Research on IP Anycast Secure Group Management
description
Transcript of Research on IP Anycast Secure Group Management
![Page 1: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/1.jpg)
Research on IP Anycast Secure Group Management
Wang Yue [email protected]
Network & Distribution Lab, Peking University
Network Research Workshop 2003 16th APAN Meetings
![Page 2: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/2.jpg)
2
List of Topics
Review of IP Anycast
Anycast Security Model
Anycast Group Characteristics
Secure Anycast Listener Discovery (S-ALD)
![Page 3: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/3.jpg)
3
Review of IP Anycast
An IP service defined in RFC1546 for IPv4, and in RFC2373 for IPv6.
Like Multicast, an IP anycast address is assigned to a set of network interfaces.
But, a packet for an anycast address is forwarded to the “topologically nearest” interface with this address.
![Page 4: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/4.jpg)
4
Review of IP Anycast (continue)
Anycast Group A is identified by its anycast address;
Each member can also has an unicast address to identify itself.
![Page 5: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/5.jpg)
5
Review of IP Anycast (continue)
Address modification for stateful service
dst = a1 Client --------------------- Anycast Server
src = u1 ( anycast address : a1 --------------------- unicast address : u1 )
dst = u1 --------------------- … …
![Page 6: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/6.jpg)
6
List of Topics
Review of IP Anycast
Anycast Security Model
Anycast Group Characteristics
Secure Anycast Listener Discovery (S-ALD)
![Page 7: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/7.jpg)
7
Anycast Security Requirements
Everyone can announce to the routing system or clients that it was the member of a certain group. Therefore, Anycast is vulnerable to attacks such as Masquerading, DOS, etc.
“Security Requirements of IPv6 Anycast ” (internet draft)
Unauthenticated anycast server announcements Source address modification by an anycast server Secure communication between anycast clients
and servers
![Page 8: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/8.jpg)
8
Secure Channel for Anycast
We need secure channels between anycast members and the routing system as well as clients. Certificate-based secure protocols are good for the purpose.
Anycast Server
Internet
Client
( red lines denote secure channels )
![Page 9: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/9.jpg)
9
Authorization Scheme
IPv6 Anycast address format
Network prefix Group identifier
n bits 128-n bits
Network prefix defines a topological scope where all members reside in Global IP Anycast (GIA): prefix is null prefix Regional IP Anycast (RIA): prefix is not null
AS-inner RIA : prefix insides an AS AS-outer RIA : prefix does not inside any AS
![Page 10: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/10.jpg)
10
Authorization Scheme (continue)
Three separate authorizations needed Assigning an anycast address, e.g. by
IANA
Entitling group membership to an interface, e.g. by the group owner
Admission control for an group member residing in a certain network region or AS, e.g. by the AS
![Page 11: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/11.jpg)
11
Authorization Scheme (continue)
Authorization Hierarchy for GIA and AS-outer RIA address
IANA
Addressowner
A member
AS
membership
GIA addressAS-outer RIA address
Admission
( each color denotes a certificate chain )
![Page 12: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/12.jpg)
12
Authorization Scheme (continue)
Authorization Hierarchy for AS-inner RIA address
IANA
Addressowner
A member
membership
Admission
AS
AS-inner RIAaddress
addressdelegation
AS-innerNetwork
addressdelegation
( considering an anycast address prefix covers a network inside the AS )
![Page 13: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/13.jpg)
13
Configuration
Group Discoverers need configure IANA or local addresses assigning authorities’ public key, and the public key for admission control certificate.
Clients need only configure IANA’s public key.
Truncation of certificate chains can be used to reduce cost, after the first try.
![Page 14: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/14.jpg)
14
List of Topics
Review of IP Anycast
Anycast Security Model
Anycast Group Characteristics
Secure Anycast Listener Discovery (S-ALD)
![Page 15: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/15.jpg)
15
Host-based Anycast using MLD
This internet draft proposes to discover anycast members the same way as Multicast Listener Discovery (MLD) protocol.
Host sends Report or Leave to the adjacent router (i.e. Group Discoverer) when joining or leaving a group.
Group Discoverers periodically send Query to learn status of adjacent members.
![Page 16: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/16.jpg)
16
Anycast Group Characteristics
Semantically, each anycast group provides a service.Normally, the frequency for members advertising to Group Discoverers their joining or leaving a group is low.Members should report their status more frequently.The processing delay for joining is not required strictly, as other members can provide the same service.The processing delay for leaving should be as low as possible.Locations of anycast members can be rather limited and stable, so we unnecessarily deploy one group discoverer in each access border of the routing system. It is both economical and secure in this way.
![Page 17: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/17.jpg)
17
List of Topics
Review of IP Anycast
Anycast Security Model
Anycast Group Characteristics
Secure Anycast Listener Discovery (S-ALD)
![Page 18: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/18.jpg)
18
Secure Anycast Listener Discovery
The Scenario
internet
Join
Heartbeat
Leave
Anycastmember
GroupDiscoverer
Secure channel between anycast member and Group Discoverer is built during the join phase on IPSec by authenticating the mentioned certificates.
![Page 19: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/19.jpg)
19
S-ALD FeaturesMembers report actively, not driven by a query Network burst largely reduced Members and Group Discoverers may not be on the
same link
Group Discoverers should record status of registered members For secure sessions’s sake Other information, e.g. members’s load may be useful
for anycast route choice
Considering Anycast group characteristics, S-ALD is secure, totally low overhead and manageable
![Page 20: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/20.jpg)
20
Our contributions
Authorization Scheme for Secure Anycast
Anycast Group Characteristics
The Resulting S-ALD protocol
![Page 21: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/21.jpg)
21
Prospect
IP Anycast is useful for service discovery, automatic configuration, load balance, etc.
But, concerning security, IPv6 restricts that anycast addresses must NOT assigned to hosts, “until more experience has been gained and solutions agreed upon”.
With Anycast Secure Group Management, we can break this restriction.
![Page 22: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/22.jpg)
22
The End
![Page 23: Research on IP Anycast Secure Group Management](https://reader034.fdocuments.in/reader034/viewer/2022050820/56815a65550346895dc7af88/html5/thumbnails/23.jpg)
23
Question?