HNCP Security Based on Routers Trust

draft-bonnetain-hncp-security-00

Author:

Presenter:

IETF 90 - Homenet 25 July 2014

Xavier Bonnetain

Pierre Pfister

IETF 90 - Homenet

Presentation Outline

Slide 1/10

- Threats and Assumptions - Authentication - Authorization - Shared Secret Establishment - Pros and cons - Other possibilities

IETF 90 - Homenet

Existing home networks are not secured

Threats and Assumptions

Wired link is left unsecured (and maybe it’s okay !)Wireless is usually secure

There are plenty of possible attacks

RA generationDHCP spoofingIP spoofing…

Slide 2/10

IETF 90 - Homenet

Fake an uplinkFake a client

Prevent network config.Spoof domain names

Attack the routing protocol

Homenet makes it worse ! An attacker can:

Threats and Assumptions

Securing HNCP is:Preventing an attacker from interfering with a link it is not connected to.

Secure interface type

Secure HNCP

Secure the routing protocol

What homenet does is:Extending the home network to multiple links

Slide 3/10

Threats How to protect against

IETF 90 - Homenet

Each node uses a public key as identifier

Authentication Mechanism

Each HNCP update is signed

Slide 4/10

Identity is tied to the public keyHNCP makes use of the MD5 of the public key as shortened ID

Note: Using MD5 is not that bad. But a real crypto hash would ensure cryptographic binding.

Update Sequence Number

Node Data TLVs

IETF 90 - Homenet

Decentralized approach at HNCP level

Authorization Mechanism

Slide 5/10

Nodes advertise a set of trust relationships

Trust links are shared with HNCP

I trust router 9 !

I trust router 2 !

Router 2

Router 9

IETF 90 - Homenet

Authorization Mechanism

Slide 6/10

Ending-up with a trust network

Defining the trusted node set

Set of nodes you have bidirectional trust relationship with.

Untrusted nodes updates are relayed but rate-limited

Only trust related TLVs are used from nodes that are not trusted

IETF 90 - Homenet

Authorization Mechanism

Slide 7/10

Trust bootstrapping

Revocation

User interaction (UI, pressing buttons, PIN codes)Centralized managementCertificate based management

Can’t use time (configuration prior to internet access)Revoke a trust relationship by not advertising it anymore

IETF 90 - Homenet

Shared Secret Establishment

Slide 8/10

Master key generation

Encrypted for all trusted nodesAsymmetric crypto.Identified by originator + ID

Other TLVs are later encrypted

Symmetric crypto.Allows sharing routing protocol session key

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type: PRIVATE-DATA (72) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | H(node identifier) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Symmetric algorithm | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | Algorithm-specific data | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Encrypted TLVs | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type: SHARED-KEY (71) | Length: >= 28 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | H(target node identifier) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Asymmetric algorithm | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | Symmetric key encrypted with | | node public key | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Originator’s ID

IETF 90 - Homenet

Pros and cons

Slide 9/10

- No link security (neither for hosts or routers)

- No active deprecation

- No uplink security

- Shared key must be renewed when a trusted node is revoked

+ HNCP data is protected (configuration)

+ Shared secret for other protocols (routing protocol)

IETF 90 - Homenet

Other possibilities

Slide 10/10

Password based (IPSec or symmetric crypto)

Static interface configuration CA based

+ More efficient crypto+ Simpler to implement- Bootstrap a bit less secure- Key management is hard

o No crypto.+ Uplink security

- Centralized- Revoking is hard- Complex implementation

Discuss !

IETF 90 - Homenet 25 July 2014