Re: [Rmt] Security scenarios and basic functions
Vincent Roca <vincent.roca@inrialpes.fr> Mon, 03 July 2006 09:44 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxKz5-0001BC-Gu; Mon, 03 Jul 2006 05:44:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxKz4-0001Ab-S0 for rmt@ietf.org; Mon, 03 Jul 2006 05:44:50 -0400
Received: from mx-serv.inrialpes.fr ([194.199.18.100]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FxKz4-0001t0-C6 for rmt@ietf.org; Mon, 03 Jul 2006 05:44:50 -0400
Received: from dwimmerlaik.inrialpes.fr (dwimmerlaik.inrialpes.fr [194.199.18.72]) by mx-serv.inrialpes.fr (8.13.6/8.13.0) with ESMTP id k639ido7012544; Mon, 3 Jul 2006 11:44:41 +0200 (MEST)
Received: from [194.199.24.100] (iseran.inrialpes.fr [194.199.24.100]) by dwimmerlaik.inrialpes.fr (8.13.6/8.11.3/ImagV2) with ESMTP id k639ibe7020939; Mon, 3 Jul 2006 11:44:38 +0200 (MEST)
Message-ID: <44A8E706.8070809@inrialpes.fr>
Date: Mon, 03 Jul 2006 11:44:38 +0200
From: Vincent Roca <vincent.roca@inrialpes.fr>
User-Agent: Thunderbird 1.5.0.4 (X11/20060516)
MIME-Version: 1.0
To: George Gross <gmgross@nac.net>
Subject: Re: [Rmt] Security scenarios and basic functions
References: <Pine.LNX.4.33.0607021029330.9125-100000@nsx.garage>
In-Reply-To: <Pine.LNX.4.33.0607021029330.9125-100000@nsx.garage>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (mx-serv.inrialpes.fr [194.199.18.100]); Mon, 03 Jul 2006 11:44:41 +0200 (MEST)
X-mx-serv-inrialpes-fr-MailScanner-Information: Please contact postmaster@inrialpes.fr for more information
X-mx-serv-inrialpes-fr-MailScanner: Found to be clean
X-mx-serv-inrialpes-fr-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (score=0, requis 6)
X-mx-serv-inrialpes-fr-MailScanner-From: vincent.roca@inrialpes.fr
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d2e37451f7f22841e3b6f40c67db0f
Cc: Rex Buddenberg <budden@nps.navy.mil>, rmt@ietf.org
X-BeenThere: rmt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Reliable Multicast Transport <rmt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rmt>, <mailto:rmt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rmt@ietf.org>
List-Help: <mailto:rmt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rmt>, <mailto:rmt-request@ietf.org?subject=subscribe>
Errors-To: rmt-bounces@ietf.org
Hello everybody, My two cents on the security requirements problem raised by Magnus (sorry it's a bit long, but there are so many things to say on the subject, even if I'm far from being exhaustive...): 1/ What are the requirements in terms of services? The sender authentication/content integrity services are clearly the basic requirements in a context of open networks, where any attacker might inject spurious traffic in an ongoing NORM or ALC session. The goal might be to create a DoS attack (quite easy), or in some cases to alter the objects transmitted (quite easy if the attacker can filter packets and inject new ones). The need for confidentiality must be clearly defined. As Magnus said, do we only need to hide the content, or do we also need to hide the protocol behavior itself? In the firs case (hide the object), the easy solution is to encrypt it before submitting it the the NORM or ALC session. That's all. If we want to hide more information, then things are getting more complex. In that case, a layer 3 solution like IPsec is fine. For instance, with a VPN between two sites, dumb packets might be exchanged, or packets be delayed just to prevent a eavesdropper to collect accurate statistics on what is exchanged. But I'm not sure this is what we need at the first place in RMT... The kind of communications sender->receiver, or vice-versa, or even (but is there any need today?) receiver->receiver. As explained in the TESLA I-D, only sender->receiver is addressed (which is sufficient for ALC) and something else needs to be used for receiver->sender auth/integrity (used by NORM feedback messages). Securing this feedback information might be a little bit challenging since it should be a light (CPU) process. Signing all packets with asymmetric cryptographic schemes is a door to DoS attacks against the sender (who already has to make sure that the feedback rate is not too high). The dynamics of the receiver set will greatly impact the services that can be offered. For instance, if the group is dynamic and if we want to provide forward or backward secrecy (e.g. to hide new content to the receivers who left the session), then re-keying mechanisms are required, which is not a simple problem... But MSEC has addressed the problem, and re-keying protocols are available. 2/ Where should these requirements be addressed? I too prefer the use of Transport/Application security mechanisms, rather than a layer 3 solution. Several reasons for that : - RMT follows a BB approach, and security protocols fit well in this approach. Provision has already been made to ease their use (see the EXT_AUTH header extension of LCT and NORM). - IPsec is nice for VPNs, but IPsec is not always suited to our needs. There are use-cases (e.g. purely unidirectional networks) where IPsec won't work at all... IMHO, IPsec could be used for some specific use-cases, but it MUST NOT be the one and only solution promoted by RMT to address the security needs. 3/ What about the integration of the security BBs in a real system? Having BB that provides the needed services is fine, but using it is better, and to that purpose, we also need additional services. A PKI is probably one of them, unless receivers have another trusted way to obtain the sender's public key. In some cases, an external scheme is needed to bootstrap the security BB (this is what was suggested in case of TESLA for SRTP, see RFC4442, but with TESLA for ALC/NORM we also defined an internal optional bootstrapping scheme). If we want to address the forward/backward secrecy needs, then a key management scheme is needed. If the group is potentially very large, then scalability will require a hierarchical solution... And the solution complexity will grow accordingly. Etc. IMHO, we first need to clearly define what are our goals (i.e. the desired security services). This list should be done carefully, because everything designed will depend on it. When preparing this list, one must take into account that the target use cases are numerous and largely differ. Then, in a second step, we can try to put in front of each situation, what is the best (or most probably a list of) security mechanism(s) to fulfill the needs. Even if some situations will be fairly complex to address, there are others that can be easily solved (e.g. when there's a bidirectional connection and if the number of receivers is "reasonable", a FLUTE/ALC session can benefit from an auth/integrity service easily, even with high rate flows, thanks to TESLA in direct mode time synchronization). All in all, I think there's an interesting I-D to write on the subject, I mean a joint document between MSEC and RMT of course since this is clearly a document that need experts on both subjects. Regards, Vincent NB: I've just realized that I forgot to announce the new version of our TESLA I-D to this list (it's now an MSEC document hence the mistake). http://www.ietf.org/internet-drafts/draft-ietf-msec-tesla-for-alc-norm-00.txt _______________________________________________ Rmt mailing list Rmt@ietf.org https://www1.ietf.org/mailman/listinfo/rmt
- [Rmt] Security scenarios and basic functions Magnus Westerlund
- Re: [Rmt] Security scenarios and basic functions George Gross
- Re: [Rmt] Security scenarios and basic functions Rex Buddenberg
- Re: [Rmt] Security scenarios and basic functions Baoqing Ye
- Re: [Rmt] Security scenarios and basic functions Rex Buddenberg
- Re: [Rmt] Security scenarios and basic functions George Gross
- Re: [Rmt] Security scenarios and basic functions Magnus Westerlund
- Re: [Rmt] Security scenarios and basic functions Vincent Roca