IETF Logo Mail Archive

Re: [OSPF] FW: Using dynamically derived Traffic Keys for Routing Protocols

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Sat, 16 April 2011 02:04 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ospf@ietfc.amsl.com
Delivered-To: ospf@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 85C09E0690 for <ospf@ietfc.amsl.com>; Fri, 15 Apr 2011 19:04:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.035
X-Spam-Level:
X-Spam-Status: No, score=-6.035 tagged_above=-999 required=5 tests=[AWL=0.564, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFsl7s868OIc for <ospf@ietfc.amsl.com>; Fri, 15 Apr 2011 19:04:41 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by ietfc.amsl.com (Postfix) with ESMTP id B57F9E061E for <ospf@ietf.org>; Fri, 15 Apr 2011 19:04:41 -0700 (PDT)
Received: from inbansmailrelay1.in.alcatel-lucent.com (h135-250-11-31.lucent.com [135.250.11.31]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id p3G24YVL020425 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 15 Apr 2011 21:04:37 -0500 (CDT)
Received: from INBANSXCHHUB03.in.alcatel-lucent.com (inbansxchhub03.in.alcatel-lucent.com [135.250.12.80]) by inbansmailrelay1.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id p3G24Xce027663 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Sat, 16 Apr 2011 07:34:33 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.50]) by INBANSXCHHUB03.in.alcatel-lucent.com ([135.250.12.80]) with mapi; Sat, 16 Apr 2011 07:34:33 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: "curtis@occnc.com" <curtis@occnc.com>
Date: Sat, 16 Apr 2011 07:34:31 +0530
Thread-Topic: [OSPF] FW: Using dynamically derived Traffic Keys for Routing Protocols
Thread-Index: Acv7rTHNlCY0I8J3RdyYpuosivy/MwAKoPeQ
Message-ID: <7C362EEF9C7896468B36C9B79200D8350CFD0DE7A3@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: Your message of "Thu, 14 Apr 2011 10:40:26 +0530." <4DA681C2.5070108@alcatel-lucent.com> <201104152039.p3FKd8U9075368@harbor.orleans.occnc.com>
In-Reply-To: <201104152039.p3FKd8U9075368@harbor.orleans.occnc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: Re: [OSPF] FW: Using dynamically derived Traffic Keys for Routing Protocols
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Apr 2011 02:04:42 -0000

 
> The common practice as I understand it is to maintain at least two
> keys, one is used to build authentication headers and one or either of
> the two can be used to check authentication headers.  During a
> cutover, there is an interim period during which one end is more up to
> date than the other.  First the second key is added as an alternate
> key to check authentication headers.  Then when the provider (or
> software) has verified that this key is available where it needs to
> be, the new key is used to build authentication headers.  Finally the
> old key is disabled and the process can be repeated later.

Yes, this is correct.
 
> The session keys would be unique to a pair of routers, would be
> transient in nature, and there is no need for the NOC (network
> operation center) to know what session keys are in use at any given
> time.  Only the persistant keys would be maintained by the NOC and
> held in non-volitile memory so as to remain persistant over reboots.

This too is correct and is inline with what I am thinking.

I was initially thinking of deriving the traffic or the session key based on the nonce that the other end generates. While this works when there are only two routers speaking to each other, it creates a problem on a LAN because now you don't know which nonce to pick for generating the traffic key. We could define some election mechanism but that's getting needlessly complex.

A different approach that fixes this issue is by deriving the traffic key based on the nonce that the router itself generates.

Let me explain how.

Routers A and B have a Key/Password that is exchanged through some OOB mechanism or a KMP. Each side generates a nonce and mixes it with the Key using some KDF to derive its own traffic keys. This means that both A and B use a different traffic key/password to secure the packets on the TX. Upon receiving the protected protocol packets each side reads the Nonce that's carried in the packet and is able to derive the traffic key since its aware of the original Key and the KDF. It uses this traffic key to authenticate the packet. 

To make this work the freshness of a packet carrying the nonce must be guaranteed, because we don't want the receiver to start consuming replayed packets carrying an older nonce.

This can be achieved by using a mechanism similar to our original challenge/response mechanism which will always guarantee freshness.

Traffic or Session Key rollover is achieved by simply changing the Nonce at the local end. The receiver will verify that its indeed the router that it should be speaking to that's changed this and once it verifies it will move to the new key. Again, how the receiver verifies this has been explained in draft-bhatia-karp-ospf-ip-layer-protection

Cheers, Manav

v2.23.0 | Report a Bug | By Email