Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein.

Published byDavid Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein."— Presentation transcript:

1 Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein

2 Stein-67 Slide 2 Reminder draft-stein-pwe3-sec-req identifies user and control plane security threats user plane problems derive from PW packets having no confidentiality integrity source authentication mechanisms here we will describe a method to supply such mechanisms

3 Stein-67 Slide 3 MACsec Recently IEEE 802.1ae proposed a security mechanism based on AES-128, but with a new mode - Galois Counter Mode SecTAG contains MACsec Ethertype (88E5) 4B Packet Number (sequence number) 8B Secure Channel Identifier … DASATypepayloadFCS DASAsecure dataFCS’SecTAG (incl. IV) ICV integrity optional confidentiality 12 B Initialization Vector

4 Stein-67 Slide 4 AES/GCM advantages encryption is provided by “state-of-the-art” AES (128/256 bit keys) mode of operation uses a counter to thwart replay attacks Integrity Check Value verifies the payload integrity encryption, integrity, and source authentication by a single algorithm authentication can be performed without encrypting data not in packet payload (e.g. source identifiers) can be authenticated too Initialization Vector nonce can be any length (but should not repeat for given key) algorithm can be efficiently implemented in software computation can be parallelized for high speed hardware implementations unencumbered by IPR claims adopted by IEEE 802.1ae for MACsec and RFCs 4106 and 4543 for IPsec

5 Stein-67 Slide 5 AES/GCM Input / Output Encryption Input plaintext to be encrypted (up to 2 36 -32 bytes) encryption key (128 or 256 bits) per-packet randomly generated IV (12 B recommended) additional data to be authenticated but not encrypted (0.. 2^61 B) Encryption Output ciphertext (length = length of plaintext) ICV (16 B) Decryption Input ciphertext encryption key IV used for encryption ICV generated by encryption Encryption Output Authentication pass/fail if pass - plaintext

6 Stein-67 Slide 6 PWsec format 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Tunnel Label | EXP |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PW label | EXP |1| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 0 0 0| flags |FRG| Length | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Initialization Vector (IV) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Encrypted Payload | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Integrity Check Value (ICV) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

7 Stein-67 Slide 7 Misc. considerations Use of PWsec must be –configured in both IWFs or –signaled via new TLV in PWE control protocol Initialization Vector –MACsec’s IV is 4B counter + 8B SCI –here IV should be chosen pseudo-randomly Source authentication as PW packet does not contain a source ID –can use source PE ID + AI –if LDP is authenticated, can use PW label + SN

8 Stein-67 Slide 8 dotting the i's PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein

9 Stein-67 Slide 9 Pseudowire or pseudo-wire ? in the early days of the WG, different spellings were in use Pseudo Wire Pseudo-wire Pseudowire early RFCs use pseudo-wire, while later ones migrated to pseudowire http://www.ietf.org/html.charters/pwe3-charter.html now says: Pseudowire Emulation Edge to Edge (pwe3) from now on all drafts use the agreed term

10 Stein-67 Slide 10 RFC4385 and atm-encap problem RFC4385 (CW) states: If a PE negotiated not to use receive sequence number processing, and it received a non-zero sequence number, then it SHOULD send a PW status message indicating a receive fault, and disable the PW. the original text simply said If a PE does not support receive sequence number processing, then the sequence number field MAY be ignored. this new text first appeared in atm-encap draft version 08 it is not in RFCs 4448 (Ethernet), 4618 (HDLC), 4619 (frame relay) the problem is that RFC4447 (control protocol) negotiates the use of the control word (via the "C" bit) but provides no way of negotiating use of CW w/o using SN that is why SN=0 is a special case ! it enables NOT using the sequence number without signaling the fact !

11 Stein-67 Slide 11 Discussion sequencing should not start or stop in the middle of a PW so perhaps we could say If a PE was configured not to use receive sequence number processing but do we really need this ? the PWE philosophy has been not to check such things on a packet by packet basis Alternatively, perhaps we can consider the sending of SN=0 to be the negotiation but then RFC3985 says If the sequence number on the packet is zero, the sequence integrity of the packets cannot be determined. In this case, the received packet is considered to be in order.

12 Stein-67 Slide 12 FEC 128/129 problem FEC 128 (PWid) usually used for ATM or FR PWs, FEC 129 (generalized PWid) for VPLS or situations with autodiscovery mechanism there is no negotiation of FEC capabilities how does a PE decide to use 128 vs 129 ? how does it know what the other PE supports ? if an attempt at label mapping fails because of unsupported type how does the PE know why ? Proposal LDP FEC capability exchange

13 Stein-67 Slide 13 Definition of forwarder RFC 3985 (architecture) figures 4 and 5 show a single forwarder connected to multiple ACs … while in RFC 4447 we have the following text The protocol used to setup a pseudowire must allow the forwarder at one end of a pseudowire to identify the forwarder at the other end. We use the term "attachment identifier", or "AI", to refer to the field which the protocol uses to identify the forwarders. What does a forwarder do if connected to one AC ? forwarder ACs PW instance PWsACs forwarder PW instance PWs

14 Stein-67 Slide 14 To make things worse … the RFC 3985 explanation of forwarder further confuses things In some situations, the packet payload may be selected from the packets presented on the emulated wire on the basis of some sub- multiplexing technique. … This is a forwarder function, and this selection would therefore be made before the packet was presented to the PW Encapsulation Layer. this should be AC !

15 Stein-67 Slide 15 Proposals remove text from atm-encap draft (in RFC editor queue) before publication RFC 4385 erratum: remove text If a PE negotiated not to use receive sequence number processing, and it received a non-zero sequence number, then it SHOULD send a PW status message indicating a receive fault, and disable the PW. RFC 3985 erratum : AC instead of emulated wire RFC 4447 erratum : AC instead of forwarder

16 Stein-67 Slide 16 Y.1731 VCCV format draft-mohan-pwe3-vccv-eth-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein

17 Stein-67 Slide 17 Why ? PWs, especially TDM PWs need full-featured OAM connectivity verification fault reporting loopback control packet loss monitoring delay and PDV monitoring Many different OAM systems in use Most recent development is Y.1731 (802.1ag) State-of-the-art full-featured packet OAM Exploits experience of all previous OAM protocols Rapidly becoming gold standard for comparison

18 Stein-67 Slide 18 Y.1731 PDU LEVEL (3b) VER (5b) OPCODE (1B) FLAGS (1B) TLV offset (1B) TLV list end TLV (1B) LEVEL = 0.. 7 allows hierarchical layering of OAM VER = 0 OPCODE = CC (7 different rates allowed) LoopBack Link Trace AIS … FLAGS contain info such as RDI TLV offset enables fixed position parameters (e.g. timestamps) TLVs contain information

19 Stein-67 Slide 19 Y.1731 PDUs in VCCV To use Y.1731 PDU in VCCV PW label of PW being maintained use PWACH control word (need chType for Y.1731) insert unique endpoint identifiers –for Ethernet PW - may be MAC addresses –for other PW types, may be PE+AI PDU according to Y.1731 PW label CWsource and destination IDs Y.1731 PDU 0001 V=0 RES chType

20 Stein-67 Slide 20 Hierarchy may be useful for MS-PWs

21 Stein-67 Slide 21 Proposals make draft-mohan-pwe3-vccv-eth a WG draft allocate the required PWACH channel type

Download ppt "Stein-67 Slide 1 PWsec draft-stein-pwe3-pwsec-00.txt PWE3 – 67 th IETF 7 November 2006 Yaakov (J) Stein."

Similar presentations

Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Overview of the SDE Protocol Presented by Ken Alonge Chair,
Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley

Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen

Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
MPLS-TP OAM Analysis draft-ietf-mpls-tp-oam-analysis-00.txt

MPLS-TP OAM Analysis draft-ietf-mpls-tp-oam-analysis-00.txt
IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,

IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,
A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.

A Unified Control Channel for Pseudowires draft-nadeau-pwe3-vccv-2-02 Thomas D. Nadeau Luca Martini IETF 81.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
TDMoIP-LE Slide 1 TDMoIP-LE Using TDMoIP Loop Emulation for congestion control PWE3 – 56 rd IETF 19 Mar 2003 Yaakov (J) Stein.

TDMoIP-LE Slide 1 TDMoIP-LE Using TDMoIP Loop Emulation for congestion control PWE3 – 56 rd IETF 19 Mar 2003 Yaakov (J) Stein.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Similar presentations

Ads by Google