IETF Logo Mail Archive

[Manet-dt] MANET packet security

"Ian Chakeres" <ian.chakeres@gmail.com> Sat, 15 April 2006 23:08 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FUtsx-0005FY-Ci; Sat, 15 Apr 2006 19:08:59 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FUtsw-0005FT-77 for manet-dt@ietf.org; Sat, 15 Apr 2006 19:08:58 -0400
Received: from nz-out-0102.google.com ([64.233.162.207]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FUtsu-0001OA-TR for manet-dt@ietf.org; Sat, 15 Apr 2006 19:08:58 -0400
Received: by nz-out-0102.google.com with SMTP id x3so289671nzd for <manet-dt@ietf.org>; Sat, 15 Apr 2006 16:08:56 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uX0r/5zkULAIBYj/H6YOOAAsy5RoGK4A7Kn184Eq4qWL4W0rRTW2rjFgf5UWHzNa/bFw5UHnJpBqgk3rWx3hU2/LlD/+6YGwJ4mSJa07m4q8EaJ+44GJUOhDteheNhXrO5/qxNV8vShCtT+NOJGevVvy8FkOqozyJyLJM0gvNGY=
Received: by 10.37.22.49 with SMTP id z49mr758394nzi; Sat, 15 Apr 2006 16:08:56 -0700 (PDT)
Received: by 10.37.18.44 with HTTP; Sat, 15 Apr 2006 16:08:56 -0700 (PDT)
Message-ID: <374005f30604151608p1c6c0270t1e738f250573c3c4@mail.gmail.com>
Date: Sat, 15 Apr 2006 16:08:56 -0700
From: "Ian Chakeres" <ian.chakeres@gmail.com>
To: manet-dt@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
Subject: [Manet-dt] MANET packet security
X-BeenThere: manet-dt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: MANET Design Team <manet-dt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/manet-dt>, <mailto:manet-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/manet-dt>
List-Post: <mailto:manet-dt@ietf.org>
List-Help: <mailto:manet-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/manet-dt>, <mailto:manet-dt-request@ietf.org?subject=subscribe>
Errors-To: manet-dt-bounces@ietf.org

The OLSRv2 ND ID elaborates on several of the security issues related
to our MANET protocols and it got me thinking...

I think the base specs of our MANET protocols should include a
mechanism to secure packets, that is authenticate the source, as well
as ensure the contents of the packet have not been modified, replayed,
etc.

I believe that a framework like that in SEND (rfc3971, see Section 4 &
9.2) will work for MANET packets. Additional security will likely need
to be added for more security related to the information passed around
the network, but the SEND framework can be the first step in that
direction.

Is anyone aware of something like SEND for IP packets? I would rather
not reinvent the wheel.

If we need to do this type of procedure, I think it should probably
live with the packetBB document or another BB document. What do you
think?

Ian

rfc3756 is another good read = " IPv6 Neighbor Discovery (ND) Trust
Models and Threats"

One more thing - I think for the base MANET specs we should operate
under the following assumption (rfc3756), where all nodes are MANET
routers. More complex scenarios need not be included in the base spec.

"""
Trust Model
       A model where all authenticated nodes trust each other to behave
       correctly at the IP layer and not to send any ND or RD messages
       that contain false information.  This model is thought to
       represent a situation where the nodes are under a single
       administration and form a closed or semi-closed group.  A
       corporate intranet is a good example.
"""

_______________________________________________
Manet-dt mailing list
Manet-dt@ietf.org
https://www1.ietf.org/mailman/listinfo/manet-dt

v2.8.7 | Report a Bug | By Email