IETF Logo Mail Archive

Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System

"Joel M. Halpern" <jmh@joelhalpern.com> Sat, 29 October 2016 03:15 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149DD129482; Fri, 28 Oct 2016 20:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxXB5D4m4eBO; Fri, 28 Oct 2016 20:15:04 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBC2B129424; Fri, 28 Oct 2016 20:15:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id ABE0F240F6F; Fri, 28 Oct 2016 20:15:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1477710903; bh=oxlNDvudICIglGfbR/oc+0SsXKYFkKIQ/JbU9EBxnuo=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=YamAHn3j4zXvno7HCQCbr6blqrZMmjb06F3o4rMJX+W8uAkK7hvPlMV6plJinKOVM y1WzkopghOhcKWHcDTG4oW7Z8S+ntd3NRcgHVgy9w02g/g3WBXASA4YsisZeacr2c+ DWcq2varePWEB6LM2jB4hU7N6NOxajlHz1Jrjb9Q=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 1A900240828; Fri, 28 Oct 2016 20:15:03 -0700 (PDT)
To: Padmadevi Pillay Esnault <padma@huawei.com>, "ideas@ietf.org" <ideas@ietf.org>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com>
Date: Fri, 28 Oct 2016 23:15:28 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/j_wWt6NDXeW9Prk1_5mgiyz_8Ec>
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 03:15:06 -0000

There are some preliminary thoughts on overload issues in the security 
considerations of draft-ietf-lisp-introduction.

I will also be curious to see what the presentations at the technical 
plenary in Seoul have to suggest on the issue, if anything.

There probably is more with considering.

Yours,
Joel

On 10/28/16 7:39 PM, Padmadevi Pillay Esnault wrote:
> The recent Denial-of-service attacks is a scenario we should have in mind when building robustness in the network mapping system.
> In draft-padma-ideas-problem-statement-00.txt, there is a section on mapping system security requirements that specifically cover
> this case.
>
> One of the questions that comes to mind is whether the robustness of such a mapping system should drop/throttle responses when it is
> Overloaded or should we expect it always to handle the load no matter what?
> While we do propose to rate-limit the messages in the problem statement, isn't this playing into the hands of the attackers?
>
> Requesting feedback from the list and ccing wg with expertise in the area or interest in mapping system technology.
>
> Thanks in advance
> Padma
>
> Below an excerpt from the draft
> 6.4.  Mapping System Security
>
>    The secure mapping system must have the following requirements:
>
>    1.  The components of the mapping system need to be robust against
>        direct and indirect attacks.  If any component is attacked, the
>        rest of the system should act with integrity and scale and only
>        the information associated with the compromised component is made
>        unavailable.
>
>    2.  The addition and removal of components of the mapping system must
>        be performed in a secure matter so as to not violate the
>        integrity and operation of the system and service it provides.
>
>    3.  The information returned by components of the mapping system
>        needs to be authenticated as to detect spoofing from
>        masqueraders.
>
>    4.  Information registered (by publishers) to the mapping system must
>        be authenticated so the registering entity or the information is
>        not spoofed.
>
>    5.  The mapping system must allow request access (for subscribers) to
>        be open and public.  However, it is optional to provide
>        confidentiality and authentication of the requesters and the
>        information they are requesting.
>
>    6.  Any information provided by components of the mapping system must
>        be cryptographically signed by the provider and verified by the
>        consumer.
>
>    7.  Message rate-limiting and other heuristics must be part of the
>        foundational support of the mapping system to protect the system
>        from invalid overloaded conditions.
>
>    8.  The mapping system should support some form of provisioned
>        policy.  Either internal to the system or via mechanisms for
>        users of the system to describe policy rules.  Access control
>        should not use traditional granular-based access lists since they
>        do not scale and are hard to manage.  By the use of token- or
>        key- based authentication methods as well as deploying multiple
>        instances of the mapping system will allow acceptable policy
>        profiles.  Machine learning techniques could automate these
>        mechanisms.
>
>
> -----Original Message-----
> From: IETF-Announce [mailto:ietf-announce-bounces@ietf.org] On Behalf Of IETF Chair
> Sent: Friday, October 28, 2016 9:21 AM
> To: IETF Announcement List
> Cc: ietf@ietf.org
> Subject: Technical plenary: Attacks against the architecture
>
> The technical plenary in Seoul will be about the recent Denial-of-Service
> attacks involving the use of compromised or misconfigured nodes or
> “things”, and the architectural issues associated with the network
> being vulnerable to these attacks.
>
> See
>
>   https://www.ietf.org/blog/2016/10/attack-against-the-architecture/
>
> and join us for the discussion on Wednesday 16:40-19:10, November 16,
> 2016 either in person or remotely. You can register for the meeting here:
>
>   https://www.ietf.org/meeting/97/index.html
>
> Jari Arkko, IETF Chair
>
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>

v2.8.7 | Report a Bug | By Email