OSPF WG Stronger, Automatic Integrity Checks for OSPF Packets Paul Jakma, University of Glasgow Manav Bhatia, Alcatel-Lucent IETF 79, Beijing.

Slides:



Advertisements
Similar presentations
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
Advertisements

IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Jaringan Komputer Dasar Network Layer dan IP (1) Aurelio Rahmadian.
Routing Security Capabilities draft-zhao-opsec-routing-capabilities-02.txt OPSEC WG, IETF #66.
OSPF WG – IETF 70 - Vancouver OSPFv2 Multi-Instance draft-acee-ospf-multi-instance-00.txt Acee Lindem/Redback Networks Abhay Roy/Cisco Systems Sina Mirtorabi/Force10.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network Layer Packet Forwarding IS250 Spring 2010
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Internet Protocol Version4.
K. Salah1 Security Protocols in the Internet IPSec.
CSIS 4823 Data Communications Networking – IPv6
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
Internet Protocol (IP)
Dynamic Host Configuration Protocol Engr. Mehran Mamonai.
Karlstad University IP security Ge Zhang
1 Multi Topology Routing for OSPFv3 (draft-mirtorabi-mt-ospfv3-00.txt) Sina Mirtorabi
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
1 An Error Reporting Mechanism (ICMP). 2 IP Semantics IP is best-effort Datagrams can be –Lost –Delayed –Duplicated –Delivered out of order –Corrupted.
1 Chapter 23 Internetworking Part 3 (Control Messages, Error Handling, ICMP)
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.
ICMPv6 Error Message Types Informational Message Types.
THE CLASSIC INTERNET PROTOCOL (RFC 791) Dr. Rocky K. C. Chang 20 September
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
OSPF WG Cryptographic Algorithm Implementation Requirements for OSPF draft-bhatia-manral-crypto-req-ospf-00.txt Vishwas Manral, IPInfusion Manav Bhatia,
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 draft-pillay-esnault-ospf-service-distribution-00.txt Padma Pillay-Esnault.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 3 TCP and IP by Zornitza Genova Prodanoff.
Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.
K. Salah1 Security Protocols in the Internet IPSec.
Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
1 Chapter 23 Internetworking Part 3 (Control Messages, Error Handling, ICMP)
Analysis of BFD Security According to KARP Design Guide draft-ietf-karp-bfd-analysis-01 draft-ietf-karp-bfd-analysis-01 Manav Bhatia Dacheng Zhang Mahesh.
IP Security
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Internet Protocol Version 6 Specifications
Chapter 3 TCP and IP Chapter 3 TCP and IP.
Introduction Wireless devices offering IP connectivity
CSE 4905 IPsec.
OSPFv3 over IPv4 for IPv6 Transition
RPSEC WG Issues with Routing Protocols security mechanisms
IS-IS WG IS-IS Cryptographic Authentication Requirements
Recall IPv4 Datagram Format
In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia
Internet Protocol Version4
Internet Protocol (IP)
Internet Protocol Version4
Protocols 1 Key Revision Points.
Chapter 20. Network Layer: IP
Net 323 D: Networks Protocols
Outline Using cryptography in networks IPSec SSL and TLS.
Refs: Chapter 10, Appendix A
Hashing Hash are the auxiliary values that are used in cryptography.
Data Communication and Computer Networks
NET 323D: Networks Protocols
Transport Layer 9/22/2019.
OSPF WG Supporting Authentication Trailer for OSPFv3
E. Bellagamba, Ericsson P. Sköldström, Acreo D. Ward, Juniper
Presentation transcript:

OSPF WG Stronger, Automatic Integrity Checks for OSPF Packets Paul Jakma, University of Glasgow Manav Bhatia, Alcatel-Lucent IETF 79, Beijing

Introduction (1/2) OSPF currently uses standard internet checksum to detect corruption Internet checksum is known to have weaknesses - cannot detect reordered bits, certain patterns of bit flips, etc Some operators use cryptographic authentication (MD5 or something stronger) to detect such errors

Introduction (2/2) Using crypto is not good as it requires more computation, which may be noticeable on less powerful and/or energy sensitive platforms Operators need to configure the keying material on all routers which is an additional administrative burden

Proposed Mechanism for OSPFv2 Data field in case of NULL Authentication is ignored This document overloads that field to indicate the new checksum algorithm that receivers must use Checksum data is carried similar to how OSPFv2 auth data is carried

Proposed Mechanism for OSPFv3 Uses new EC-bit (Extended Checksum) in OSPFv3 Options field Defines a new Extended Checksum data block that will carry both the details of checksum algorithm being used and the checksum data for the receiving end to verify

Extended Checksum in OSPFv2 and OSPFv3 IPv6 Header - Length = HL + X + Y OSPFv3 Header Length = X OSPFv3 Protocol Data Extended Checksum Data X Y IP Header - Length = HL + X + Y OSPF Header Length = X OSPFv2 Protocol Data Extended Checksum Data X Y NULL Authentication Length = Y Checksum Type Extended Checksum Length = Y

Feedback!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.