Institut für Telematik Secure Signaling in Next Generation Networks with NSIS Roland Bless, Martin...
-
Upload
arianna-warner -
Category
Documents
-
view
213 -
download
1
Transcript of Institut für Telematik Secure Signaling in Next Generation Networks with NSIS Roland Bless, Martin...
Institut für Telematik
Secure Signaling in Next Generation Networks with NSIS
Roland Bless, Martin RöhrichtIEEE ICC 2009, Dresden
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
2
IEEE ICC 2009, Dresden
QoS Reservation
Motivation
Signaling protocols important component for Next Generation Networks
Admission control for resource reservationsManagement of network entitiesRSVP NSIS
Security of signaling protocols importantQoS reservationsFirewall configurationsNAT traversal mappings
VideoServer
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
3
IEEE ICC 2009, Dresden
Next Steps in Signaling – Overview
Two-layer approachQoS or NAT/FW NSLPNTLP, i.e. GIST
discovery of next signaling peersignaling message transport (unreliable, reliable, secure)
Channel security mechanisms at GIST levelHop-by-hop based, not end-to-endMultiplex several different sessions over one secured channelNo per-user authentication
QoS NSLP SignalingPossibly secured sections
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
4
IEEE ICC 2009, Dresden
Problem Statement
No per-user or per-session authentication possible
No per-user authorization No reliable and secure accounting
Objective: provide integrity protection for every signaling messageSession Authorization Policy Element
Relies on provision of authorization tokens from trusted third partyOpaque authorization token not sufficient
Not related to any signaling message objects
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
5
IEEE ICC 2009, Dresden
Main Challenges
Add per-user authentication mechanism to Authorization Policy ElementIntegrity protection parts of signaling message
Some objects should still be modifiable by intermediate nodes
E.g. QoS parameter values
Specify light-weight approachSecurity shouldn’t add much additional (setup) delayThousands of signed signaling messages per node
Digital certificates not suitable
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
6
IEEE ICC 2009, Dresden
Proposal towards Authentic NSIS Signaling
Establish binding of authorization object and NSLP messages
not included into HMAC
included into HMAC
SessionAuthorization
Object
Hash-Alg-ID, List of Signed NSLP ObjectsKey-ID for Sk
Signature Data HMAC(Sk, Data)
GIST Objects
QoS NSLP Objects
Protected parts of GIST PDU e.g. Session ID, Message Routing Information
Protected parts of QoS NSLP PDUe.g. INFO_SPEC, QSPEC
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
7
IEEE ICC 2009, Dresden
HMAC-based protection0 7 8 15 16 23 24
Object Length
Length
Type = AUTH_SESSION1 0 0 0 00 0 0
31
AUTH_ENT_ID HMAC_SIGNED
Reserved
Length AUTH_DATA
OctetString (Message Authentication Code – HMAC Data)
Hash Algorithm ID
zero
Length NSLP_OBJ_LIST zero
Number of signed NSLP objects=n
padding
reserved NSLP signed object (1)
Length START_TIME NTP_TIME_STAMP
NTP time stamp (1)
NTP time stamp (2)
Length SOURCE_ADDR IPV4_ADDRESS
IPv4 Source Address
OctetString (Key Identifier)
NSLP signed object (n)reserved
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
8
IEEE ICC 2009, Dresden
Kerberos based Example
Initial Session AuthorizationAssumption: routers are “Kerberized” resources
TGSTGS
NSLPInitiatorNSLP
Initiator
NSLPEntityNSLPEntity
1. Request Session Authorization Object1. Request Session Authorization Object
3. NSLP message with Session Authorization Objects A1 and A2
3. NSLP message with Session Authorization Objects A1 and A2
4. Verifies Session Authorization Objects A1 and A2. Store key Sk extracted from A1.
4. Verifies Session Authorization Objects A1 and A2. Store key Sk extracted from A1.
2. Get Session AuthorizationObject A1 (Resource Ticket)
2. Get Session AuthorizationObject A1 (Resource Ticket)
Hash-Alg-ID,
List of Signed NSLP Objects
Key-ID for Sk
HMAC(Sk, Data)
Kerberos Ticket
(Incl. Session Key Sk)
QoS NSLP objects
A1
A2
GIST objects
not included into HMAC
included into HMAC
Signature Data
AdministrativeDomain
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
9
IEEE ICC 2009, Dresden
NSIS-ka Suite
Open Source C++-based, multi-threaded implementation for Linux
GISTQoS NSLPNATFW NSLP
Well tested at Interop tests against different implementationsCurrently under active development
GIST-aware NAT-GatewaysMobility support for/with MobileIPv6Anticipated HandoversMulticast SupportIntegration into OMNeT++ simulation framework
Code freely available: http://nsis-ka.org
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
10
IEEE ICC 2009, Dresden
Performance Evaluation
Proposed integrity protection implemented and testedBenchmarks to determine overhead of HMAC computation
Intel Pentium IV 2.8GHzReading system clock at specific actions and keeping time stamps in memory50,000 runs measured in µs
Creation of Session Authorization Object including HMAC computation
30.8% overhead (Mean)HMAC verification and deserialization of PDU
31.8% overhead (Mean)
Action Min Max Mean Stddev
Serialization 68.2 701.9 69.1 10.5
Serialization w. HMAC 89.4 718.1 90.4 8.3
Deserialization 74.4 705.6 75.3 8.8
Deserialization w. HMAC 97.6 746.3 99.2 9.8
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
11
IEEE ICC 2009, Dresden
Conclusion & Outlook
Allows for user-based authenticationIntegrity protection of important parts of an NSLP messageUses resource efficient HMAC-based signaturesKey exchange not per session required
Only per user
No further backend communication needed by intermediate nodes for integrity checksLow communication overheadNot restricted to a particular NSLP
Institut für Telematik
Thanks! Questions?
www.tm.uka.de/itm
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
13
IEEE ICC 2009, Dresden
Backup
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
14
IEEE ICC 2009, Dresden
Session Authorization by Policy Decision
Authorizing entity generates Authorization Policy Element
According to framework defined by RFC 3521
Retrieved policy element must be copied into Session Authorization ObjectQNE extracts information
Uses Diameter QoS application or RADIUS QoS protocol to contact Policy Decision Point
AAAAAA
QNIQNIQNEQNE
1. request session authorization object1. request session authorization object
3. NSLP message withsession authorization object3. NSLP message withsession authorization object
4. verifies session authorization object4. verifies session authorization object 2. get session
authorizationobject
2. get session authorizationobject
QNI: QoS NSLP Initiator
QNE: QoS NSLP Entity
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
15
IEEE ICC 2009, Dresden
Generic NSLP object headerA, B – Extensibility flagsType – AUTH_SESSION
List of Session Authorization AttributesX-Type – Authorizing Entity Identifier, Source/Dest. Address, Start/End Time, Authentication DataSubType – Fully Qualified Domain Name, Digital Certificate, IPv4/v6-Address, Kerberos Principal Name, …
Session Authorization Object
Session Authorization Attribute List
310 7 8 15 16 23 24
A LengthB r r r r rType r
310 7 8 15 16 23 24
SubTypeLength X-Type
Value …
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
16
IEEE ICC 2009, Dresden
A worked Example with Kerberos
Session Authorization Object Format
0 7 8 15 16 23 24
Object Length
Length
Type = AUTH_SESSION1 0 0 0 00 0 0
31
AUTH_ENT_ID KRB_PRINCIPAL
OctetString (The principal@realm name)
Length AUTH_DATA zero
OctetString (Key identifier, Resource ticket)
Length START_TIME NTP_TIME_STAMP
NTP time stamp (1)
NTP time stamp (2)
Length SOURCE_ADDR IPV4_ADDRESS
IPv4 Source Address
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
17
IEEE ICC 2009, Dresden
HMAC-based Protection
Use Message Authentication Code to protect parts of NSLP message
New attribute contains list of protected NSLP objectsReceiver computes hash over these objects and all attributes of authorization object
Allow for “crypto agility”Specify identifier for used hash function
Actually used key referenced by 32 bit key IDSign every message but don’t change key for every transaction or flow
Distribution of shared symmetric key requiredE.g. by using Kerberos
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
18
IEEE ICC 2009, Dresden
TLS
UDPUDP TCPTCP SCTPSCTP DCCPDCCP
IPsec
IPv4/IPv6IPv4/IPv6
SignalingApplication 1
(QoS)
SignalingApplication 1
(QoS)
Signaling Application 2
(NAT FW)
Signaling Application 2
(NAT FW)
NSISSignaling Layer(NSLP)
NSISTransportLayer(NTLP)
General Internet Signalling Transport (GIST)
General Internet Signalling Transport (GIST)
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
19
IEEE ICC 2009, Dresden
Length X-Type=NSLP_OBJ_LIST
SubType=zero
Number of signed NSLP objects=n
NSLP signed object (n) padding (if required)
reserved NSLP signed object (1)
reserved
0 7 8 15 16 23 24 31
R. Bless, M. Röhricht Institut für TelematikUniversität Karlsruhe (TH)
www.tm.uka.de
20
IEEE ICC 2009, Dresden
Kerberos based Example
Subsequent Session Authorizations
TGSTGS
1. NSLP message withSession Authorization Object A1. NSLP message withSession Authorization Object A
2. Verifies Session Authorization Object A 2. Verifies Session Authorization Object A
List of Signed NSLP Objects
Hash-Alg-ID, Key-ID for Sk
HMAC(Sk, Data)
QoS NSLP objects
A
GIST objects
not included into HMAC
included into HMAC
NSLPInitiatorNSLP
Initiator
NSLPEntityNSLPEntity
Signature Data