Transcript savi-4

A CGA based Source Address
Authorization and Authentication (CSA)
for First Layer-3 Hop
IETF 72 Meeting, Dublin
July 28, 2008
SAVI Working Group
Jun Bi <[email protected]>
Jianping Wu<[email protected]>
Guang Yao <[email protected]>
Basic Ideas
• Phase 1: Address Authorization
– Host-granularity checking based on the knowledge of
address assignment (to adapt all address allocation ways)
– Host Identifier (CGA Identifier) without PKI
– Binding Host Identifier and address at the first Layer-3 hop
(not binding port/MAC/IP, in case there is no one-one
mapping between the port and host e.g. a hub uplinks to
an Ethernet switch port and downlinks multiple hosts)
– Secure Shared Secret Exchange (Signature Seed used in
Authentication phase between the host and router, to
transfer the ID/Address binding to a more lightweight
Address/Signature binding)
• Phase 2: Address Authentication
– Light-weight signature generation
Overview of Procedure
• Phase1: Address Authorization (5 steps)
(4) Check whether identifier
H can use the required
address A
(2) An identifier is
used to show the
applicant is H
(5) Return a “signature seed”
for future authentication
(1) Prepare an
address A
(3) I’m H and I
require to use address A
Overview of Procedure
• Phase2: Address Authentication
Check Signature and
Remove it
Add Signature
Generate Signature
based on “signature
seed”
Phase1: Address Authorization
• Step 1: Address Preparation
– The Node gets an address through the appointed
address assignment mechanism
• Host in IPv4: Manual Configuration, DHCP
• Host in IPv6: DHCP, Stateless Auto-configuration (SAC),
Manual Configuration, Cryptographically Generated
Address (CGA), Privacy
Address Authorization
• Step 2: Identifier Generation
– Node generates a secure identifier
• For anonymity address owner (DHCP,SCA,CGA,Privacy),
identifier = hash(Public Key) [Described in CGA]
• For any address allocation mechanism involving manual
configuration,
identifier = hash(Public Key + Shared Secret ).
The Shared Secret is a bit string allocated to the node
with address by network administrator.
Address Authorization
• Step 3: Address Authorization Request
– Nodes send a request
packet to the first L3 hop
• Currently designed as
an ICMP packet, to be
designed as SEND extension
• Source address is the address
prepared in step 1
• The CGA option and
RSA signature option are
the same as described in
[SEND]
Address Authorization
• Step 4: First L3 Hop Authorizing Address
– Router checks whether the request node has the
right to use the address.
• The knowledge is based on address allocation
mechanism.
– Manual Configuration: Re-compute the identifier using the
shared secret of the address owner.
– SAC/Privacy/CGA: The address has not been registered by
another node. In CGA case, the request address must be a
correct CGA address computed on the public key.
– DHCP: The identifier in the request packet must be the one
which had been used to apply address/prefix from DHCP
server/router. [See next page]
Address Allocation in DHCP Case
Record the CGA
identifier
Snoop and record
address allocated.
Bind the identifier
/assigned address.
Source address
set to the
CGA identifier
DHCP Solicitation
Address Authorization
• Step 5: Signature Seed Assignment
– The router returns a bit string named “signature
seed” to the host, encrypted by the host’s public
key that was carried in the authorization request
packet.
– Node decrypts the “signature seed” and will use it
in the Phase 2.
Phase 2: Address Authentication
• Signature Generation (All based on the shared secret
“signature seed”)
– HMAC
– Pseudo Random Number (Preference)
• Signature sequence, hard to guess and replay
• Using the sliding window to handle the packet re-order (not a big
deal in local subnet)
• Signature Adding (3 choices to implement)
– IPSEC Authentication Header
– A new option header (e.g. Hop-by-hop)
– Address Rewrite (The signature is used as local address,
the router rewrite with the authorized address for outside
world, to save the cost of memory copy and locating the
extension header)
Phase 2: Address Authentication
• Consideration
– Authentication based on signature always costs much.
• Reduce the cost of
– Signature generation (random number sequence)
– Signature adding and signature removal (by
reducing the overhead)
– Signature verification (by matching a number)
– to be close to the cost of routing table lookup.
Compliant to SAVI Charter
• Charter compliant
– All address allocation methods
– Special cases:
• Static address
• Multiple IP addresses on one interface (meet because it doesn’t rely
on L1/L2 info.)
• Multiple link layer addresses on one interface
• Multiple interfaces to the same link
• Node changes port
• Node is router, NAT, switch
• SEND
• Anycast address
• Charter none-compliant
– Host Change
• The address authorization can be designed as the extension of SEND
• Actually, “host change” might be always required in the case if there is
no strict one-one mapping between switch port and host (L1/L2/L3
strict mapping).
Applicability and benefits
• Working scenario: for the situation there is no strict
port/host one-one mapping (if there is strict
mapping, port/MAC/IP binding is more efficient).
• Economy : do not need to replace/update all ports in
a network to L3-aware switches (which might be
more expensive)
• Flexibility: works in networks without port based
switches, e.g., wireless LAN
• The Linux prototype is being tested in Tsinghua
testbed
• Expect a larger scale testing by real users in the real
campus network (net a testbed) in Tsinghua
Acknowledgements
• The author gratefully acknowledges the
contributions of Fred Baker, Jari Arkko,
Christian Vogt, Pekka Savola, Lixia Zhang, Mark
Williams, Paul Ferguson, et.al., to this draft or
a previous version draft-bi-sava-solution-ipv6edge-network-signature-00
Thank You!
Traditional Signature Mechanism
Send Process
Packet
Locate
the
option Packet
header
add
Receive Process
Packet
Locate
PacketRemove
Signature
Signature
Packet
Packet
Packet
Address Rewrite
• Escape the memory copy and option header
location, more efficent
Send Process
Packet
Change
the source
address
field to be
the signature
Packet
Receive Process
Rewrite
the source
address field
to the
source address
Packet
Mapping table
from signature to
address