stein-65 slide 1 pw security measures pwe3 – 65 th ietf 10 november 2005 yaakov (j) stein

5
Stein-65 Slide 1 PW PW security security measures measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Upload: joshua-webb

Post on 13-Dec-2015

216 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 1

PWPWsecuritysecurity

measuresmeasuresPWE3 – 65th IETF

10 November 2005

Yaakov (J) Stein

Page 2: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 2

ReminderReminder

At IETF64 security threats were presented:

PWs have special features that may be exploited by hackers

PW control plane does not mandate authentication

PW user packets have no authentication/encryption options

draft-stein-pwe3-sec-req-00.txt reviews security requirements

here we will mention a few solution ideas …

Page 3: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 3

Control Protocol AuthenticationControl Protocol Authentication

Problemmany of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided

if it is not possible to impersonate a PEthus PWE control protocol needs a strong authentication mechanism

Solution 1 – MD5 use MD5 signature option (shared key per peer) per RFC3036 every LDP message (even hellos) is authenticated MD5 may be replaced by SHA-1 or any other message digest

Solution 2 – authentication TLV for initialization new optional TLV in the initialization message use public key mechanism reject if no authentication TLV or if authentication fails

Page 4: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 4

PW Packet AuthenticationPW Packet Authentication

Problems PW label is the only identifier in packet CW sequence number can be used for DoS attack

Solutionadd optional authentication field between control word and payload

(becomes a control word extension)

lightweight option32 bit CW extension (must be negotiated via a new LDP TLV)

computed based on limited-size input, for example:– sequence number + salt– sequence number + checksum of payload

heavyweight option64 or 128 bit CW extension (must be negotiated via a new LDP TLV)

hash of sequence number + payloadWARNING: if performed in SW enables DoS attack

Page 5: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 5

PW Packet EncryptionPW Packet Encryption

at IETF-64 we discussed encrypting the PW payload

Problem PW is not reliable – may lose packets (don’t even know how many bytes lost) so, can’t use stream cipher, CBC, CFB, etc. modes

Solution 1 use ECB mode on sequence number + payload

(including sequence number blocks replay attacks)

Solution 2 generate per-packet key based on secret key and sequence number use ECB mode on payload