Transcript NR_Tsinghua U

A CGA based Source Address Authentication
Method in IPv6 Access Network(CSA)
Guang Yao, Jun Bi and Pingping Lin
Tsinghua University
APAN26
Queenstown, New Zealand
Aug 4, 2008
Outline
•
•
•
•
Background of IP Spoofing
Related Work
CSA Mechanism
Evaluation and Experiment
1 Background of IP Spoofing
• Attackers can easily use deliberately or
randomly set source address to send packets.
• Such packets can be used in various network
attacks, e.g., SYN flooding, Smurf, Man-In-TheMiddle.
• When an attacker uses IP spoofing , it will be
very hard to trace him.
• According to the observation of CAIDA, there
are at least 4000 spoofing attacks per week.
An Example of IP Spoofing Attack
Spoof Source
Address=10.10.1.1
Amplified
Response
Amplified
Response
2 Related Works
• There are three kinds of prevention methods
– Filtering on path
– End-to-End Authentication
– Traceback
• Filtering in the access network belongs to
“Filtering on path”. It filters spoofing packets
nearest to their source, and limits the damage
of these packets to the minimum.
Access Network Mechanisms
• Ingress Filtering
– Effective but has coarse granularity
• IP Source Guard
– For IPv4 only
– Cannot be used in a network without switch
• Signature Based Authentication
– Only allow user to have a fixed address
– Need PKI to authenticate the identity of user
3 CSA Mechanism
• Outline
– Summary of Requirements
– Overview of Procedure
– New Ideas
Summary of Requirements
for A IPv6 Access Network Mechanism
• Host level filtering granularity
• Light-weight in both deployment and authentication
• Suit All Address Assignment Methods in IPv6
–
–
–
–
–
Stateless Autoconfiguration
DHCP
Manual Configuration
Cryptographically
Private
• Allow an interface to be assigned multiple addresses
Overview of Procedure
• Phase1: Address Authorization (5 steps)
(4) Check whether identifier
H can use the required
address A
(2) An identifier is
used to show the
applicant is H
(5) Return a “signature seed”
for future authentication
(1) Prepare an
address A
(3) I’m H and I
require to use address A
Overview of Procedure
• Phase2: Address Authentication
Check Signature and
Remove it
Add Signature
Generate Signature
based on “signature
seed”
New Ideas
• Phase 1: Address Authorization
– Use Host Identifier to achieve host level granularity
– Router authorizes the request address based on the
knowledge of address assignment
• Phase 2: Address Authentication
– Light-weight signature generation
• Pseudo Random Number Generation
– Light-weight signature adding and removal
• Address Rewrite
Host Identifier
• Host generates a public key pair first.
• For anonymity address owner (DHCP,SAC,CGA,Privacy),
• identifier = hash(Public Key) [Described in CGA]
• For any address Assignment mechanism involving manual
configuration,
• identifier = hash(Public Key + Share Secret ).
The Share Secret is a bit string allocated to the host with address by network
administrator.
• The identifier must appear with the public key and a signature on
the whole packet computed by the private key. And the packet must
contain a nonce to prevent replay attack.
• Attacker can get the identifier and the public key by sniffer, but
cannot generate a correct signature.
Authorization on the Knowledge of
Address Assignment
• The knowledge of address assignment:
– Manual Configuration: Re-compute the identifier
using the shared secret of the address owner.
– SAC/Privacy/CGA: The address has not been
registered by another node. In CGA case, the
request address must be a correct CGA address
computed on the public key.
– DHCP: The identifier in the request packet must
be the one which has been used to apply address
from DHCP server. [See next page]
Address Allocation in DHCP Case
Record the CGA
identifier
Record the
address allocated.
Bind the identifier
and the address.
Source address
set to the
CGA identifier
DHCP Solicitation
Light-weight Signature Generation
• Signature Generation
– Fixed Signature
• Not secure in access network
– HMAC
• Mature and secure, but need computation on each packet
– Pseudo Random Number (Preference)
• Generate a sequence of signature on the signature seed using a
pseudo random number generation algorithm
• Loop:
– Get the first signature from the sequence
– Add the signature into the packet, send packet
– Remove the signature from the sequence
• No computation on packet, fast
Light-weight Signature Adding and
Removal
• The position to place signature in the packet
– IPSEC Authentication Header
– A new option header (e.g. Hop-by-hop)
– In source address field and use Address Rewrite
• The signature is used as local address,
• The router rewrites it with the authorized address
• Save the cost of memory copy and locating header)
Traditional Signature Mechanism
Send Process
Packet
Locate
the
option Packet
header
add
Receive Process
Packet
Locate
PacketRemove
Signature
Signature
Packet
Packet
Packet
Address Rewrite
• Escape the memory copy and option header
location
Send Process
Packet
Change
the source
address
field to be
the signature
Packet
Receive Process
Rewrite
the source
address field
to the
source address
Packet
Mapping table
from signature to
address
4 Implement and Experiment
• The host module is implemented as a program
on a Linux PC.
• The router module is implemented as an
element of Click Router.
• The demo can work with Stateless
Autoconfiguration, Manual Configuration and
CGA.
• Currently we use pseudo random number
signature generation algorithm.
Experiments
Before Deployment
After Deployment
Thank You!