IETF Logo Mail Archive

Re: [Rmt] Security scenarios and basic functions

Vincent Roca <vincent.roca@inrialpes.fr> Mon, 03 July 2006 09:44 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxKz5-0001BC-Gu; Mon, 03 Jul 2006 05:44:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxKz4-0001Ab-S0 for rmt@ietf.org; Mon, 03 Jul 2006 05:44:50 -0400
Received: from mx-serv.inrialpes.fr ([194.199.18.100]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FxKz4-0001t0-C6 for rmt@ietf.org; Mon, 03 Jul 2006 05:44:50 -0400
Received: from dwimmerlaik.inrialpes.fr (dwimmerlaik.inrialpes.fr [194.199.18.72]) by mx-serv.inrialpes.fr (8.13.6/8.13.0) with ESMTP id k639ido7012544; Mon, 3 Jul 2006 11:44:41 +0200 (MEST)
Received: from [194.199.24.100] (iseran.inrialpes.fr [194.199.24.100]) by dwimmerlaik.inrialpes.fr (8.13.6/8.11.3/ImagV2) with ESMTP id k639ibe7020939; Mon, 3 Jul 2006 11:44:38 +0200 (MEST)
Message-ID: <44A8E706.8070809@inrialpes.fr>
Date: Mon, 03 Jul 2006 11:44:38 +0200
From: Vincent Roca <vincent.roca@inrialpes.fr>
User-Agent: Thunderbird 1.5.0.4 (X11/20060516)
MIME-Version: 1.0
To: George Gross <gmgross@nac.net>
Subject: Re: [Rmt] Security scenarios and basic functions
References: <Pine.LNX.4.33.0607021029330.9125-100000@nsx.garage>
In-Reply-To: <Pine.LNX.4.33.0607021029330.9125-100000@nsx.garage>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (mx-serv.inrialpes.fr [194.199.18.100]); Mon, 03 Jul 2006 11:44:41 +0200 (MEST)
X-mx-serv-inrialpes-fr-MailScanner-Information: Please contact postmaster@inrialpes.fr for more information
X-mx-serv-inrialpes-fr-MailScanner: Found to be clean
X-mx-serv-inrialpes-fr-MailScanner-SpamCheck: n'est pas un polluriel, SpamAssassin (score=0, requis 6)
X-mx-serv-inrialpes-fr-MailScanner-From: vincent.roca@inrialpes.fr
X-Spam-Status: No
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d2e37451f7f22841e3b6f40c67db0f
Cc: Rex Buddenberg <budden@nps.navy.mil>, rmt@ietf.org
X-BeenThere: rmt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Reliable Multicast Transport <rmt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rmt>, <mailto:rmt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rmt@ietf.org>
List-Help: <mailto:rmt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rmt>, <mailto:rmt-request@ietf.org?subject=subscribe>
Errors-To: rmt-bounces@ietf.org

Hello everybody,

My two cents on the security requirements problem raised by Magnus
(sorry it's a bit long, but there are so many things to say on the subject,
even if I'm far from being exhaustive...):

1/ What are the requirements in terms of services?

The sender authentication/content integrity services are clearly the basic
requirements in a context of open networks, where any attacker might
inject spurious traffic in an ongoing NORM or ALC session.
The goal might be to create a DoS attack (quite easy), or in some cases
to alter the objects transmitted (quite easy if the attacker can filter 
packets
and inject new ones).

The need for confidentiality must be clearly defined. As Magnus said, do
we only need to hide the content, or do we also need to hide the protocol
behavior itself? In the firs case (hide the object), the easy solution is to
encrypt it before submitting it the the NORM or ALC session. That's all.
If we want to hide more information, then things are getting more
complex. In that case, a layer 3 solution like IPsec is fine. For instance,
with a VPN between two sites, dumb packets might be exchanged, or
packets be delayed just to prevent a eavesdropper to collect accurate
statistics on what is exchanged. But I'm not sure this is what we need
at the first place in RMT...

The kind of communications sender->receiver, or vice-versa, or even (but
is there any need today?) receiver->receiver. As explained in the TESLA
I-D, only sender->receiver is addressed (which is sufficient for ALC) and
something else needs to be used for receiver->sender auth/integrity (used
by NORM feedback messages). Securing this feedback information might
be a little bit challenging since it should be a light (CPU) process. 
Signing
all packets with asymmetric cryptographic schemes is a door to DoS attacks
against the sender (who already has to make sure that the feedback rate is
not too high).

The dynamics of the receiver set will greatly impact the services that
can be offered. For instance, if the group is dynamic and if we want to
provide forward or backward secrecy (e.g. to hide new content to the
receivers who left the session), then re-keying mechanisms are
required, which is not a simple problem... But MSEC has addressed
the problem, and re-keying protocols are available.


2/ Where should these requirements be addressed?

I too prefer the use of Transport/Application security mechanisms, rather
than a layer 3 solution. Several reasons for that :

- RMT follows a BB approach, and security protocols fit well in this
approach. Provision has already been made to ease their use (see the
EXT_AUTH header extension of LCT and NORM).

- IPsec is nice for VPNs, but IPsec is not always suited to our needs.
There are use-cases (e.g. purely unidirectional networks) where IPsec
won't work at all... IMHO, IPsec could be used for some specific use-cases,
but it MUST NOT be the one and only solution promoted by RMT to address
the security needs.


3/ What about the integration of the security BBs in a real system?

Having BB that provides the needed services is fine, but using it is better,
and to that purpose, we also need additional services. A PKI is probably
one of them, unless receivers have another trusted way to obtain the 
sender's
public key. In some cases, an external scheme is needed to bootstrap the
security BB (this is what was suggested in case of TESLA for SRTP, see
RFC4442, but with TESLA for ALC/NORM we also defined an internal
optional bootstrapping scheme).
If we want to address the forward/backward secrecy needs, then a key
management scheme is needed. If the group is potentially very large, then
scalability will require a hierarchical solution... And the solution 
complexity
will grow accordingly. Etc.


IMHO, we first need to clearly define what are our goals (i.e. the desired
security services). This list should be done carefully, because everything
designed will depend on it. When preparing this list, one must take into
account that the target use cases are numerous and largely differ.

Then, in a second step, we can try to put in front of each situation, 
what is
the best (or most probably a list of) security mechanism(s) to fulfill the
needs. Even if some situations will be fairly complex to address, there are
others that can be easily solved (e.g. when there's a bidirectional 
connection
and if the number of receivers is "reasonable", a FLUTE/ALC session can
benefit from an auth/integrity service easily, even with high rate flows,
thanks to TESLA in direct mode time synchronization).

All in all, I think there's an interesting I-D to write on the subject, 
I mean
a joint document between MSEC and RMT of course since this is clearly
a document that need experts on both subjects.

Regards,

     Vincent


NB: I've just realized that I forgot to announce the new version of our
TESLA I-D to this list (it's now an MSEC document hence the mistake).

http://www.ietf.org/internet-drafts/draft-ietf-msec-tesla-for-alc-norm-00.txt

_______________________________________________
Rmt mailing list
Rmt@ietf.org
https://www1.ietf.org/mailman/listinfo/rmt

v2.23.0 | Report a Bug | By Email