1 / 10

Report on the Security and Privacy Working Group

Report on the Security and Privacy Working Group. Karen Sollins MIT May 30, 2007. The “Take-away”. Authentication in the core of the network would provide significant added value. Authentication can valuably be scoped to reduce the problem space.

kylee
Download Presentation

Report on the Security and Privacy Working Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Report on theSecurity and Privacy Working Group Karen Sollins MIT May 30, 2007

  2. The “Take-away” • Authentication in the core of the network would provide significant added value. • Authentication can valuably be scoped to reduce the problem space. • Both trust and engineering play crucial roles in making it feasible. Sollins/PrivSec Report

  3. Objective • Consider the value and feasibility of provision of authentication as a core service inside the network (not only E2E) • Examples of need from members • Identification of challenges • Study approaches • Evaluate in the context of member supplied examples Sollins/PrivSec Report

  4. Background • Role of security in architecture • End-to-end design criteria • The changing scene • The challenges of authentication Sollins/PrivSec Report

  5. Candidate approaches • I3: indirection at the IP layer • HIP: layer between IP and transport • NAP/NAC: integration of host, network and perimeter authentication, assurance, and authorization Sollins/PrivSec Report

  6. Examples from participants • Radius (BT) • GSM and 3GPP authentication (BT) • SIP (Nokia) • Stateful Anycast for DDoS mitigation (MIT) • Dynamic Routing in IPSec (Nortel) • DKIM (Cisco) • Distributed Authorization for Web Services (Microsoft - invited in for this, not regular participant) Sollins/PrivSec Report

  7. Host Host interface End-point Network/realm Switch VLAN Anycast group Person Network connection Access class (NAP) Web auth entities Business/enterprise SIP call id DKIM ids Mail sender/relay Radius/AAA entities 3GPP subscriber/auth center GAA/GBA entities Authenticated entity types Sollins/PrivSec Report

  8. Authentication as component of a function Nature of authenticated entities Policies Trust Anonymity Specific services required to support it Scoping of authentication Limit types of entities Scaling Independence of control Choice of algorithms and strength Distribution of vulnerability Challenges This is representative, but not complete Sollins/PrivSec Report

  9. Organization • Leadership: Dirk Trossen (new), Karen Sollins • Participation: BT, Intel, Motorola, Nortel, Cisco, Nokia, FranceTelecom (prev.), MIT • Meetings: bi-weekly, Tuesday, 12-1pm ET, teleconference • White paper on work to date in progress (some text exists!) • Infrastructure: • Mailing list: privsec@cfp.mit.edu • Web site: http://cfp.mit.edu/groups/security/security.html • Includes all documents, slides and notes from each meeting • Simple id/pw protection (“privsec”) Sollins/PrivSec Report

  10. Looking forward • WG meeting tomorrow morning • 3 talks • Dave Clark: an application architecture and the E2E arguments • Manish Dave: privacy, the Intel perspective • Dave Reed: privacy issues in Living the Future • Discussion about our next focus (led by Dirk Trossen) • What we want to do • How we want to do it • Intellectual study • Proof of concept • How best to engage members Sollins/PrivSec Report

More Related