feasibility of provision of authentication as a core service inside the network (not only E2E)Examples of need from membersIdentification of challengesStudy approachesEvaluate in the context of member supplied
examples
5/30/07 Sollins/PrivSec Report 4
Background
Role of security in architecture
End-to-end design criteria
The changing scene
The challenges of authentication
5/30/07 Sollins/PrivSec Report 5
Candidate approaches
I3: indirection at the IP layer
HIP: layer between IP and transport
NAP/NAC: integration of host, network
and perimeter authentication,
assurance, and authorization
5/30/07 Sollins/PrivSec Report 6
Examples from participants
Radius (BT) GSM and 3GPP authentication (BT) SIP (Nokia) Stateful Anycast for DDoS mitigation (MIT) Dynamic Routing in IPSec (Nortel) DKIM (Cisco) Distributed Authorization for Web Services
(Microsoft - invited in for this, not regular participant)
5/30/07 Sollins/PrivSec Report 7
Authenticated entity types
Host Host interface End-point Network/realm Switch VLAN Anycast group
Person Network connection Access class (NAP) Web auth entities Business/enterprise SIP call id DKIM ids Mail sender/relay Radius/AAA entities 3GPP subscriber/auth center GAA/GBA entities
5/30/07 Sollins/PrivSec Report 8
Challenges
Authentication as component of a function Nature of authenticated
entities Policies Trust Anonymity Specific services
required to support it
Scoping of authentication Limit types of entities Scaling Independence of control Choice of algorithms and
strength Distribution of
vulnerability
This is representative, but not complete
5/30/07 Sollins/PrivSec Report 9
Organization
Leadership: Dirk Trossen (new), Karen Sollins Participation: BT, Intel, Motorola, Nortel, Cisco, Nokia,
FranceTelecom (prev.), MIT Meetings: bi-weekly, Tuesday, 12-1pm ET,
teleconference White paper on work to date in progress (some text
exists!) Infrastructure:
Mailing list: [email protected] Web site: http://cfp.mit.edu/groups/security/security.html
Includes all documents, slides and notes from each meeting Simple id/pw protection (“privsec”)
5/30/07 Sollins/PrivSec Report 10
Looking forward
WG meeting tomorrow morning3 talks
Dave Clark: an application architecture and the E2E arguments
Manish Dave: privacy, the Intel perspective Dave Reed: privacy issues in Living the Future
Discussion about our next focus (led by Dirk Trossen)
What we want to do How we want to do it
Intellectual study Proof of concept How best to engage members