Presentation is loading. Please wait.

Presentation is loading. Please wait.

J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca The KARP Working Group J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca.

Published byElizabeth Lindsey Modified over 6 years ago

Similar presentations

Presentation on theme: "J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca The KARP Working Group J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca."— Presentation transcript:

1 J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca
The KARP Working Group J.W. Atwood PIM WG 2010/03/23

2 History Unwanted Internet Traffic
IAB Workshop - March 2006 RFC 4948 Identified securing the routing protocols’ packets on the wire as a goal Agreement between Security ADs and Routing ADs: Define a roadmap

3 Keying and Authentication for Routing Protocols (KARP)
Two BoFs Working Group just before IETF-77 Scope Message Authentication Packet Integrity Possible later: privacy and non-repudiation

4 Design Choices Change completely Change slowly
Run everything inside IPsec Change slowly Accept what is there and strengthen it Design mechanisms to make it easier to manage

5 Planned Approach Enhance the routing protocols’ current authentication mechanisms For example, the PIM-SM linklocal work Define one or more Key Management Protocols Create and manage the session keys The framework must accept manual keying as one possibility

6 Incremental Approach Crawl, Walk, Run
Some existing routers will not be able to run new functionality New functionality alters the routing performance balance and this may not be acceptable Security ADs have agreed to accept less than the “perfect” solution (for now)

7 Current Documents Threat Analysis and Requirements Design Guidelines
draft-ietf-karp-threats-reqs Design Guidelines draft-ietf-karp-design-guide Framework draft-ietf-karp-framework

8 Step 1 KeyStore Configured PSK Traffic Keys Basic Routing Proto
Define protected elements Strong algos Algo agility Secure use of simple PSK’s Inter-conn. replay protection Intra-conn. replay protection Change parameters forces change of traffic keys Use new key within a connection without data loss Efficient re-keying Prevent in-scope DoS Support manual keying All for future use of KMP KeyStore Configured PSK Traffic Keys Basic Routing Proto

9 Step 2 ID’s KMP Function Proof of ID’s KeyStore
Layer in KMP Define Identifier types/formats Define ID proof mechanisms Re-use KeyStore Re-use Routing Proto’s Manual key structure Common Elements: KeyStore KeyStore-to-Routing Proto API KMP-to-KeyStore API KMP-to-Routing Proto API KMP Function KMP-to- KeyStore API Manual Keyset KeyStore KMP-to-Routing Proto API KeyStore-to- Routing Proto API Common Auth Mechanisms/I.F.’s Traffic Keys Basic Routing Protos

10 Questions?

Download ppt "J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca The KARP Working Group J.W. Atwood PIM WG 2010/03/23 bill@cse.concordia.ca."

Similar presentations

RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
IS-IS ESN TLV draft-chunduri-isis-extended-sequence-no-tlv-01 Uma Chunduri, Wenhu Lu, Albert Tian Ericsson Inc. Naiming Shen Cisco Systems, Inc. IETF 83,

IS-IS ESN TLV draft-chunduri-isis-extended-sequence-no-tlv-01 Uma Chunduri, Wenhu Lu, Albert Tian Ericsson Inc. Naiming Shen Cisco Systems, Inc. IETF 83,
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Discussion on IEEE 802.16.3 metrics guidelines Document Number: IEEE 802.16-14-0036-00-03R0 Date Submitted: 2014-04-24 Source: Antonio BovoVoice:+390497623908.

Discussion on IEEE metrics guidelines Document Number: IEEE R0 Date Submitted: Source: Antonio BovoVoice:
IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.

IETF – ECRIT Emergency Context Resolution using Internet Technologies ESW 5 – Vienna October 2008 Marc Linsner.
Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.

Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.
Karlstad University IP security Ge Zhang

Karlstad University IP security Ge Zhang
IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,

1 Achieving Local Availability of Group SA Ya Liu, Bill Atwood, Brian Weis,
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.

1 Mobility for IPv6 [MIP6] November 12 th, 2004 IETF61.
IETF 55 Nov 2002 1 A Two-Level Architecture for Internet Signaling draft-braden-2level-signal-arch-01.txt Bob Braden, Bob Lindell USC Information.

IETF 55 Nov A Two-Level Architecture for Internet Signaling draft-braden-2level-signal-arch-01.txt Bob Braden, Bob Lindell USC Information.

Similar presentations

Ads by Google