Securing PIM-SM Link- Local Messages J.W. Atwood Salekul Islam - - PowerPoint PPT Presentation

securing pim sm link local messages
SMART_READER_LITE
LIVE PREVIEW

Securing PIM-SM Link- Local Messages J.W. Atwood Salekul Islam - - PowerPoint PPT Presentation

Oct 05, 2022 429 likes •552 views

Securing PIM-SM Link- Local Messages J.W. Atwood Salekul Islam Concordia University draft-atwood-pim-sm-linklocal-01 1 Problem Statement n PIM-SM draft says n Recommend AH n Assume manual keying, but allow automatic n If IPsec, MUST

slide-1
SLIDE 1

Securing PIM-SM Link- Local Messages

J.W. Atwood Salekul Islam Concordia University draft-atwood-pim-sm-linklocal-01

1

slide-2
SLIDE 2

Problem Statement

n PIM-SM draft says

n Recommend AH n Assume manual keying, but allow automatic n If IPsec, MUST authenticate all n Anti-replay SHOULD be enabled

n AH says

n SHOULD NOT ofger anti-replay when manually

keyed

2

slide-3
SLIDE 3

cont

n IPsec says

n Security Policy Database (SPD) cannot

represent a creation policy for a multicast SA

n Therefore, only manually-configured SAD

entries are possible

n Apparent conclusion

n We should not activate anti-replay for PIM

Link-local messages

n Actual conclusion

n We can, it’s just harder…

3

slide-4
SLIDE 4

Per-interface or per- sender?

n PIM-SM says

n Per-interface may be useful

n IPsec says

n No (longer) need to support per-interface

n AH says

n Use SPI + destination + source for SSM n Use SPI + destination for ASM

4

slide-5
SLIDE 5

Who talks to whom?

n Link-local messages go from one router

to all its peer routers

n Since all routers use ALL_PIM_ROUTERS, it

looks like an ASM group

n In fact, this is a collection of SSM groups n Therefore

n All the counsel against anti-replay for multi-

sender multicast groups does not apply

n Link-local SA SHOULD be established as an

SSM group

5

slide-6
SLIDE 6

Choices

n Declare that ALL_PIM_ROUTERS operates

as an SSM group when IPsec is enabled

n This may be hard, because ALL_PIM_ROUTERS

is used for BSR communication

n Define LINK_LOCAL_PIM_ROUTERS or

SECURE_PIM_ROUTERS to be in the SSM address range

n But, we will need to secure BSR

communication as well

6

slide-7
SLIDE 7

Manual Key Configuration

n Number of peers will be small n AH says

n Anti-replay SHOULD NOT be provided if SAs

are manually keyed

n Choices

n Override AH (RFC 4302) n Define a negotiation protocol to ensure key

generation and SA refresh on counter

  • verflow

7

slide-8
SLIDE 8

Counter Overflow

n If Extended Sequence Number is

specified, 264 control packets can be sent

n This may justify overriding the AH

prohibition.

n Otherwise, we are prepared to work on

defining the necessary negotiation protocol

8

slide-9
SLIDE 9

Validation

n This proposal was formally validated, as

part of the Master’s Thesis of Salekul Islam, using PROMELA and the SPIN tool.

n Salekul Islam and J. William Atwood,

"Security Issues in PIM-SM Link-local Messages", Proceedings of IEEE LCN 2004, Tampa, FL, 2004 November 16--18, pp. 402--403.

9

slide-10
SLIDE 10

Contact Information

n PPT/PDF of these slides are at

www.cse.concordia.ca/~bill/internet-drafts/ IETF66-LinkLocal-01.ppt or IETF66- LinkLocal-01.pdf

n Email addresses

n bill@cse.concordia.ca n salek_is@cse.concordia.ca

10