Internet DRAFT - draft-aravind-isis-confidentiality-data
draft-aravind-isis-confidentiality-data
Working Group Aravind Prasad Sridharan
Internet-Draft DELL
Intended Status: Standards Track November 12, 2014
Expires: May 16, 2015
Data Confidentiality in IS-IS
draft-aravind-isis-confidentiality-data-00
Abstract
This document specifies the mechanism to provide data confidentiality
for Intermediate System to Intermediate System (IS-IS) Link State
PDUs (LSPs) and avoid possible replay attacks.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on May 16, 2015
Copyright and License Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Aravind Prasad Sridharan Expires May 16, 2015 [Page 1]
�
INTERNET DRAFT Data Confidentiality in IS-IS November 12, 2014
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Fields for Encryption . . . . . . . . . . . . . . . . . . . . . 3
3. Implementation and Backward Compatibility . . . . . . . . . . . 3
4. Other considerations . . . . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 4
7.1 Normative References . . . . . . . . . . . . . . . . . . . 4
7.2 Informative References . . . . . . . . . . . . . . . . . . 4
8. Authors' Address . . . . . . . . . . . . . . . . . . . . . . . 5
1 Introduction
Currently, ISIS doesn't have any mechanism that provides
confidentiality for its data sent across the network. Authentication
mechanisms can only authenticate routers and cannot avoid replay
attacks. Further checksums and Authentications in LSPs don't include
"Remaining Lifetime field" in its calculations and hence, are prone
to replay attacks that can exploit this behavior (Lifetime field
could be modified and replayed). Hence, it is possible for an
attacker to snoop the ISIS packets and replay it with modifications
to affect the overall functioning of the protocol in the network.
The IETF Draft ([I-D.chunduri-isis-extended-sequence-no-tlv])
proposes the use of optional sequence number TLVs. Although it
provides a way to counter replay attacks, no mechanism is available
to maintain the data confidentiality of the packets.
Hence, its possible for the intruders to initiate LSPs with zero
"Remaining Lifetime field" and thereby causing the LSPs to purge in
the network. The Target Router may retransmit the LSP with higher
sequence numbers but this could again be compromised by the attacker.
This continuous LSP re-transmissions and purges could cause flood the
network creating a havoc and may also cause the sequence number of
all the LSPs to increase fast. If the sequence number increases to
the maximum (0xFFFFFFFF), the IS-IS process must shut down for around
20 minutes (the product of MaxAge +ZeroAgeLifetime) to allow the old
LSPs to age out of all the router databases.
Aravind Prasad Sridharan Expires May 16, 2015 [Page 2]
�
INTERNET DRAFT Data Confidentiality in IS-IS November 12, 2014
1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2 Fields for Encryption
The "Remaining Life Time" field is generally not included in the
Checksum calculations and Authentications and hence remains the most
vulnerable field in LSP packet. Any changes made to the rest of the
packet can be identified during evaluation at receiving systems.
Proposal is to encrypt the key parameters in ISIS packets so as to
increase the confidentiality of data exchanged. Practically, the
entire PDU could be encrypted. But the most important part here is to
maintain the confidentiality and also reduce the processing overload
as much as possible at the Intermediate Systems. Since sequence
numbers play a major role in finding out duplicate packets, it is
more logical to encrypt the sequence numbers in the packets. Hence
this reduces the probability of intruder to easily deduce the overall
flow of packets.
Hence the combination of proposed data confidentiality mechanism with
Authentications will help to improve the overall security of data
exchanged in network.
3 Implementation and Backward Compatibility
For maintaining backward compatibility of legacy systems, the use of
proposed sequence Number TLVs ([I-D. chunduri-isis-extended-sequence-
no-tlv]) could be more useful since only the systems implementing
this mechanism may process this TLV and other systems may neglect it
thereby maintaining backward compatibility with legacy systems and
help in easier deployment. Encryption could be carried out for the
Packet Sequence Number (PSN) alone or for the Extended Session
Sequence Number (ESSN) too (as referred in the [I-D. chunduri-isis-
extended-sequence-no-tlv]).
4 Other considerations
The keying mechanisms to be followed is out of scope for this draft
and implementation specific. The focus of this draft is only to
introduce a way to maintain the data confidentiality in ISIS LSPs and
avoid possible replay attacks.
Aravind Prasad Sridharan Expires May 16, 2015 [Page 3]
�
INTERNET DRAFT Data Confidentiality in IS-IS November 12, 2014
5 Security Considerations
This document does not introduce any new security concerns to IS-IS
or any other specifications referenced in this document.
6 IANA Considerations
No IANA actions required.
7 References
7.1 Normative References
[ISO-10589] ISO, "Intermediate System to Intermediate System
intra-domain routing information exchange protocol for
use in conjunction with the protocol for providing the
connectionless-mode network service (ISO 8473)",
International Standard 10589:2002, Second Edition, 2002.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
7.2 Informative References
[I-D.ietf-karp-isis-analysis]
Chunduri, U., Tian, A., and W. Lu, "KARP IS-IS security
analysis", draft-ietf-karp-isis-analysis-03 (work in
progress), February 2014.
[RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
and M. Fanto, "IS-IS Generic Cryptographic
Authentication", February 2009.
[RFC6518] Lebovitz, G. and M. Bhatia, "Keying and Authentication
for Routing Protocols (KARP) Design Guidelines",
February 2012.
[DoS] Voydock, V. and S. Kent, "Security Mechanisms in
High-level Networks", ACM Computing Surveys Vol. 15,
No. 2, June 1983.
[Dobb96a] Dobbertin, H., "Cryptanalysis of MD5 Compress",
EuroCrypt Rump Session 1996, May 1996.
[I-D.chunduri-isis-extended-sequence-no-tlv]
Chunduri, U., Tian, A., and Shen, "IS-IS Extended
Sequence number TLV", draft-chunduri-isis-extended-
sequence-no-tlv-04 (work in progress), July 4, 2014.
Aravind Prasad Sridharan Expires May 16, 2015 [Page 4]
�
INTERNET DRAFT Data Confidentiality in IS-IS November 12, 2014
8 Authors' Address
Aravind Prasad Sridharan
DELL
Olympia Technology Park
Guindy, Chennai 600032
India
Phone: +91 44 4220 8658
Email: aravind_sridharan@dell.com
Aravind Prasad Sridharan Expires May 16, 2015 [Page 5]
