Weak Identifier Multihoming Protocol (WIMP) draft-ylitalo-multi6-wimp-00.txt J. Ylitalo, V. Torvinen, E. Nordmark

1
Weak Identifier Multihoming Protocol (WIMP)
draft-ylitalo-multi6-wimp-00.txt J. Ylitalo, V.
Torvinen, E. Nordmark

• Vesa Torvinen
• Ericsson Research Nomadiclab, Finland
• 59th IETF - Seoul, Korea

2
Overview

• Experiments with "weak" authentication and light
  cryptographic operations
• Up to 2000-4000 times faster than public key
  operations?
• Context establishment and re-addressing separated
  
• Initiation phase stateless for responder
• Locators can change dynamically, and be private
• End-point identifiers are (currently) not
  routable
• Initiator ephemeral ID (hash of nonce)
• Responder hash of FQDN

draft-ylitalo-multi6-wimp-00.txt
3
Basic operations
INITIATOR RESPONDER INIT
mac(H0(I)) --------------------------gt CC
temporary_H0(R) lt-------------------------
CCR H0(I) --------------------------gt
CONF H0(R) lt--------------------------
REA H1(I), mac(H2(I)), locators ------------
--------------gt AC1 H1(R)_piece_1
lt------------------------- ACn
H1(R)_piece_n lt-------------------------
ACR H1(R), H2(I) --------------------------gt

• Reverse hash chain
• Hn Hash(random)
• Hn-1 Hash(Hn)
• H0 Hash(H1) anchor
• Secret splitting
• X xor pad e(X)

draft-ylitalo-multi6-wimp-00.txt
4
Major issues

• End-point flow IDs
• Flow-id not inline with draft-ietf-ipv6-flow-label
  -09.txt
• End-point IDs should be routable (cf. SIP)
• Hijacking attack attacker establish state in
  victim so that when victim tries to send packets
  to server, he will actually send them to attacker
• DoS attack easy generation of a storm of INIT
  messages (statelessness helps)
• Adopt solution from other drafts, e.g. NOID?

draft-ylitalo-multi6-wimp-00.txt