190 likes | 202 Views
This document discusses the security measures in the Hub & Spokes model of the Softwire framework, including mutual authentication, encryption, IPsec, and access control techniques. It also covers the security challenges in the Mesh solution. Published and revised version with comments from the Interim Meeting.
E N D
Softwire Security Update Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota 67 IETF, San Diego
Document Status • Published -01 version • Revised “Hubs and Spokes” security Security description in framework document is added. Modification with comments at Interim Meeting. • Security for Mesh solution is added. • Subject to Framework Document • This work will keep track with the framework document. • This document will change over time subject to change of framework document.
SC Hub & Spokes Security Model (Trusted) AF(i) • Mutual Authentication SHOULD be offered. (optionally one side) PPP Authentication (CHAP) AF(i,j) AF(i) AAA SI PPP/L2TP/UDP/IP Softwire AF(j) Host User’ Home ISP Network CPE Access Network DoS TRUSTED PPP Encryption (ECP) Voluntary Tunnel • Authentication can be turned off when already authenticated by other means.
SC SC Hub & Spokes Security Model (Non-Trusted) AF(i) • Mutual Authentication MUST be used. • PPP Authentication: no per-packet authentication, integrity nor replay protection RFC3193 Service Theft • IPsec authentication MUST be used. Non-TRUSTED L2TPv2, PPP AAA SI Softwire User Host ISP Network Public Facilities DoS Snoop Spoof Replay Modification Deletion Rogue SC MITM BLH PPP Encryption (ECP): No key management
Softwire Authentication Mechanism • PPP Authentication • Mutual authentication using CHAP • No per-packet authentication, no integrity, no replay protection • L2TPv2 Authentication • Optional CHAP-like authentication • Same security verunerability as PPP • IPsec Authentication • MUST be used in non-trusted, public IP network • IKE must be supported. • Selection of Key management mechanism depends on deployment scenario (shared secret, certificate and EAP exchange identity for IKEv2 ) • NAT-traversal in IKE
Control and Data Plane Protection • IPsec can provide the necessary security mechanisms • “Full payload security” on control and data plane when required. • Fornon-trusted network RFC3193: for Confidentiality, ‘Should’ for Control and ‘May’ for Data.
IPv6 SC Applying IPsec in Hub&Spokes Scenario • L2TPv2 and IPsec filter guidelines described in RFC3193 in case where the SC chooses a new IP address/port number: load-balancing • Use RFC3193 IPsec filter details (section 4) • SC and SI must have IPsec security policy filters pre-configured. AAA SI (PPP/L2TPv2/UDP/IPv4) Softwire User ESP (transport mode) Host ISP Network
AF(j) SC IPsec Security Policy example SI (PPP/L2TPv2/UDP/AF(i)) Softwire User ESP (transport mode) src dst Protocol Action --- --- -------- -------- * SC ESP BYPASS * SC IKE BYPASS * SC UDP, src *, dst 1701 PROTECT(ESP,transport) src dst Protocol Action --- --- -------- -------- SI SC ESP BYPASS SI SC IKE BYPASS SI SC UDP, src 1701, dst 1701 PROTECT(ESP,transport) SC SI UDP, src * , dst 1701 PROTECT(ESP,transport)
SC SC Hub & Spokes Non-Authenticated Mode AF(i) Service Theft Non-Authentication Service Non-TRUSTED L2TPv2, PPP SI Softwire User Host ISP Network (Visited) Public Facilities Snoop Spoof Replay Modification Deletion Ingress Filter Rogue SC MITM BLH Anonymous Connection
SC SC SC Hub & Spokes Security Model (Visited) AF(i) ISP Network (Home) AAA Service Theft Host Authentication Roaming Agreement Non-TRUSTED L2TPv2, PPP AAA SI Softwire User Host ISP Network (Visited) Public Facilities Snoop Spoof Replay Modification Deletion Rogue SC MITM BLH
CE CE PE CE P PE CE P PE CE CE P PE P CE CE CE Mesh Security Model AF(i) Static Route or Routing Protocol Attack on Control Plane Route Reflector AF(i) BGP Update AF(i) AF(i) AFBR-2 AF(j) Backbone AF(i) AFBR-1 AF(i) AFBR-N AF(i) AF(i) Attack on Data Plane DoS Intrusion AF(i)
CE CE PE CE P CE PE P PE CE CE P PE P CE CE CE Security Protection TCP MD5 IPsec S-BGP, soBGP, psBGP AF(i) Static Route or Routing Protocol AF(i) Route Reflector BGP Update AF(i) AF(i) AFBR-2 AF(j) Backbone AF(i) AFBR-1 AF(i) AFBR-N AF(i) AF(i) IPsec Static Routing Packet Filtering AF(i)
Softwire Mesh Security Protection • Control Plane Protection • TDP MD5 MUST be supported Peer-peer based authentication Replay protection is not enough No protection for confidentiality • IPsec ESP provide confidentiality as well as integrity and authentication. IKE must be supported for replay protection • S-BGP, soBGP, and psBGP (Byzantine attacks) • Data Plane Protection • IPsec Encapsulation To support replay protection, integrity, and confidentiality ESP, IKE • Access Control Techniques
TCP MD5 and IPsec for MP-BGP UPDATE • TCP MD5 (RFC2385) • Offering Authentication and integrity on a point-to-point basis • Protection from spoofing attacks and connection hijacking • But not for eavesdropping and weak against replay attacks • Lack of an automated key management • IPsec • ESP protocol offers authentication, data integrity, and anti-replay between BGP speakers (i.e. AFBRs) • IKE protocol supported for automated key management • PKI can be used when available. • draft-bellovin-useipsec-05.txt provides guidelines for mandating the use of IPsec.
IPsec Softwire Mesh (Data Plane) • Encapsulation • BGP Tunnel SAFI provides Softwire mesh encapsulation attributes. • IPsec encapsulation is defined in Tunnel SAFI attributes. • IPsec Parameters • ESP (with or without encryption) • Transport/Tunnel Mode • Automated Key Management (IKE phase1 and ID) • Selectors • SPD • Proposed IPsec Tunnel Information TLV is enough? (only IKE identifier)
Next Steps • To work with security liaison for the review of the document. • To continue to track the framework document update.
Comments from Tero Kivinen • 1. Introduction • Needs more explanation • 3.1 H&S deployment Scenario • Something missing in description • 3.3 Softwire Security Threat Scenarios • Add more other protocol • 3.4 Softwire Security Guidelines • Editorial • Need correction of IKE description • 3.5 Guidelines for Usage of Security Protection Mechanism • Need for IKEv2 description
Comments from Tero Kivinen (cont.) • 3. 5.2.3 IPsec Authentication • To address that Group Shared key should not be used. • 3.5.5.1 IPv6 over IPv4 Softwire with L2TPv2 example • Comments on PDS table. Need more work. • 4.1 Deployment Scenarios • Add more words • 4.3 Softwire Threat Scenarios • Need some more explanation • 4.5.1 Security Protection mechanism for Control Plane • TCP MD5 should not be mandated. IPsec Should be.
Comments from Tero Kivinen (cont.) • 4. 5.1.1 TCP MD5 • TCP MD5 does not protect against so security attacks described in the document. Need more proper description for TCP MD5. • 4.5.1.2 IPsec • Use of AH should be dropped. AH does not work for NAT traversal. • Should mention IKEv2 instead of IKEv1 • 4.5.1.3 Secure BGP • Typo