Internet Architecture Board; Report Back IAB Stack Evolution Programme: interaction with NFV Doc: TBA Source: Bob Briscoe, BT Agenda item: Liaisons For:

Slides:

Advertisements

Similar presentations

CONEX BoF. Welcome to CONEX! Chairs: –Leslie Daigle –Philip Eardley Scribe Note well MORE INFO: -ECN.

Advertisements

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.

UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

T Computer Networks II Introduction Adj. Prof. Sasu Tarkoma.

Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

K. Salah1 Security Protocols in the Internet IPSec.

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

Abstraction and Control of Transport Networks (ACTN) BoF

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Host Identity Protocol

Report of ETSI NGN IPTV activities Rainer Münch, TISPAN Chairman Presenter: Ian Spiers DOCUMENT #:GSC13-PLEN-56 FOR:Presentation SOURCE:Rainer Münch, Ian.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Chapter 6: Packet Filtering

CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Application Layer Security Mike Pajevski (NASA/JPL) April 2009.

DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Module 10: How Middleboxes Impact Performance

Network Address Translation Current problems with IP addresses:  Address depletion  Scaling in routing Solutions:  IPv6  CIDR  NAT.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Smart Objects and the Internet Architecture Fred Baker.

CONEX BoF. Welcome to CONEX! Chairs: –Leslie Daigle –Philip Eardley Scribe Note well.

TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.

1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,

CCSDS Security Working Group Application Layer Security Discussion Mike Pajevski NASA/JPL October 2008.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Virtualized Network Function (VNF) Pool BoF IETF 90 th, Toronto, Canada. BoF Chairs: Ning Zong Melinda Shore

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

Ch. 2 Protocol Architecture. 2.1 The Need for a Protocol Architecture Same set of layered functions need to exist in the two communicating systems. Key.

Advanced Higher Computing Computer Networking Topic 1: Network Protocols and Standards.

Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )

K. Salah1 Security Protocols in the Internet IPSec.

The Internet Engineering Task Force Security Area Kathleen Moriarty Stephen Farrell Security Area Directors.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.

11/18/2016Basic TCP/IP Networking 1 TCP/IP Overview Basic Networking Concepts.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

Networking Using the OSI Model.

CompTIA Security+ Study Guide (SY0-401)

The CCSDS Security WG is chartered to:

Report from Session #2: SDN/NFV

Encryption and Network Security

5GCOM Report to Board# review and 2017/2018 objectives

Layered Architectures

CompTIA Security+ Study Guide (SY0-401)

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Report from Session #2: SDN/NFV

EEC4113 Data Communication & Multimedia System Chapter 1: Introduction by Muhazam Mustapha, July 2010.

COMPUTER NETWORKS CS610 Lecture-29 Hammad Khalid Khan.

Review of Internet Protocols Network Layer

Presentation transcript:

Internet Architecture Board; Report Back IAB Stack Evolution Programme: interaction with NFV Doc: TBA Source: Bob Briscoe, BT Agenda item: Liaisons For: Discussion © ETSI All rights reserved

IAB Stack Evolution Programme Internet Architecture Board (IAB) Architecture and Liaison activity for the IETF IAB Stack Evolution Programme Addressing near-impossibility of evolving the Internet stack This talk Prepared in co-operation with our IETF liaison: Diego Lopez Recent IAB workshop: Stack Evolution in a Middlebox Internet (SEMI) participants decided to reach out to NFV ISG this update is given in my personal capacity More formal liaison or joint action could follow 2

Collision course 1. Pervasive monitoring by government agencies Snowden revelations 2. The middlebox tussle two perceived drivers: security protection & business protection widespread blocking of IETF extensibility mechanisms new e2e protocols (IP next header numbers) blocked, e.g. SCTP new services (port numbers) blocked (often leaving only https and http) new protocol option numbers blocked (e.g. TCP options like multipath) IAB/IETF response in both cases: plans to encrypt and authenticate all end-to-end protocol fields and data 1. protects privacy* 2. enforces architecture unsolicited services might be useful, but they have no right to data visibility 3 * Nov 2013 IAB recommendation to harden Internet ConfidentialityIAB recommendation

Impact Market in (virtualised) network functions could shrink Need to define new interface(s) need to shift from unsolicited to solicited intervention signalling from app to network function, or vice versa in-band preferred, out-of-band maybe think "ICMP that works" 4 ICMP: Internet Control Message Protocol

Potential positive role of NFV recognised freshness – protocol extensions should deploy faster protocol extension often not possible with hardware middleboxes more systematic update practices as NFV becomes the norm a voice for the middlebox industry NFV ISG brings most middlebox vendors and operators together the first time the IETF can address this industry in one place Downsides also recognised staleness many virtual appliances will still be updated rarely or never not central to scope of NFV ISG data plane interfaces specific to each network function (but security ToR does address pervasive encryption) 5

Next steps Invitation to relevant IETF activities IETF WGs: httpbis, TAPS, tcpinc, TLS, tsvarea, PCP,...? non-WG mailing list: Handling pervasive monitoring (PERPASS) Potential activities: MCIC, SPUD, middlebox detection & error collection,...? Collectively forming decisions on trust model crypto coverage in protocol headers next IETF meeting, Dallas Mar IAB stack evolution programme* lead: Brian Trammel NFV ISG activity? joint NFV-IETF initiative? 6 TAPS: TrAnsPort Services tcpinc: TCP INCreased security TLS: Transport Layer Security tsvarea: Transport Area Plenary PCP: Port Control Protocol MCIC: Multiparty Content Integrity & Confidentiality SPUD: Session Protocol Under Datagrams TAPS: TrAnsPort Services tcpinc: TCP INCreased security TLS: Transport Layer Security tsvarea: Transport Area Plenary PCP: Port Control Protocol MCIC: Multiparty Content Integrity & Confidentiality SPUD: Session Protocol Under Datagrams *