Title: A CGA based Source Address Authorization and Authentication (CSA) for First Layer-3 Hop
1A CGA based Source Address Authorization and
Authentication (CSA) for First Layer-3 Hop
- IETF 72 Meeting, Dublin
- July 28, 2008
- SAVI Working Group
- Jun Bi ltjunbi_at_cernet.edu.cngt
- Jianping Wultjianping_at_cernet.edu.cngt
- Guang Yao ltyaog_at_netarchlab.tsinghua.edu.cngt
2Basic Ideas
- Phase 1 Address Authorization
- Host-granularity checking based on the knowledge
of address assignment (to adapt all address
allocation ways) - Host Identifier (CGA Identifier) without PKI
- Binding Host Identifier and address at the first
Layer-3 hop (not binding port/MAC/IP, in case
there is no one-one mapping between the port and
host e.g. a hub uplinks to an Ethernet switch
port and downlinks multiple hosts) - Secure Shared Secret Exchange (Signature Seed
used in Authentication phase between the host and
router, to transfer the ID/Address binding to a
more lightweight Address/Signature binding) - Phase 2 Address Authentication
- Light-weight signature generation
- Light-weight signature adding and removal
- Light-weight signature verification
3Overview of Procedure
- Phase1 Address Authorization (5 steps)
(4) Check whether identifier H can use the
required address A
(2) An identifier is used to show the applicant
is H
(5) Return a signature seed for future
authentication
(1) Prepare an address A
(3) Im H and I require to use address A
4Overview of Procedure
- Phase2 Address Authentication
Check Signature and Remove it
Add Signature
Generate Signature based on signature seed
5Phase1 Address Authorization
- Step 1 Address Preparation
- The Node gets an address through the appointed
address assignment mechanism - Host in IPv4 Manual Configuration, DHCP
- Host in IPv6 DHCP, Stateless Auto-configuration
(SAC), Manual Configuration, Cryptographically
Generated Address (CGA), Privacy
6Address Authorization
- Step 2 Identifier Generation
- Node generates a secure identifier
- For anonymity address owner (DHCP,SCA,CGA,Privacy)
, identifier hash(Public Key) Described in
CGA - For any address allocation mechanism involving
manual configuration, - identifier hash(Public Key Shared Secret ).
- The Shared Secret is a bit string allocated to
the node with address by network administrator.
7Address Authorization
- Step 3 Address Authorization Request
- Nodes send a request
- packet to the first L3 hop
- Currently designed as
- an ICMP packet, to be
- designed as SEND extension
- Source address is the address
- prepared in step 1
- The CGA option and
- RSA signature option are
- the same as described in
- SEND
8Address Authorization
- Step 4 First L3 Hop Authorizing Address
- Router checks whether the request node has the
right to use the address. - The knowledge is based on address allocation
mechanism. - Manual Configuration Re-compute the identifier
using the shared secret of the address owner. - SAC/Privacy/CGA The address has not been
registered by another node. In CGA case, the
request address must be a correct CGA address
computed on the public key. - DHCP The identifier in the request packet must
be the one which had been used to apply
address/prefix from DHCP server/router. See next
page
9Address Allocation in DHCP Case
Record the CGA identifier
Source address set to the CGA identifier
Snoop and record address allocated. Bind the
identifier /assigned address.
DHCP Solicitation
10Address Authorization
- Step 5 Signature Seed Assignment
- The router returns a bit string named signature
seed to the host, encrypted by the hosts public
key that was carried in the authorization request
packet. - Node decrypts the signature seed and will use
it in the Phase 2.
11Phase 2 Address Authentication
- Signature Generation (All based on the shared
secret signature seed) - HMAC
- Pseudo Random Number (Preference)
- Signature sequence, hard to guess and replay
- Using the sliding window to handle the packet
re-order (not a big deal in local subnet) - Signature Adding (3 choices to implement)
- IPSEC Authentication Header
- A new option header (e.g. Hop-by-hop)
- Address Rewrite (The signature is used as local
address, the router rewrite with the authorized
address for outside world, to save the cost of
memory copy and locating the extension header) - Signature Verification (matching the random
number)
12Phase 2 Address Authentication
- Consideration
- Authentication based on signature always costs
much. - Reduce the cost of
- Signature generation (random number sequence)
- Signature adding and signature removal (by
reducing the overhead) - Signature verification (by matching a number)
- to be close to the cost of routing table lookup.
13Compliant to SAVI Charter
- Charter compliant
- All address allocation methods
- Special cases
- Static address
- Multiple IP addresses on one interface (meet
because it doesnt rely on L1/L2 info.) - Multiple link layer addresses on one interface
- Multiple interfaces to the same link
- Node changes port
- Node is router, NAT, switch
- SEND
- Anycast address
- Charter none-compliant
- Host Change
- The address authorization can be designed as the
extension of SEND - Actually, host change might be always required
in the case if there is no strict one-one mapping
between switch port and host (L1/L2/L3 strict
mapping).
14Applicability and benefits
- Working scenario for the situation there is no
strict port/host one-one mapping (if there is
strict mapping, port/MAC/IP binding is more
efficient). - Economy do not need to replace/update all ports
in a network to L3-aware switches (which might be
more expensive) - Flexibility works in networks without port based
switches, e.g., wireless LAN - The Linux prototype is being tested in Tsinghua
testbed - Expect a larger scale testing by real users in
the real campus network (net a testbed) in
Tsinghua
15Acknowledgements
- The author gratefully acknowledges the
contributions of Fred Baker, Jari Arkko,
Christian Vogt, Pekka Savola, Lixia Zhang, Mark
Williams, Paul Ferguson, et.al., to this draft or
a previous version draft-bi-sava-solution-ipv6-edg
e-network-signature-00
16 17Traditional Signature Mechanism
Send Process
Receive Process
Packet
Packet
Packet
Packet
Packet
Locate the option header
Locate
add
Remove
Signature
Signature
Packet
Packet
18Address Rewrite
- Escape the memory copy and option header
location, more efficent
Send Process
Receive Process
Packet
Change the source address field to be the
signature
Packet
Packet
Rewrite the source address field to the source
address
Mapping table from signature to address