Upload File

stein-65 slide 1 pw security measures pwe3 – 65 th ietf 10 november 2005 yaakov (j) stein

  • Home
  • Documents
  • Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein
5
Stein-65 Slide 1 PW PW security security measures measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Upload: joshua-webb

Post on 13-Dec-2015

216 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 1

PWPWsecuritysecurity

measuresmeasuresPWE3 – 65th IETF

10 November 2005

Yaakov (J) Stein

Page 2: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 2

ReminderReminder

At IETF64 security threats were presented:

PWs have special features that may be exploited by hackers

PW control plane does not mandate authentication

PW user packets have no authentication/encryption options

draft-stein-pwe3-sec-req-00.txt reviews security requirements

here we will mention a few solution ideas …

Page 3: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 3

Control Protocol AuthenticationControl Protocol Authentication

Problemmany of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided

if it is not possible to impersonate a PEthus PWE control protocol needs a strong authentication mechanism

Solution 1 – MD5 use MD5 signature option (shared key per peer) per RFC3036 every LDP message (even hellos) is authenticated MD5 may be replaced by SHA-1 or any other message digest

Solution 2 – authentication TLV for initialization new optional TLV in the initialization message use public key mechanism reject if no authentication TLV or if authentication fails

Page 4: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 4

PW Packet AuthenticationPW Packet Authentication

Problems PW label is the only identifier in packet CW sequence number can be used for DoS attack

Solutionadd optional authentication field between control word and payload

(becomes a control word extension)

lightweight option32 bit CW extension (must be negotiated via a new LDP TLV)

computed based on limited-size input, for example:– sequence number + salt– sequence number + checksum of payload

heavyweight option64 or 128 bit CW extension (must be negotiated via a new LDP TLV)

hash of sequence number + payloadWARNING: if performed in SW enables DoS attack

Page 5: Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein

Stein-65 Slide 5

PW Packet EncryptionPW Packet Encryption

at IETF-64 we discussed encrypting the PW payload

Problem PW is not reliable – may lose packets (don’t even know how many bytes lost) so, can’t use stream cipher, CBC, CFB, etc. modes

Solution 1 use ECB mode on sequence number + payload

(including sequence number blocks replay attacks)

Solution 2 generate per-packet key based on secret key and sequence number use ECB mode on payload


Stein Speech

PWE3 Introduction 20090724 A

Stein 1992

Stem & Stein

Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein

Stein Fall

Stein MultiPhase Custom Cooking Solutions · Stein GYRoCOMPACT® GCO II-1000 Oven Stein ProBake Stein JSO Jet Stream® Oven Stein ProGrill® Stein THERMoFIN® Fryer (TFF) ™ Stein

Stein, Gertrude. Portraits and Repetition Stein. Penguin ... · Stein, Gertrude. “Portraits and Repetition”. Stein. Penguin Group USA, 2001. Print

Documents tips stein pa stein tekstboka 2014 (1)

Stein Pres

Everything about TDMoIP PWE3 – 52 nd IETF 12 December 2001

The Stein Line - Stein Collectors Internationalstein-collectors.org/wp-content/uploads/2015/01/2014d_Dec-Stein... · Year to all our friends! ... In this edition of The Stein Line

PWE3 Congestion Considerations draft-ietf-pwe3-congcons (temporarily expired) Yaakov (J) Stein David Black Bob Briscoe

2) Overview - MPLS & Tecnología PWE3

1 Update from Version 1 draft-dong-pwe3-mspw-oam-02.txt Yang [email protected]

Annette Stein Interview (MORS) · and Annette Stein. Mr. Arthur ÔÔArtÕÕ Stein, FS,wasthethirdPresidentofMORS,serving from 1967 to 1968. Dr. Annette Stein, ArtÕs wife and one

Bill Stein

Roth Stein

Smart NG-OLT - · PDF fileSmart NG-OLT Huawei SmartAX MA5800 ... MPLS&PWE3 LDP, RSVP-TE, MPLS OAM, tunnel PS, TDM/ETH PWE3, PW Redundancy, MPLS BGP IP VPN

Read Stein Stein!

Allen stein

Update from Version 1 draft-dong-pwe3-mspw-oam-02.txt

SPVC Service Spanning ATM & PWE3/PSN George Swallow swallow@cisco

Key Technologies of PTN - PWE3 V1.1. Contents Introduction to PWE3 Technology PWE3 Service Bearing

Clarence Stein

Stein complaint

Precision Time Protocol (aka IEEE1588) TICTOC and PWE3 PWE3 WG IETF Prague 2007 Ron Cohen Resolute Networks [email protected]

Stein Berg

Indexed as: Stein Stein Répertorié : Stein Stein...Malka Stein Intimée Répertorié : Stein c. Stein Référence neutre : 2008 CSC 35. N o du greffe : 31704. 2008 : 1 er février;

joseph stein

Braun Stein

TDMoIP Slide 1 TDMoIP Real - world issues PWE3 – 54 rd IETF 15 July 2002 Yaakov (J) Stein [email protected]

Edith Stein

3. PWE3 Introduction for OptiX RTN 910950 ISSUE 1.00

Stein Pa Stein - Ellingsen, Mac Donald