Authenticated Traversal Sectrace Protocol Contessa - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Authenticated Traversal Sectrace Protocol Contessa

Description:

Widget Com. Generic Ltd. Sectrace Protocol. Messages. RReq : Route Request ' ... Widget Com. Generic Ltd. SAReq. SARep. Sectrace Protocol. Client. Access. Point ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 31
Provided by: michaelm81
Category:

less

Transcript and Presenter's Notes

Title: Authenticated Traversal Sectrace Protocol Contessa


1
Authenticated TraversalSectrace ProtocolContessa
  • Carl A. Gunter, Alwyn Goodloe, Michael McDougall
  • April 1, 2003

2
What is the Problem?
  • We need to connect security gateways to each
    other
  • Amortize costs
  • AST is insufficient because it resets on every
    connection
  • IPSec gives us the tools, but there is no
    automated setup protocol

3
Why is it Hard?
4
Options
Security Gateways
1
2
3
4
5
Trust Relations
5
Options
1
2
3
4
5
Long SAs
6
Options
1
2
3
4
5
Short SAs
7
Options
1
2
3
4
5
Conflicting SAs
8
Design
  • Philosophy
  • Assumes gateways are willing to forward traffic
    if
  • it is authenticated by an a trusted upstream
    gateway or
  • it is intended to establish a trusted channel
  • Leverages IPSec security measures
  • Initiator traffic is treated differently than
    response traffic
  • Request to open session must be authenticated
  • Session traffic assumed ok

9
Theory
  • There is a canonical choice of shortest SA each
    node chooses the nearest trusted source that is
    consistent with choices earlier on the path.

10
Theory
  • Theorem if an SA path exists, then this
    canonical choice provides a path.
  • Proof by induction on the nodes in the path. Let
  • fSA path on n1 nodes
  • fscanonical path on n nodes
  • f restricted to n nodes is a valid path
  • Induction shows that the SAs in fs are shorter
    than the corresponding paths in f

11
Algorithm
C
1
2
3
4
12
Algorithm
C
1
2
3
4
Available Endpoints
C
2
3
4
13
Algorithm
C
1
2
3
4
Available Endpoints
1
C
2
3
4
Trust relationship
14
Algorithm
C
1
2
3
4
Available Endpoints
1
C
2
3
4
15
Algorithm
C
1
2
3
4
Available Endpoints
1
C
2
16
Algorithm
C
1
2
3
4
5
Available Endpoints
1
C
2
5
17
Algorithm
Available Endpoints
C
2
5
18
Sectrace protocol
  • Resembles traceroute protocol
  • Client repeatedly sends messages towards the
    server
  • Gateways respond with information about their
    policy
  • Client chooses two endpoints for IPSec SA

19
Sectrace Protocol
Access Point
Mail Server
Client
Firewall
Firewall
Widget Com
Generic Ltd
20
Sectrace Protocol
Access Point
Mail Server
Client
Firewall
Firewall
Widget Com
Generic Ltd
21
Sectrace Protocol
  • Messages
  • RReq Route Request
  • I want a connection to the server
  • RRep Route Reply
  • Here is my certificate and who I trust
  • SAReq SA Request
  • Please set up a tunnel with
  • SARep SA Reply
  • Tunnel setup has succeeded/failed

22
Sectrace Protocol
Access Point
Mail Server
Client
Firewall
Firewall
Widget Com
Generic Ltd
23
Sectrace Protocol
Access Point
Mail Server
Client
Firewall
Firewall
Widget Com
Generic Ltd
24
Sectrace Protocol
Access Point
Mail Server
Client
Firewall
Firewall
Widget Com
Generic Ltd
25
Sectrace Protocol
Access Point
Mail Server
Client
Firewall
Firewall
Widget Com
Generic Ltd
26
Sectrace Protocol
  • Characteristics
  • Gateways and Servers are stateless with respect
    to the sectrace protocol
  • Though sectrace triggers protocols that establish
    state
  • All SAReq messages arrive through a secure tunnel
  • RReq messages are only forwarded if they are
    authenticated

27
Implementation
  • Goals
  • Proof of concept
  • Packet formats, timers
  • Verify protocol document
  • Bottom up
  • Concrete framework to explore any issues that
    arise in formal verification
  • Idea of the interface with routing and IPSec
  • What is the minimal routing and IPSec
    functionality required by the protocol

28
Implementation
  • Simulate routing and IPSec
  • As simple as possible while supporting sectrace
  • Actual network packets
  • Verify a reasonable byte-level representation of
    packets
  • Real world network behavior
  • Distributed across Processes or Machines
  • Implemented in Java

29
Related Work
  • IETF working groups
  • IP Security Policy (ipsp)
  • Middlebox Communication (midcom)
  • Security Policy Protocol - DARPA/BBN
  • Expired IETF draft
  • No known formal analysis or implementation
  • Very complex 160 pages
  • RSVP Protocol
  • Opportunistic Encryption

30
Lessons Future Work
  • Lessons learned
  • Protocol works
  • Interface with routing and IPSec is the trickiest
    issue
  • What do SAs cover?
  • What functionality does sectrace demand?
  • Future
  • Aggregation/out of band SA
  • Multiple clients and server
  • Integration with routing and IPSec code
  • Hardening the protocol with more DoS protection
Write a Comment
User Comments (0)
About PowerShow.com