HNCP Security Based on Routers Trust - IETF | Internet ... 90 - Homenet Existing home networks are...
Transcript of HNCP Security Based on Routers Trust - IETF | Internet ... 90 - Homenet Existing home networks are...
HNCP Security Based on Routers Trust
draft-bonnetain-hncp-security-00
Author:
Presenter:
IETF 90 - Homenet 25 July 2014
Xavier Bonnetain
Pierre Pfister
IETF 90 - Homenet
Presentation Outline
Slide 1/10
- Threats and Assumptions - Authentication - Authorization - Shared Secret Establishment - Pros and cons - Other possibilities
IETF 90 - Homenet
Existing home networks are not secured
Threats and Assumptions
Wired link is left unsecured (and maybe it’s okay !)Wireless is usually secure
There are plenty of possible attacks
RA generationDHCP spoofingIP spoofing…
Slide 2/10
IETF 90 - Homenet
Fake an uplinkFake a client
Prevent network config.Spoof domain names
Attack the routing protocol
Homenet makes it worse ! An attacker can:
Threats and Assumptions
Securing HNCP is:Preventing an attacker from interfering with a link it is not connected to.
Secure interface type
Secure HNCP
Secure the routing protocol
What homenet does is:Extending the home network to multiple links
Slide 3/10
Threats How to protect against
IETF 90 - Homenet
Each node uses a public key as identifier
Authentication Mechanism
Each HNCP update is signed
Slide 4/10
Identity is tied to the public keyHNCP makes use of the MD5 of the public key as shortened ID
Note: Using MD5 is not that bad. But a real crypto hash would ensure cryptographic binding.
Update Sequence Number
Node Data TLVs
IETF 90 - Homenet
Decentralized approach at HNCP level
Authorization Mechanism
Slide 5/10
Nodes advertise a set of trust relationships
Trust links are shared with HNCP
I trust router 9 !
I trust router 2 !
Router 2
Router 9
IETF 90 - Homenet
Authorization Mechanism
Slide 6/10
Ending-up with a trust network
Defining the trusted node set
Set of nodes you have bidirectional trust relationship with.
Untrusted nodes updates are relayed but rate-limited
Only trust related TLVs are used from nodes that are not trusted
IETF 90 - Homenet
Authorization Mechanism
Slide 7/10
Trust bootstrapping
Revocation
User interaction (UI, pressing buttons, PIN codes)Centralized managementCertificate based management
Can’t use time (configuration prior to internet access)Revoke a trust relationship by not advertising it anymore
IETF 90 - Homenet
Shared Secret Establishment
Slide 8/10
Master key generation
Encrypted for all trusted nodesAsymmetric crypto.Identified by originator + ID
Other TLVs are later encrypted
Symmetric crypto.Allows sharing routing protocol session key
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type: PRIVATE-DATA (72) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | H(node identifier) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Symmetric algorithm | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | Algorithm-specific data | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Encrypted TLVs | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type: SHARED-KEY (71) | Length: >= 28 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | H(target node identifier) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Asymmetric algorithm | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | Symmetric key encrypted with | | node public key | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Originator’s ID
IETF 90 - Homenet
Pros and cons
Slide 9/10
- No link security (neither for hosts or routers)
- No active deprecation
- No uplink security
- Shared key must be renewed when a trusted node is revoked
+ HNCP data is protected (configuration)
+ Shared secret for other protocols (routing protocol)
IETF 90 - Homenet
Other possibilities
Slide 10/10
Password based (IPSec or symmetric crypto)
Static interface configuration CA based
+ More efficient crypto+ Simpler to implement- Bootstrap a bit less secure- Key management is hard
o No crypto.+ Uplink security
- Centralized- Revoking is hard- Complex implementation