stein-65 slide 1 pw security measures pwe3 – 65 th ietf 10 november 2005 yaakov (j) stein
TRANSCRIPT
Stein-65 Slide 1
PWPWsecuritysecurity
measuresmeasuresPWE3 – 65th IETF
10 November 2005
Yaakov (J) Stein
Stein-65 Slide 2
ReminderReminder
At IETF64 security threats were presented:
PWs have special features that may be exploited by hackers
PW control plane does not mandate authentication
PW user packets have no authentication/encryption options
draft-stein-pwe3-sec-req-00.txt reviews security requirements
here we will mention a few solution ideas …
Stein-65 Slide 3
Control Protocol AuthenticationControl Protocol Authentication
Problemmany of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided
if it is not possible to impersonate a PEthus PWE control protocol needs a strong authentication mechanism
Solution 1 – MD5 use MD5 signature option (shared key per peer) per RFC3036 every LDP message (even hellos) is authenticated MD5 may be replaced by SHA-1 or any other message digest
Solution 2 – authentication TLV for initialization new optional TLV in the initialization message use public key mechanism reject if no authentication TLV or if authentication fails
Stein-65 Slide 4
PW Packet AuthenticationPW Packet Authentication
Problems PW label is the only identifier in packet CW sequence number can be used for DoS attack
Solutionadd optional authentication field between control word and payload
(becomes a control word extension)
lightweight option32 bit CW extension (must be negotiated via a new LDP TLV)
computed based on limited-size input, for example:– sequence number + salt– sequence number + checksum of payload
heavyweight option64 or 128 bit CW extension (must be negotiated via a new LDP TLV)
hash of sequence number + payloadWARNING: if performed in SW enables DoS attack
Stein-65 Slide 5
PW Packet EncryptionPW Packet Encryption
at IETF-64 we discussed encrypting the PW payload
Problem PW is not reliable – may lose packets (don’t even know how many bytes lost) so, can’t use stream cipher, CBC, CFB, etc. modes
Solution 1 use ECB mode on sequence number + payload
(including sequence number blocks replay attacks)
Solution 2 generate per-packet key based on secret key and sequence number use ECB mode on payload