200 likes | 409 Views
Secure Signaling in Next Generation Networks with NSIS. Roland Bless, Martin Röhricht IEEE ICC 2009, Dresden. Motivation. Signaling protocols important component for Next Generation Networks Admission control for resource reservations Management of network entities RSVP NSIS
E N D
Secure Signaling in Next Generation Networks with NSIS Roland Bless, Martin Röhricht IEEE ICC 2009, Dresden
Motivation • Signaling protocols important component for Next Generation Networks • Admission control for resource reservations • Management of network entities • RSVP NSIS • Security of signaling protocols important • QoS reservations • Firewall configurations • NAT traversal mappings QoS Reservation Video Server IEEE ICC 2009, Dresden
Next Steps in Signaling – Overview • Two-layer approach • QoS or NAT/FW NSLP • NTLP, i.e. GIST • discovery of next signaling peer • signaling message transport (unreliable, reliable, secure) • Channel security mechanisms at GIST level • Hop-by-hop based, not end-to-end • Multiplex several different sessions over one secured channel • No per-user authentication QoS NSLP Signaling Possibly secured sections IEEE ICC 2009, Dresden
Problem Statement • No per-user or per-session authentication possible • No per-user authorization • No reliable and secure accounting • Objective: provide integrity protection for every signaling message • Session Authorization Policy Element • Relies on provision of authorization tokens from trusted third party • Opaque authorization token not sufficient • Not related to any signaling message objects IEEE ICC 2009, Dresden
Main Challenges • Add per-user authentication mechanism to Authorization Policy Element • Integrity protection parts of signaling message • Some objects should still be modifiable by intermediate nodes • E.g. QoS parameter values • Specify light-weight approach • Security shouldn’t add much additional (setup) delay • Thousands of signed signaling messages per node • Digital certificates not suitable IEEE ICC 2009, Dresden
Proposal towards Authentic NSIS Signaling Hash-Alg-ID, List of Signed NSLP Objects Key-ID for Sk Signature Data not included into HMAC included into HMAC • Establish binding of authorization object and NSLP messages Protected parts of GIST PDU e.g. Session ID, Message Routing Information GIST Objects Protected parts of QoS NSLP PDU e.g. INFO_SPEC, QSPEC QoS NSLP Objects Session Authorization Object HMAC(Sk, Data) IEEE ICC 2009, Dresden
HMAC-based protection 0 7 8 15 16 23 24 31 1 0 0 0 Type = AUTH_SESSION 0 0 0 0 Object Length Length AUTH_ENT_ID HMAC_SIGNED Reserved Hash Algorithm ID Length SOURCE_ADDR IPV4_ADDRESS IPv4 Source Address Length START_TIME NTP_TIME_STAMP NTP time stamp (1) NTP time stamp (2) Length NSLP_OBJ_LIST zero Number of signed NSLP objects=n reserved NSLP signed object (1) reserved NSLP signed object (n) padding Length AUTH_DATA zero OctetString (Key Identifier) OctetString (Message Authentication Code – HMAC Data) IEEE ICC 2009, Dresden
Kerberos based Example GIST objects QoS NSLP objects Kerberos Ticket (Incl. Session Key Sk) A1 HMAC(Sk, Data) Hash-Alg-ID, List of Signed NSLP Objects A2 Key-ID for Sk Signature Data not included into HMAC included into HMAC • Initial Session Authorization • Assumption: routers are “Kerberized” resources 4. Verifies Session Authorization Objects A1 and A2. Store key Sk extracted from A1. 1. Request Session Authorization Object Administrative Domain TGS NSLPEntity NSLPInitiator 2. Get Session AuthorizationObject A1(Resource Ticket) 3. NSLP message with Session Authorization Objects A1 and A2 IEEE ICC 2009, Dresden
NSIS-ka Suite • Open Source C++-based, multi-threaded implementation for Linux • GIST • QoS NSLP • NATFW NSLP • Well tested at Interop tests against different implementations • Currently under active development • GIST-aware NAT-Gateways • Mobility support for/with MobileIPv6 • Anticipated Handovers • Multicast Support • Integration into OMNeT++ simulation framework • Code freely available: http://nsis-ka.org IEEE ICC 2009, Dresden
Performance Evaluation • Proposed integrity protection implemented and tested • Benchmarks to determine overhead of HMAC computation • Intel Pentium IV 2.8GHz • Reading system clock at specific actions and keeping time stamps in memory • 50,000 runs measured in µs • Creation of Session Authorization Object including HMAC computation • 30.8% overhead (Mean) • HMAC verification and deserialization of PDU • 31.8% overhead (Mean) IEEE ICC 2009, Dresden
Conclusion & Outlook • Allows for user-based authentication • Integrity protection of important parts of an NSLP message • Uses resource efficient HMAC-based signatures • Key exchange not per session required • Only per user • No furtherbackend communication needed by intermediate nodes for integrity checks • Low communication overhead • Not restricted to a particular NSLP IEEE ICC 2009, Dresden
Thanks! Questions? www.tm.uka.de/itm
Backup IEEE ICC 2009, Dresden
Session Authorization by Policy Decision • Authorizing entity generates Authorization Policy Element • According to framework defined by RFC 3521 • Retrieved policy element must be copied into Session Authorization Object • QNE extracts information • Uses Diameter QoS application or RADIUS QoS protocol to contact Policy Decision Point 1. request session authorization object 4. verifies session authorization object 2. get session authorizationobject AAA QNE QNI 3. NSLP message withsession authorization object QNI: QoS NSLP Initiator QNE: QoS NSLP Entity IEEE ICC 2009, Dresden
Session Authorization Object 31 0 7 8 15 16 23 24 A B r r Type r r r r Length Session Authorization Attribute List 31 0 7 8 15 16 23 24 Length X-Type SubType Value … • Generic NSLP object header • A, B – Extensibility flags • Type – AUTH_SESSION • List of Session Authorization Attributes • X-Type – Authorizing Entity Identifier, Source/Dest. Address, Start/End Time, Authentication Data • SubType – Fully Qualified Domain Name, Digital Certificate, IPv4/v6-Address, Kerberos Principal Name, … IEEE ICC 2009, Dresden
A worked Example with Kerberos 0 7 8 15 16 23 24 31 1 0 0 0 Type = AUTH_SESSION 0 0 0 0 Object Length Length AUTH_ENT_ID KRB_PRINCIPAL OctetString (The principal@realm name) Length SOURCE_ADDR IPV4_ADDRESS IPv4 Source Address Length START_TIME NTP_TIME_STAMP NTP time stamp (1) NTP time stamp (2) Length AUTH_DATA zero OctetString (Key identifier, Resource ticket) • Session Authorization Object Format IEEE ICC 2009, Dresden
HMAC-based Protection • Use Message Authentication Code to protect parts of NSLP message • New attribute contains list of protected NSLP objects • Receiver computes hash over these objects and all attributes of authorization object • Allow for “crypto agility” • Specify identifier for used hash function • Actually used key referenced by 32 bit key ID • Sign every message but don’t change key for every transaction or flow • Distribution of shared symmetric key required • E.g. by using Kerberos IEEE ICC 2009, Dresden
NSISSignaling Layer (NSLP) SignalingApplication 1 (QoS) Signaling Application2 (NAT FW) General Internet Signalling Transport (GIST) NSISTransportLayer (NTLP) TLS UDP TCP SCTP DCCP IPsec IPv4/IPv6 IEEE ICC 2009, Dresden
0 7 8 15 16 23 24 31 Length X-Type=NSLP_OBJ_LIST SubType=zero Number of signed NSLP objects=n reserved NSLP signed object (1) reserved NSLP signed object (n) padding (if required) IEEE ICC 2009, Dresden
Kerberos based Example • Subsequent Session Authorizations GIST objects 2. Verifies Session Authorization Object A QoS NSLP objects TGS List of Signed NSLP Objects HMAC(Sk, Data) NSLPEntity A Hash-Alg-ID, Key-ID for Sk Signature Data NSLPInitiator 1. NSLP message withSession Authorization Object A not included into HMAC included into HMAC IEEE ICC 2009, Dresden