Transcript savi-4
A CGA based Source Address Authorization and Authentication (CSA) for First Layer-3 Hop IETF 72 Meeting, Dublin July 28, 2008 SAVI Working Group Jun Bi <[email protected]> Jianping Wu<[email protected]> Guang Yao <[email protected]> Basic Ideas • Phase 1: Address Authorization – Host-granularity checking based on the knowledge of address assignment (to adapt all address allocation ways) – Host Identifier (CGA Identifier) without PKI – Binding Host Identifier and address at the first Layer-3 hop (not binding port/MAC/IP, in case there is no one-one mapping between the port and host e.g. a hub uplinks to an Ethernet switch port and downlinks multiple hosts) – Secure Shared Secret Exchange (Signature Seed used in Authentication phase between the host and router, to transfer the ID/Address binding to a more lightweight Address/Signature binding) • Phase 2: Address Authentication – Light-weight signature generation Overview of Procedure • Phase1: Address Authorization (5 steps) (4) Check whether identifier H can use the required address A (2) An identifier is used to show the applicant is H (5) Return a “signature seed” for future authentication (1) Prepare an address A (3) I’m H and I require to use address A Overview of Procedure • Phase2: Address Authentication Check Signature and Remove it Add Signature Generate Signature based on “signature seed” Phase1: Address Authorization • Step 1: Address Preparation – The Node gets an address through the appointed address assignment mechanism • Host in IPv4: Manual Configuration, DHCP • Host in IPv6: DHCP, Stateless Auto-configuration (SAC), Manual Configuration, Cryptographically Generated Address (CGA), Privacy Address Authorization • Step 2: Identifier Generation – Node generates a secure identifier • For anonymity address owner (DHCP,SCA,CGA,Privacy), identifier = hash(Public Key) [Described in CGA] • For any address allocation mechanism involving manual configuration, identifier = hash(Public Key + Shared Secret ). The Shared Secret is a bit string allocated to the node with address by network administrator. Address Authorization • Step 3: Address Authorization Request – Nodes send a request packet to the first L3 hop • Currently designed as an ICMP packet, to be designed as SEND extension • Source address is the address prepared in step 1 • The CGA option and RSA signature option are the same as described in [SEND] Address Authorization • Step 4: First L3 Hop Authorizing Address – Router checks whether the request node has the right to use the address. • The knowledge is based on address allocation mechanism. – Manual Configuration: Re-compute the identifier using the shared secret of the address owner. – SAC/Privacy/CGA: The address has not been registered by another node. In CGA case, the request address must be a correct CGA address computed on the public key. – DHCP: The identifier in the request packet must be the one which had been used to apply address/prefix from DHCP server/router. [See next page] Address Allocation in DHCP Case Record the CGA identifier Snoop and record address allocated. Bind the identifier /assigned address. Source address set to the CGA identifier DHCP Solicitation Address Authorization • Step 5: Signature Seed Assignment – The router returns a bit string named “signature seed” to the host, encrypted by the host’s public key that was carried in the authorization request packet. – Node decrypts the “signature seed” and will use it in the Phase 2. Phase 2: Address Authentication • Signature Generation (All based on the shared secret “signature seed”) – HMAC – Pseudo Random Number (Preference) • Signature sequence, hard to guess and replay • Using the sliding window to handle the packet re-order (not a big deal in local subnet) • Signature Adding (3 choices to implement) – IPSEC Authentication Header – A new option header (e.g. Hop-by-hop) – Address Rewrite (The signature is used as local address, the router rewrite with the authorized address for outside world, to save the cost of memory copy and locating the extension header) Phase 2: Address Authentication • Consideration – Authentication based on signature always costs much. • Reduce the cost of – Signature generation (random number sequence) – Signature adding and signature removal (by reducing the overhead) – Signature verification (by matching a number) – to be close to the cost of routing table lookup. Compliant to SAVI Charter • Charter compliant – All address allocation methods – Special cases: • Static address • Multiple IP addresses on one interface (meet because it doesn’t rely on L1/L2 info.) • Multiple link layer addresses on one interface • Multiple interfaces to the same link • Node changes port • Node is router, NAT, switch • SEND • Anycast address • Charter none-compliant – Host Change • The address authorization can be designed as the extension of SEND • Actually, “host change” might be always required in the case if there is no strict one-one mapping between switch port and host (L1/L2/L3 strict mapping). Applicability and benefits • Working scenario: for the situation there is no strict port/host one-one mapping (if there is strict mapping, port/MAC/IP binding is more efficient). • Economy : do not need to replace/update all ports in a network to L3-aware switches (which might be more expensive) • Flexibility: works in networks without port based switches, e.g., wireless LAN • The Linux prototype is being tested in Tsinghua testbed • Expect a larger scale testing by real users in the real campus network (net a testbed) in Tsinghua Acknowledgements • The author gratefully acknowledges the contributions of Fred Baker, Jari Arkko, Christian Vogt, Pekka Savola, Lixia Zhang, Mark Williams, Paul Ferguson, et.al., to this draft or a previous version draft-bi-sava-solution-ipv6edge-network-signature-00 Thank You! Traditional Signature Mechanism Send Process Packet Locate the option Packet header add Receive Process Packet Locate PacketRemove Signature Signature Packet Packet Packet Address Rewrite • Escape the memory copy and option header location, more efficent Send Process Packet Change the source address field to be the signature Packet Receive Process Rewrite the source address field to the source address Packet Mapping table from signature to address