Time Synchronization Security using IPsec and MACsecboaz/inetsem/mizrahi.pdf · Time...
Transcript of Time Synchronization Security using IPsec and MACsecboaz/inetsem/mizrahi.pdf · Time...
Time Synchronization Security
using IPsec and MACsec
Appeared in ISPCS 2011
Tal Mizrahi
Israel Networking Seminar
May 2012
Time Synchronization Security
• Time synchronization is used for various applications.
• Securing the time protocol is a must for securing the applications
that use it.
• IEEE 1588 standard: Precision Time Protocol (PTP).
• IEEE 1588 is challenging to secure:
– A large number of nodes involved in the protocol.
– Hop-by-hop data modification.
• IEEE 1588 - Annex K: experimental security appendix.
2 Time Synchronization Security using IPsec and MACsec
Agenda
• Brief overview of IPsec, MACsec, and Annex K.
• The IPsec and MACsec scenarios.
• Attacker types.
• Effectiveness of each attacker in the IPsec and MACsec
scenarios, Annex K.
• Summary and comparison.
• Conclusion.
3 Time Synchronization Security using IPsec and MACsec
IPsec
• A suite of security protocols defined by the IETF (RFC 4301 –
architecture).
• Two main functions:
– Integrity protection using Authentication Header (AH).
– Confidentiality using Encapsulating Security Payload (ESP).
• Both functions support:
– Integrity protection using Integrity Check Value (ICV).
– Replay protection using Sequence Number.
• Both functions support:
– Tunnel mode.
– Transport mode.
• IPsec AH encapsulation.
4
Next Header1B
Payload Len1B
Reserved2B
Security Parameters Index (SPI)4B
Sequence Number Field4B
Integrity Check Value – ICV (variable length)
IPv4 Header
Ethernet Header
IP Header (tunnel mode)
IP Payload
Ethernet FCS4B
Protected
by ICV
Partly
Protected
by ICV
Time Synchronization Security using IPsec and MACsec
Time Synchronization Security using IPsec and MACsec
MACsec
• IEEE 802.1AE – MAC security protocol.
• IEEE 802.1X – authentication, key exchange.
• Supports both encrypted and non-encrypted mode.
• Integrity protection using Integrity Check Value (ICV).
– L2 header protected by ICV.
• Replay protection using Sequence Number.
• MACsec encrypted packet.
5
MACsec Ethertype2B
MACsec Header6B / 14B
MAC SA
MAC DA
Ethernet Payload
Ethernet FCS4B
Pro
tecte
d
by IC
V
En
cry
pte
d
Integrity Check Value – ICV 16B
Ethertype2B
IEEE 1588 Annex K
• Experimental annex in IEEE 1588-2008 (v2).
• Provides data integrity using symmetric key scheme.
• Authentication TLV includes:
– Integrity Check Value (ICV).
– Replay protection using replayCounter.
• Annex K authenticated packet.
6
PTP Header
PTP Payload
Authentication TLV
IPv4/IPv6 + UDP Headers (optional)
Ethernet Header
Ethernet FCS4B
Protected
by ICV
Time Synchronization Security using IPsec and MACsec
PTP Security – the IPsec Scenario
• Can be used when PTP is transported over an IP network.
• Network-to-network configuration.
• IPsec can be used in encrypted (ESP) or authenticated (AH) mode.
• Either dedicated tunnel for time sync, or single tunnel for all traffic.
• Typical example: Femtocells in 3GPP.
7
Operator
Network
Master
ClockSecurity
GW
Public
Network
Security
GW
IPsec TunnelSlave
Customer
Network
Time Synchronization Security using IPsec and MACsec
PTP Security – the MACsec Scenario
• Can be used in L2 networks.
• Either with/without encryption.
• All data is secured on a hop-by-hop basis.
• Typical example: Audio and Video Bridging (AVB).
8
L2
Network
L2 Bridge
MACsec TunnelMACsec Tunnel Master
ClockSlave
Time Synchronization Security using IPsec and MACsec
Typical Attackers
• Mary – internal man-in-the-middle (MITM).
• Jeanie – internal injector.
• Emma – external MITM.
• Enya – external injector.
9
Master
ClockSecurity
GW
Enya
Security
GW
Trusted
Network
Secure TunnelSecure Tunnel
Security
GWSecure Tunnel
Security
GW
Trusted
Network
Emma Mary (2)
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
Time Synchronization Security using IPsec and MACsec
Enya – WHAT can Enya do?
10
Master
ClockSecurity
GW
Enya
Security
GW
Trusted
Network
Secure TunnelSecure Tunnel
Security
GWSecure Tunnel
Security
GW
Trusted
Network
Emma Mary (2)
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
• Cryptographic Performance Attack.
• L2/L3 DoS attacks. M
AC
sec
IPse
c
15
88
An
nex K
• • •
• •
Time Synchronization Security using IPsec and MACsec
Emma – WHAT can Emma do?
11
Master
ClockSecurity
GW
Enya
Security
GW
Trusted
Network
Secure TunnelSecure Tunnel
Security
GWSecure Tunnel
Security
GW
Trusted
Network
Emma Mary (2)
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
• Packet Interception and Removal.
• Packet Delay Manipulation.
• Cryptographic Performance Attack.
• L2/L3 DoS attacks.
MA
Cs
ec
IPse
c
15
88
An
nex K
• • •
• • •
• • •
• •
Time Synchronization Security using IPsec and MACsec
Jeanie – WHAT can Jeanie do?
12
Master
ClockSecurity
GW
Enya
Security
GW
Trusted
Network
Secure TunnelSecure Tunnel
Security
GWSecure Tunnel
Security
GW
Trusted
Network
Emma Mary (2)
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
• Spoofing.
• Replay Attack.
• Rogue Master Attack.
• L2/L3 DoS attacks.
• Spoofing.
• Replay.
• Rogue Master Attack.
• L2/L3 DoS attacks.
Time Synchronization Security using IPsec and MACsec
Jeanie (1) – WHERE can Jeanie be found?
13
Secure TunnelSecure Tunnel
Secure TunnelSlave 2
Master
ClockSecurity
GW
Security
GW
Trusted
Network
Secure Tunnel
Security
GW
Trusted
Network
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
Master
Clock
Slave 1
IPsec Tunnel
Jeanie (2)
• Jeanie 1 is relevant
specifically in the IPsec
scenario.
• Network-to-network scheme.
IPsec scenario.
MACsec scenario /
Annex K
Time Synchronization Security using IPsec and MACsec
Mary – WHAT can Mary do?
14
Master
ClockSecurity
GW
Enya
Security
GW
Trusted
Network
Secure TunnelSecure Tunnel
Security
GWSecure Tunnel
Security
GW
Trusted
Network
Emma Mary (2)
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
• Packet Interception and Manipulation.
• Packet Delay Manipulation.
• Packet Interception and Removal.
• Spoofing.
• Replay.
• Rogue Master Attack.
• L2/L3 DoS attacks. Time Synchronization Security using IPsec and MACsec
Mary – WHERE can Mary be found?
15
Secure TunnelSecure Tunnel
Secure Tunnel
Mary (2)
Slave 2
Master
ClockSecurity
GW
Security
GW
Trusted
Network
Secure Tunnel
Security
GW
Trusted
Network
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Slave 2
Master
Clock
Slave 1
IPsec Tunnel• Mary 1 is relevant specifically
in the IPsec scenario.
• Network-to-network scheme.
• Mary 2 is relevant specifically
in the MACsec scenario.
• Hop-by-hop scheme.
IPsec scenario.
MACsec scenario /
Annex K Time Synchronization Security using IPsec and MACsec
Time Synchronization Security using IPsec and MACsec
Master
ClockSecurity
GW
Enya
Security
GW
Secure TunnelSecure Tunnel
Security
GWSecure Tunnel
Security
GW
Emma Mary (2)
Jeanie (2)
Jeanie (1)
Mary (1)Slave 1
Analysis Summary
16
MACsec Scenario IPsec
Scenario
IEEE 1588 Annex
K
Ch
ara
cte
ris
tic
s
Network L2
typically LAN
L3
typically public
network
Any
Security approach Hop-by-hop Network-to-network Hop-by-hop
Accuracy +
(TCs/BCs)
~
(no TCs/BCs)
+
(TCs/BCs)
Th
rea
ts
L2/L3 DoS Attack Prevention + - -
Internal attackers in the
“trusted network”
(Jeanie 1, Mary 1)
+ - +
Internal MITM attacks in
intermediate nodes (Mary 2) - + -
Conclusion
• IPsec and MACsec are used in different topologies and
scenarios.
• Two complementary building blocks for securing time
synchronization.
• Intermediate solutions in the absence of a standard security
solution for PTP.
• Hybrid solutions can be used in certain topologies.
17
Hybrid
Security
GWPublic
Network
Security
GW
IPsec Tunnel
Master
Clock
L2
Network
MACsec Tunnel
Slave
Time Synchronization Security using IPsec and MACsec