Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the CASP Protocol

Published byJocelyn Townsend Modified over 5 years ago

Similar presentations

Presentation on theme: "Securing the CASP Protocol"— Presentation transcript:

1 Securing the CASP Protocol
Hannes Tschofenig CT IC 3

2 Creating a Security Solution for CASP
Threat-Analysis Security Requirements Framework Thoughts Custom Security Existing Security Key Management (authentication, authorization, session key establishment), Signaling message protection (integrity, confidentiality, replay protection), authorization, denial of service protection, identity protection, topology hiding, protocol specific security issues

3 CASP Protocol Parts Implication for Security
Many usage scenarios have to be supported Unlike RSVP a transport connection is established Unlike RSVP the next peer has to be known in advance before a CASP payload message is sent Using existing security mechanisms does not always fit 100% CASP tries to be more complete than RSVP Security also includes key management aspects and addresses framework issues

4 Security for the Discovery Component The Scout Protocol
Threat Denial of service attacks, man-in-the-middle attacks, downgrading of security or capabilities Problems Other node is unknown (reason for discovery) Message is restricted to a single roundtrip and message size is small Security protection can easily introduce other attacks such as DoS Solution Scout message contains only very few protection mechanisms BUT Subsequent the subsequent message exchange has to repeat information and Has to provide some additional security verifications

5 Security for the Transport Layer
Threat Attacks against the transport layer can cause a connection abort. Problems Vulnerability of TCP itself TLS does not protect TCP header Solution If attack is a concern then Use IPSec at network layer Use the more robust SCTP

6 Security for the Messaging Layer
Threat Messaging layer contains security relevant information for a variety of attacks Problems More than a single security mechanisms has to be supported (for different parts of the network and different usage scenarios) Solution IPSec TLS (possibly with EAP on top of it) Many different key exchange protocols supported (IKE, KINK, SOI, etc.) Efficiency gained by reusing security association more a number of client-layers and a number of messages.

7 Security for the Client-Layers
Threat Intermediate CASP node is able to inspect and modify information Problems Peer-to-Peer protection not always sufficient Examples: Authorization tokens, transport of local information, selectively protecting objects, transporting sensitive information Solution CMS used to selectively wrap objects and to provide protection for them. For investigation: Reusing of a CMS security association

8 Miscellaneous Issues Non-Repudiation Rarely required
Supported for client-layer protocols by using digitally signed encapsulated objects (CMS) and possibly applying a counter-signature by the other party Denial of Service Prevention Network Topology Hiding Supported for Record Route object Additionally supported by removing addresses from a (strict or loose) route object

9 Miscellaneous Issues Authorization
Supports both “online” or “offline” authorization “Online” authorization requires protocol interaction with third party entity (AAA-based). EAP/Diameter support is possible. Identity mapping possibly required “Offline” authorization supported via Kerberos authorization information or attribute certificate Authorization language is open issue – research required. Usage of specific authorization information is scenario and environment dependent.

10 Are there any questions?

Download ppt "Securing the CASP Protocol"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Chapter 8 Web Security.

Chapter 8 Web Security.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.

Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)

Cryptography and Network Security (SSL)
Chapter 21 Distributed System Security Copyright © 2008.

Chapter 21 Distributed System Security Copyright © 2008.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – 862 - 025 NETWORK SECURITY M.C.A III Year II Sem.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Similar presentations

Ads by Google