9
1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses http://tools.ietf.org/id/draft-laganier-mext-cga- 01.txt

1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

Embed Size (px)

Citation preview

Page 1: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

1

Julien LaganierMEXT WG, IETF-79, Nov. 2010

Authorizing MIPv6 Binding Update with Cryptographically

Generated Addresses

http://tools.ietf.org/id/draft-laganier-mext-cga-01.txt

Page 2: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

2

Overview

RFC 3775 secures Binding Updates to Home Agent with IPsec

RFC 4866 allows to secure Binding Updates to Correspondent Nodes with a public key signature when the HoA is a CGA

MEXT WG rechartered to experiment with security mechanisms alternatives to IPsec

Secure Binding Updates to Home Agent based on CGA as well

Page 3: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

3

Solution

MN: generates public-private key pair generates from public key an HoA that is a CGA signs Binding Update with private key

HA: verifies HoA ownership by verifying signature Optimization: HA sends to MN a symmetric

secret key to MN to protect further Binding Updates, ciphered with public key Secret key used to compute MAC over BU

Page 4: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

4

Choices to be made

Is MN authorized for HA service? CGA validates address ownership Does not prevent any MN to create state with

arbitrary HA Solutions:

Provision MN with Authorization Certificates HA has repository of authorized MN public keys Restrict service to MN that attached to home link

Is MN trusted by HA: Does HA verifies CoA reachability with RR test?

Avoid third party flooding attack

Page 5: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

5

Choices to be made, Cont’d

How to provide Anti-replay protection? Initial Binding Creation currently

protected with timestamp in BUAlternative: 3-way handshake with

NonceFurther Binding Updates (Lifetime

Extension, Handoffs, Deletion) protected with Sequence Number and symmetric secret key MAC

Page 6: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

6

IPv4 support

IPv4-only visited network m6t http://tools.ietf.org/html/draft-ebalard-mext-m6t On-demand creation of UDP tunnel

For each new IPv4 CoA Assigns new unique local IPv6 address Tunnel exists as long as it’s used

Same security level as RFC 5555 Does not protect against active attacks Protects again passive attacks

IPv4-only application Configure IPv4 Home address as in RFC 5555

Page 7: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

7

Pros and Cons

No dependency on IPsecNo impact on IPsec

IPsec can still be used independently

Does not re-invent ESP and ESP tunneling in UDP Ala

http://tools.ietf.org/html/draft-korhonen-mext-mip6-altsec

Allows fully decentralized HA operation Possibly useful for Distributed/Dynamic Mobility

Management?

Page 8: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

8

Next Steps

Is there interest in the WG? Makes some choices

MN trusted? MN authenticated? Implement and experiment...

Page 9: 1 Julien Laganier MEXT WG, IETF-79, Nov. 2010 Authorizing MIPv6 Binding Update with Cryptographically Generated Addresses

9

Thank you