60 likes | 84 Views
PW security measures. PWE3 – 65 th IETF 10 November 2005. Yaakov (J) Stein. Reminder. At IETF64 security threats were presented: PWs have special features that may be exploited by hackers PW control plane does not mandate authentication
E N D
PWsecuritymeasures PWE3 – 65th IETF 10 November 2005 Yaakov (J) Stein
Reminder At IETF64 security threats were presented: • PWs have special features that may be exploited by hackers • PW control plane does not mandate authentication • PW user packets have no authentication/encryption options draft-stein-pwe3-sec-req-00.txt reviews security requirements here we will mention a few solution ideas …
Control Protocol Authentication Problem many of the attacks in draft-stein-pwe3-sec-req-00.txt can be avoided if it is not possible to impersonate a PE thus PWE control protocol needs a strong authentication mechanism Solution 1 – MD5 • use MD5 signature option (shared key per peer) per RFC3036 • every LDP message (even hellos) is authenticated • MD5 may be replaced by SHA-1 or any other message digest Solution 2 – authentication TLV for initialization • new optional TLV in the initialization message • use public key mechanism • reject if no authentication TLV or if authentication fails
PW Packet Authentication Problems • PW label is the only identifier in packet • CW sequence number can be used for DoS attack Solution add optional authentication field between control word and payload (becomes a control word extension) lightweight option 32 bit CW extension (must be negotiated via a new LDP TLV) computed based on limited-size input, for example: • sequence number + salt • sequence number + checksum of payload heavyweight option 64 or 128 bit CW extension (must be negotiated via a new LDP TLV) hash of sequence number + payload WARNING: if performed in SW enables DoS attack
PW Packet Encryption at IETF-64 we discussed encrypting the PW payload Problem • PW is not reliable – may lose packets (don’t even know how many bytes lost) • so, can’t use stream cipher, CBC, CFB, etc. modes Solution 1 • use ECB mode on sequence number + payload (including sequence number blocks replay attacks) Solution 2 • generate per-packet key based on secret key and sequence number • use ECB mode on payload