1 / 8

Opaque Intermediary Services Framework | Enhancing Network Security

Join the BOF chaired by Kevin Fall and Hui-Lan Lu to develop protocols for secure intermediary services, mitigating link issues and ensuring end-to-end security. Explore related work and deliverables. Useful links provided.

amadorj
Download Presentation

Opaque Intermediary Services Framework | Enhancing Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Access Link Intermediaries Assisting Services (alias) BOF Chairs: Kevin Fall (kfall@intel-research.net) Hui-Lan Lu (huilanlu@lucent.com)

  2. Goals • Further clarify the problems previously discussed at INTERSEC and TRIGTRAN BOFs • Work toward a charter

  3. Agenda • Introduction and agenda bashing • A brief history, Area Directors, 5 min. • INTERSEC perspective, T. Woo, 15 min. • TRIGTRAN perspective, S. Dawkins, 15 min. • Open discussion (WG charter…) • Wrapping up

  4. Tentative Charter • Develop the framework and protocols for providing “opaque” intermediary services to mitigate effects caused by problematic (access) links, wireline or wireless • Address secure interactions among intermediaries and endpoints and response to changing link conditions • Define a solution that minimizes impact on end-to-end security and encompasses means for invocation, authentication, authorization, and delivery of intermediary services

  5. Intermediary Services • Transport trigger notification • Performance enhancement (which may be invoked in response to transport trigger notification) • Ingress packet filtering (e.g., DoS prevention) • QoS support • …

  6. Related Work • Working Groups • Open Pluggable Edge Services (opes) • Middlebox Communication (midcom) • Next Steps in Signaling (nsis) • IP Security Protocol (ipsec) • Performance Implications of Link Characteristics (pilc) • Securing Neighbor Discovery (send) • RFCs • RFC 3135 - Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations • RFC 3424 - IAB Considerations for UNilateral Self-Address Fixing (UNSAF) Across Network Address Translation • RFC 3238 - IAB Architectural and Policy Considerations for Open Pluggable Edge Services • RFC 3234 - Middleboxes: Taxonomy and Issues

  7. Tentative Deliverables • Problem statement and use cases • Supported intermediary services and their characteristics • Services performed with knowledge and consent of endpoints • Transport trigger set • Change of intermediary due to handoff, load balance, or fail over • … • Threat analysis and security considerations • IPsec considerations and applicability • Architectural framework • Protocol(s)

  8. Useful Information • MAILING LIST: alias@mailman.berkeley.intel-research.net • TO JOIN: http://mailman.berkeley.intel-research.net/mailman/listinfo/alias • READING: • draft-blumenthal-intermediary-transport-00.txt • draft-dawkins-trigtran-framework-00.txt • draft-dawkins-trigtran-probstmt-01.txt • draft-dawkins-trigtran-linkup-00.txt

More Related