Draft-ietf-rddp-security-02 Summary of outstanding issues August 4, 2004 Jim Pinkerton.

Slides:



Advertisements
Similar presentations
A Study of iSCSI Extensions for RDMA (iSER)
Advertisements

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Internet Security CSCE 813 IPsec
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,
CCNA – Network Fundamentals
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
Chapter 7 – Transport Layer Protocols
IWARP Update #OFADevWorkshop.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
August 02, 2004Mallikarjun Chadalapaka, HP1 iSCSI/RDMA: Overview of DA and iSER Mallikarjun Chadalapaka HP.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Process-to-Process Delivery:
Presentation on Osi & TCP/IP MODEL
WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.
Protocols and the TCP/IP Suite
6.1. Transport Control Protocol (TCP) It is the most widely used transport protocol in the world. Provides reliable end to end connection between two hosts.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
RDMAP/DDP Security Draft draft-ietf-rddp-security-01.txt Jim Pinkerton, Ellen Deleganes, Sara Bitan.
Security Assessment of the Transmission Control Protocol (TCP) (draft-ietf-tcpm-tcp-security-02.txt) Fernando Gont project carried out on behalf of UK.
ISER on SCTP & IB draft-hufferd-ips-iser-sctp-ib-00.txt Generalizations to iSER specification John Hufferd Mike Ko Yaron Haviv.
Chapter 12 Transmission Control Protocol (TCP)
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.
ISCSI Extensions for RDMA (iSER) draft-ko-iwarp-iser-02 Mike Ko IBM August 2, 2004.
InfiniBand support for Socket- based connection model by CM Arkady Kanevsky November 16, 2005 version 4.
SIP working group IETF#70 Essential corrections Keith Drage.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.
Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.
Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.
ISER on InfiniBand (and SCTP). Problem Statement Currently defined IB Storage I/O protocol –SRP (SCSI RDMA Protocol) –SRP does not have a discovery or.
August 04, 2004John Carrier, Adaptec1 One-Shot STags John Carrier Adaptec.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
OpenFabrics 2.0 rsockets+ requirements Sean Hefty - Intel Corporation Bob Russell, Patrick MacArthur - UNH.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
ISER Support Annex Arkady Kanevsky, Ph.D. IBTA SWG San Francisco September 25, 2006.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
RDMAP/DDP Security Draft draft-pinkerton-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.
Submitted To: Submitted By: Seminar On Parasitic Computing.
RDDP TCP Mapping: Rough Consensus Summary David L. Black RDDP WG Chair IETF Vienna – July 2003.
Direct Data Placement (DDP) over Reliable Transports
Database and Cloud Security
Zhenbin Li, Li Zhang(Huawei Technologies)
Open issues with PANA Protocol
Chapter 2: System Structures
Understand the OSI Model Part 2
CHAPTER 3 Architectures for Distributed Systems
Introduction to Networking
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
Chapter 3: Open Systems Interconnection (OSI) Model
draft-ipdvb-sec-01.txt ULE Security Requirements
Process-to-Process Delivery:
Chapter 15 – Part 2 Networks The Internal Operating System
Lecture 3: Secure Network Architecture
Process-to-Process Delivery: UDP, TCP
draft-ietf-ips-iser-00 Mike Ko November 8, 2004
OSI Model 7 Layers 7. Application Layer 6. Presentation Layer
Presentation transcript:

Draft-ietf-rddp-security-02 Summary of outstanding issues August 4, 2004 Jim Pinkerton

Moving to Standards Track Current draft: –34 RECOMMENDED clauses in document. –8 MUST clauses in document Revision (posted after this IETF) divides all into MUST/SHOULD/RECOMMENDED –Protocol or RNIC Requirements Buffer Overrun - RDMA Write or Read Response Controlling Access to PTT & STag Mapping RNIC Resource Consumption Multiple Streams Sharing Receive Buffers - MUST Local Peer Attacking a Shared CQ Remote Peer Attacking a Shared CQ Attacking the RDMA Read Request Queue Exercise of non-optimal code paths - RECOMMENDED 7.6 Elevation of Privilege –Application Requirements Using an STag on a Different Stream - MUST Modifying a Buffer After Indication – SHOULD Using RDMA Read to Access Stale Data – SHOULD Accessing a Buffer After the Transfer Accessing Unintended Data With a Valid STag RDMA Read into an RDMA Write Buffer Using Multiple STags to Access One Buffer Local Peer Attacking a Shared CQ Remote Invalidate an STag Shared on Multiple Streams Recommendation: Publish updated draft after this meeting and have con-call with any interested parties to quickly iterate on MUST/SHOULD/etc.

IPSec – Required or Optional? For Optional –Significant hardware complexity if in RNIC –Question of how widely it will be enabled – wasted effort? For Required –Some attacks can only be mitigated with IPSec –Preserves wide deployment options “Bump in the wire” approach eliminates IPSec as an RNIC requirement Recommendation: IPSec is Required - Remove IPSec requirements section and make portions of IPS security RFC normative. But how to do this? –Required sections of ips-security Section 2.3 Security Protocol requirements (ESP, transforms, IKE) Section 5 Security Considerations –Not Required – SRP, SLPv2, iSNS, CHAP, etc. –Questions: Section Non-graceful iSCSI teardown All normative references in iSCSI-security are not appropriate

Abortive termination on an error Current protocol drafts drop connection if bad STag, etc received For: –Simpler error handling –Because must correctly guess the TCP sequence number, it’s easier to just send a TCP RST, rather than RDDP headers. Thus solving at RDDP layer does not remove connection teardown attack Against: –Prefer more robust protocol in face of errors Proposal: No change. Attack documented as man-in-the-middle attack, mitigation is IPSec

Should STags be random? For: –Makes it harder for attacker to guess (man-in-middle attack) Against: –If you can guess the TCP parameters, you can truncate the data stream with a TCP RST segment. Thus no significant security advantage to making it random. –Hw implementations strongly prefer linear lookup tables vs CAMs Recommendation: No Change.

Shared S-RQ Attacks Consensus from reflector: –“The proposed requirement is that the Privileged Resource Manager contain code sufficient so that a non-RDDP application can be converted to an RDDP application without enabling a denial of service attack that disconnects innocent clients or having to write inter-client receive resource protection code. This is a "MUST implement" requirement, so that the functionality is available to any RDDP application; applications MAY use this protection, but are not required to do so.” Proposed text: –“If an RNIC Engine provides the ability to share receive buffers across multiple Streams, the combination of the RNIC Engine and Privileged Resource Manager MUST be able to detect if the Remote Peer is attempting to consume more than its fair share of resources so that the Local Peer can apply countermeasures to detect and prevent the attack.”

One-Shot STags Attack defined in Modifying a Buffer After Indication –Concern is requirement is on ULP, but what if ULP does not implement it correctly? For one-shot STags –Reduces implementation requirements on ULP Against one-shot STags –How does RNIC know when buffer is done to invalidate STag? No protocol semantic to enable this. –Some applications strongly want multi-shot STags High Performance Computing Double buffered graphics engine –Already many ULP requirements for security (about half of MUSTs) Recommendation: ???

Current text in security draft “The Local Peer can protect itself from this type of attack by revoking remote access when the original data transfer has completed and before it validates the contents of the buffer. The Local Peer can either do this by explicitly revoking remote access rights for the STag when the Remote Peer indicates the operation has completed, or by checking to make sure the Remote Peer Invalidated the STag through the RDMAP Invalidate capability, and if it did not, the Local Peer then explicitly revokes the STag remote access rights. The Local Peer SHOULD follow the above procedure to protect the buffer before it validates the contents of the buffer (or uses the buffer in any way).”

TBD’s in Document Issue: Guidance for application protocols like NFS which implement security Finish Summary table of Attacks/Trust Models Finish incorporating Tom Talpey’s comments posted to reflector

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.