draft-ietf-lisp-sec-12
F. Maino, V. Ermagan, A. Cabellos, D. Saucez
IETF 97, Seoul – November 2016
1
Agenda
 Most Significant Changes
 LISP-SEC Overview
–Scope
–Threat Model
–LISP-SEC Operations
 Q&A
2
Most Significant Changes
 Section 6 (Security Considerations)
– Section 6.1 (Mapping System Security) states assumptions on
mapping system security
– Section 6.4 (Deploying LISP-SEC) warns that according to
RFC2119 the security implications associated with the LISPSEC threat model need to be well understood before ignoring
each specific “SHOULD” recommendation.
Two examples are brought up:
• allowing transport of unencrypted OTK between xTR and
MS/MR
• allowing ETR/MS to choose HMAC algorithms different
than the one specified by the ITR
3
Most Significant Changes (cont)
 Section 7 (IANA Considerations) rewritten to be
compliant with RFC 5226.
Registries have been requested, and provisioned with
initial values, for:
– ECM Authentication Data Type
– Map-Reply Authentication Data Type
– LISP-SEC Authentication Data HMAC ID
– LISP-SEC Authentication Data Key Wrap ID
– LISP-SEC Authentication Data Key Derivation Function ID
4
LISP-SEC OVERVIEW
5
Scope
 Protect the Map-Request/Map-Reply exchange
–Map-Reply origin authentication, anti-replay and integrity
protection
 Protect from over claiming attacks
–Prevent the ETR from over claiming EID prefixes
6
Threat Model
Mapping System
1.1.0.0/16 -> {RLOC}
Map
Server
Map
Resolver
D=1.1.0.10,
S=2.2.2.5
ITR
EID 2.2.2.5
Site Y
ETR
Site X
1.1.0.0/16
ITR
ETR
7
Threat Model
1. The Mapping System is secure and well functioning,
and delivers Map-Requests to their intended
destinations as identified by the EID
–
EID prefix authorization is delegated to mapping Server
Configuration
–
Mapping Server asserts EID prefix authorization
–
Mapping Server is trusted to do proper RLOC mapping
(proxy case)
2. In the case of ALT Mapping System (as an example),
GRE tunnels prevent Man-in-the-Middle (MiM)
attacks and provide integrity and confidentiality of the
information carried over ALT (i.e. the nonce and the
OTK)
–
GRE tunnels can be secured with IPsec
8
Threat Model (II)
3. MiM attacks can be mounted outside, and only
outside, of the Mapping System infrastructure
4. ETR can mount prefix overclaiming attacks
–
maliciously or unintentionally (e.g. because the ETR is
hacked/compromised)
9
One-Time Keyed HMAC on Map-Request/Reply
Mapping System
OTK
OTK-ETR = HKDF(OTK)
Map
Server
1.1.0.0/16 -> {RLOC}
Map-Request
1.1.0.10, n, OTK
Map
Resolver
K
Map-Request
1.1.0.10, n
AES_wrap_keyK(OTK)
K’
Map-Request
1.1.0.10,n
AES_wrap_keyK’(OTK-ETR=HKDF(OTK))
EID-AD: HMACOTK-MS[{EID prfx}]
OTK-ETR
Site Y
K’
ETR
1.1.0.0/16
Map-Reply
1.1.0.10, n
EID-AD: HMACOTK-MS[{EID prfx}]
LOC-AD: HMACOTK-ETR[{Rlocs}]
K
D=1.1.0.10,
S=2.2.2.5
ITR
EID 2.2.2.5
1.1.0.10:
n=nonce,
OTK=One TimeSite
KeyX
ETR
ITR
10
THANKS!
11