RE: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt ...

[Bhargav Bhikkaji <bhargav@force10networks.com>]

Hi Tal,

Thanks for your comments. Pls see inline [BB] for response

-Bhargav

From: l2vpn-bounces@ietf.org [mailto:l2vpn-bounces@ietf.org] On Behalf Of Tal Mizrahi
Sent: Monday, July 09, 2012 12:06 PM
To: Balaji venkat Venkataswami
Cc: l2vpn@ietf.org; Shankar Raman M J; tictoc@ietf.org; robert@raszuk.net
Subject: RE: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt ...

Hi Balaji,

Thanks for the prompt and detailed response.
Please see inline.

Regards,
Tal.

From: Balaji venkat Venkataswami [mailto:balajivenkat299@gmail.com]
Sent: Monday, July 09, 2012 6:47 PM
To: Tal Mizrahi
Cc: l2vpn@ietf.org; Shankar Raman M J; tictoc@ietf.org; robert@raszuk.net
Subject: Re: draft-mjsraman-l2vpn-vpls-tictoc-label-hop-00.txt ...

Dear Tal,

Comments inline
On Mon, Jul 9, 2012 at 11:44 AM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>> wrote:
Hi Balaji,

A few clarification questions - I think it would be good to clarify these issues in the draft:
1.      Since the label hopping mechanism relies on PTP, I understand that PTP traffic itself does not use label hopping, right?

The PTP traffic itself does not use label hopping.

2.      Is there something preventing the attacker from attacking PTP, thus causing DoS to the data plane?

It would be difficult for the attacker to identify which LSP is the PTP LSP for a specific VPN traffic (flow / set of flows) that is protected by this scheme. There is no information except on the ingress and egress PEs that identifies which is the PTP LSP for a particular VPN traffic protected by this scheme.

3.      Is the "additional label" similar to an Integrity Check Value (ICV) computed over part of the packet header?

It serves as a digest from which certain specific bits are chosen to become the innermost label. Which bits are chosen depends upon the bitmask exchanged during the control plane.
[TM] Right. Unless I am missing something, that sounds like a variant of an ICV: it basically produces a label which is a function(packet payload, pre-shared secret). That is essentially what an ICV does, unless I am missing something?

[BB]: Agreed, the scheme we proposed is a of ICV scheme.

4.      Is there something in your approach that would prevent an attacker from a replay attack?

For a reply attack to succeed, the replay should time the labels correctly otherwise the traffic gets rejected.
[TM] Right, so assuming the attacker is "fast enough", the attacker can replay during the time slice (which is ~seconds)?

5.      Looking at "Algorithm 3" I was not sure: does the receiver check two consequent time slots? I could not see such a check. I am referring to a case where the sender transmits at the end of a time slot, and the packet is received at the beginning of the next time slot. That would mean the receiver has to be able to tolerate two concurrent time slots, right?

Yes. It is available as +or- 1 unit (usually seconds) in the algorithm. Maybe a little more fine tuning is required on this.

6.      The security parameters K, TS, A, I are exchanged over a secure link, which basically assumes there is a pre-shared key between the peer PEs. A naive question would be: how is your approach better than just using a standard ICV, based on the existing pre-shared key?

While the ICV may protect against modification of the inner payload one cannot prevent spoofing attacks if the algorithm for the ICV is deduced. Our scheme provides facility to change the labels from time slice to time slice so that guessing what packet belongs to which VPN traffic itself becomes difficult. This is the first line of defense. If we provide ICV alone we protect against modification but not with replay attacks. The proposed scheme protects against VPN traffic identification (so replay attacks cannot be made) and modification as well through the ICV which is the innermost label.
[TM] Since an ICV uses a pre-shared key, even if the algorithm is well-known to the attacker, the attacker cannot forge/spoof it, assuming that the attacker is not exposed to the key. ICV mechanisms typically support anti replay, e.g., the IPsec AH.

[BB]: We had submitted a draft where certain bits of IPSec digital signature is used as "additional label". This would help to identify forged/spoofed packet.

http://tools.ietf.org/html/draft-bhargav-l3vpn-inter-provider-optcsec-01

thanks and regards,
balaji , shankar and bhargav

Tal.