220 likes | 238 Views
Link-local security. J.W. Atwood, S. Islam PIM Working Group 2007/12/04 bill@cse.concordia.ca. Draft-ietf-pim-sm-linklocal-02. Minor changes Title: Authentication and Confidentiality … Some housekeeping New Stuff Enlarged section on “Communications Patterns”. Recent activity.
E N D
Link-local security J.W. Atwood, S. Islam PIM Working Group 2007/12/04 bill@cse.concordia.ca
Draft-ietf-pim-sm-linklocal-02 • Minor changes • Title: Authentication and Confidentiality … • Some housekeeping • New Stuff • Enlarged section on “Communications Patterns”
Recent activity • (Not yet reflected in the draft) • Discussion with Brian Weis and Ya Liu about common features among OSPF, PIM-SM and RSVP • an idea for extending GDOI for our use • Development of ideas on controlling adjacency
An Example Network • Useful to explore the management of keys and SAs
R6 R11 R14 R5 R10 R13 R4 R9 R12 R3 R8 R2 R7 Basic Network R1
R6 R11 R14 R5 R10 R13 R4 R9 R12 R3 R8 R2 R7 R1 as Sender R1
R6 R11 R14 R5 R10 R9 R13 R4 R12 R3 R8 R2 R7 R9 as Sender R1
R6 R11 R14 R5 R10 R13 R4 R9 R12 R3 R8 R2 R7 R1 as Receiver R1
Communications among peers • The previous slides illustrate that the communication is, effectively, N little groups, each of which has a single sender, and a receiver set consisting of all of its immediate neighbors. • Even though all these groups share one (multicast) address, the Source Address can be used to distinguish them.
..2 • To manage this, we can mandate one of the following: • A single key for the entire administrative region • A key per “speaking router” • This will be an element of “policy” for the routers
Key management architecture • For the first case, the GC/KS needs to distribute the (shared) key to all routers • For the second case, each speaking router needs to distribute its key to all adjacent routers • Overall control of the adjacencies should be centralized, for network operator convenience • We can model this as a central Group Controller (GC) and N distributed Key Servers (KS) (one per router)
..2 • Each KS is initialized with its adjacencies at installation time, along with the address of the group controller for the PIM-SM “control plane key management group” • On startup, the last known configuration of adjacencies is used, and then refreshed from the GC after an appropriate interval.
..3 • Only the GC needs to be replicated for reliability (if an individual router is down, it is not needed as a key server)
Management of the “key management” group • The GDOI GC/KS is formulated as a centralized entity. • An extension needs to be specified • To specify the protocol between a centralized GC and the (thousands of) individual KS • ask MSEC to host this work
Similarities to OSPF work • OSPF has the same (link-local) problem, except that they cannot assume unicast connectivity to the central KS when they boot up, so they “really need” the local key server to retain its last configuration across restarts
Similarities to other work that could be done • RSVP does next-hop (almost link-local) communication; at least some of the ideas here will map to their requirements • Other protocols surely exist that could use this kind of “near-neighbor” communication
Suggestion • Extract this common problem • Generate a separate Internet Draft to describe and solve it. • For now, we will use “key management for control planes” as a label for this sub-problem.
Adjacency Lists in GCKS • Question of deciding which router(s) are entitled to receive keys from a “speaking router” • To ensure that rogue routers do not “appear” as neighbors of a particular router, the GC can maintain an “adjacency matrix” or adjacency lists, and only authorize true neighbors to receive the key for a particular “speaker” router
Alternate Views of “Validity of the Adjacency” • For IPv6 • May be able to use the “Neighbor Discovery” functionality in IPv6 to certify the validity of a particular neighbor. • Alternatively, a local KS may refer to the central GC to approve the distribution of a key
..2 • For IPv4 • Need to use the central GC to approve the distribution of a key • Alternatively, need to create an IPv4 equivalent for neighbor discovery and certification
Plans • Complete the exploration of the adjacency control issues • Define the extensions to GDOI (in MSEC wg) and create an Internet Draft • Create an Internet Draft on the (sub-) problem of “key management for control planes” (with others) • Rewrite the link-local Internet Draft to use the GDOI extensions (in PIM wg)