Internet DRAFT - draft-atwood-pim-gsam
draft-atwood-pim-gsam
PIM W. Atwood
Internet-Draft B. Li
Intended status: Standards Track Concordia University/CSE
Expires: January 22, 2015 July 21, 2014
Group Security Association Management Protocol
draft-atwood-pim-gsam-00
Abstract
This document specifies a Group Security Association Management
(GSAM) protocol, which manages the IPsec Group Security Associations
that are used to protect some packets of Secure IGMP (SIGMP) and
Secure MLD (SMLD). In GSAM, one router is elected as the group
controller / key server to create group security associations for all
the interesting secure groups and distribute them to authorized users
and other routers.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 22, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Atwood & Li Expires January 22, 2015 [Page 1]
�
Internet-Draft GSAM July 2014
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Assumption . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. GSAM Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Phase 1: Registration . . . . . . . . . . . . . . . . . . . . 4
4.1. Message Exchanges . . . . . . . . . . . . . . . . . . . . 5
4.1.1. GSAM_INIT Exchange . . . . . . . . . . . . . . . . . 5
4.1.2. GSAM_AUTH Exchange . . . . . . . . . . . . . . . . . 5
4.2. EU Operations . . . . . . . . . . . . . . . . . . . . . . 6
4.3. Non-Querier Operations . . . . . . . . . . . . . . . . . 7
4.4. Querier Operations . . . . . . . . . . . . . . . . . . . 8
5. Phase 2: GSA Distribution . . . . . . . . . . . . . . . . . . 9
5.1. Message Exchanges . . . . . . . . . . . . . . . . . . . . 9
5.1.1. GSAM_PUSH Exchange . . . . . . . . . . . . . . . . . 9
5.1.2. GSAM_RE_DISTRIBUTION Exchange . . . . . . . . . . . . 10
5.2. Querier Operations . . . . . . . . . . . . . . . . . . . 11
5.3. GM Operations . . . . . . . . . . . . . . . . . . . . . . 12
6. Handover of Q . . . . . . . . . . . . . . . . . . . . . . . . 13
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
8.1. Normative References . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction
This document specifies a Group Security Association Management
(GSAM) protocol, which manages the IPsec Group Security Associations
(GSAs) that are used to protect some packets of Secure IGMP (SIGMP)
[I-D.atwood-pim-sigmp]and Secure MLD (SMLD) (not yet issued). GSAM
is implemented in the multicast enabled segment. The Querier on this
segment is responsible for distributing GSAs to all the authorized
users and other routers. Negotiation of certain parameters of the
GSA may be triggered if necessary.
GSAM is similar to GDOI [RFC6407] and g-ikev2 [I-D.yeung-g-ikev2],
although it is different from these protocols in important ways.
First, GDOI and g-ikev2 deliver only the necessary keys for IPsec,
while all the parameters of the GSAs of the IPsec system are
distributed in GSAM. The GSAs include not only keys, but also
security parameter indexes (SPIs) of the IPsec system [RFC4301].
Second, there is a super group, 224.0.0.22 in IPv4 system or
FF02:0:0:0:0:0:0:16 in IPv6 system, in GSAM. All the group members
Atwood & Li Expires January 22, 2015 [Page 2]
�
Internet-Draft GSAM July 2014
registered in the super group are also registered in all other active
groups on this network segment. Third, GSAM is a link-local protocol
while GDOI and g-ikev2 are group domain protocols. In GSAM, the TTL
of all the messages is equal to 1.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC2119].
In addition, the following terms are used in this document
Querier (Q):
A Querier is an edge router that has won in the querier election in
SIGMP or SMLD. In GSAM, it takes the role of group controller /
key server (GCKS).
Non-Querier (NQ):
A Non-Querier is an edge router that has lost in the querier
election in SIGMP or SMLD.
Group Member (GM):
Group Member is an end user or an edge router that has registered
in Q.
Secure Group Table (SGT):
Secure Group Table is a table in Q that records the secure groups
and the GMs in the secure groups. It consists of two fields:
multicast address (MA) and group member set (GMS). MA is an index
of SGT and its value is a secure multicast group address. GMS
contains the unicast addresses of GMs in a group identified by the
value of MA. The initial SGT only has one record whose MA field is
224.0.0.22 in IPv4 system or FF02:0:0:0:0:0:0:16 in IPv6 system and
whose GMS field is empty.
GSAM_TEK_SA:
GSAM_TEK_SA is a pair of GSAs, including GSA_q and GSA_r. GSA_q is
a GSA of IPsec system used to protect a secure group query in SIGMP
or SMLD. GSA_r is a GSA of IPsec system used to protect the secure
group report in SIGMP or SMLD.
GSAM_KEK_SA:
Atwood & Li Expires January 22, 2015 [Page 3]
�
Internet-Draft GSAM July 2014
GSAM_KEK_SA is a pair of SAs, including KEK_USA and KEK_GSA.
KEK_USA is a unicast SA whose direction is from a GM to Q. It is
used to protect the messages in Phase 2 sent by GMs. KEK_GSA is a
GSA whose direction is from Q to a secure group. It is used to
protect the messages in Phase 2 sent by Q.
2. Assumption
The protocol GSAM is based on two assumptions as follows:
The end users have been authenticated and authorized at the
application layer. The authorized EU and its Q have shared the
same secret key, call MSSK, as a pre-shared key. The details of
how to authenticate and authorize users is not specified in this
document. It is implemented based on PANA [RFC5191] as shown in
draft-atwood-mboned-mrac-pana (not yet issued).
Instead of IGMP or MLD, SIGMP or SMLD is used by users (or routers)
to report (or learn) IP multicast group memberships to neighboring
multicast routers (or from the users that are only one IP hop away)
in an IPv4 network or an IPv6 network.
3. GSAM Overview
GSAM is a protocol that manages group security associations (GSAs) of
the IPsec system used to protect some packets of SIGMP or SMLD. The
network entities mentioned in GSAM are the same as those in SIGMP or
SMLD, including edge routers (ERs) and end users (EUs). In GSAM, an
ER (called Querier) plays the role of GCKS. It accepts the
registration from EUs and NQs and grants them the status of GMs in
secure groups. It creates or updates GSAs of IPsec system for secure
groups and distributes them to all GMs in the secure group.
Security parameter index (SPI) as a parameter of GSAs must be paid
specific attention. Different from a unicast SA that is used by only
one receiver, a GSA is shared by multiple receivers. As a result,
instead of one receiver to determine the SPI value, all the GMs in
the same secure group should negotiate the SPI value together in
order to avoid SPI collisions at GMs. In GSAM, Q suggests SPI values
first. If any GM rejects the offered suggestion, a negotiation will
be triggered to determine suitable SPI values.
4. Phase 1: Registration
In Phase 1, both NQs and EUs should register themselves in Q in order
to become GMs in a group. A pair of SAs, named GSAM_KEK_SA is
distributed to GMs.
Atwood & Li Expires January 22, 2015 [Page 4]
�
Internet-Draft GSAM July 2014
4.1. Message Exchanges
The registration involves two message exchanges: GSAM_INIT exchange
and GSAM_AUTH exchange. An EU / NQ performs GSAM_INIT exchange only
once as long as no new Q is elected in SIGMP or SMLD. However, an EU
may perform a GSAM_AUTH exchange many times. The number of GSAM_AUTH
exchanges for an EU is equal to the number of secure groups that an
EU is authorized to join at the application layer.
4.1.1. GSAM_INIT Exchange
GSAM_INIT exchange is identical to IKE_SA_INIT of IKE v2 defined in
[RFC5996]. An EU / NQ takes the role of an initiator and Q takes the
role of a responder.
4.1.2. GSAM_AUTH Exchange
GSAM_AUTH exchange as shown in Figure 1 is similar to IKE_AUTH of IKE
v2. In this exchange, an EU / NQ and Q mutual authenticate for a
secure group. However, instead of being negotiated between two peers
as in IKE v2, an SA pair, named GSAM_KEK_SA, is downloaded from Q to
an EU / NQ.
EU / NQ -> Q: HDR, SK{ IDg, IDh, AUTH }
Q -> EU / NQ: HDR, SK{ IDg, SA, KD, AUTH}
Figure 1: GSAM_AUTH Exchange
HDR is a header payload whose format is identical to that in IKE v2.
The notation SK { ... } indicates that all the payloads in "{}" are
encrypted and integrity protected using an SA, called GSAM_INIT_SA,
which is negotiated in the GSAM_INIT Exchange. The message exchange
is explained as follows:
In the first message, an EU / NQ asserts its identification and the
identification of a secure group (i.e., for an EU, it is the group
that an EU requests to join in SIGMP or SMLD; for an NQ, it is the
group 224.0.0.22 in IPv4 system or FF02:0:0:0:0:0:0:16 in IPv6
system listened to by all ERs) in the payload of IDh and IDg
respectively. Moreover, an EU / NQ also declares a message
authentication code (MAC) or its signature in the AUTH payload.
The AUTH payload is used by the message receiver (Q) to
authenticate the two identifications in IDh and IDg and to protect
the integrity of the first message in the GSAM_INIT exchange.
In the second message, Q asserts its identification in payload IDq
and distributes an SA pair, called GSAM_KEK_SA, (and more KEK_GSAs
Atwood & Li Expires January 22, 2015 [Page 5]
�
Internet-Draft GSAM July 2014
sometimes) in payloads SA and KD. Moreover, Q also declares a MAC
or its signature in AUTH payload. The AUTH payload is used by the
message receiver (an EU / NQ) to authenticate the identification in
payload IDq and protect the integrity of the second message in the
GSAM_INIT exchange.
4.2. EU Operations
An EU initiates a GSAM_INIT exchange when an EU requests GSAs to
secure SIGMP packets or SMLD packets for the first time or when an EU
discovers a new Q. The EU operations in a GSAM_INIT exchange are
identical to the initiator operations in the IKE_SA_INIT exchange of
IKE v2.
After the GSAM_INIT exchange, a new security association, named
GSAM_INIT_SA, has been negotiated. It will be used to protect the
GSAM_AUTH exchange and achieve private communication between an EU
and Q. Moreover, GSAM_INIT_SA will be maintained as a long-term
security association. No new GSAM_INIT exchange between an EU and Q
will be required for the subsequent request for GSAs as long as an EU
does not discover a new Q.
An EU initiates a GSAM_AUTH exchange when a request for GSAs is
received from SIGMP and GSAM_INIT_SA has been negotiated between an
EU and Q. An EU must use the pre-shared key authentication method to
finish the registration in the GSAM_AUTH exchange.
An EU calculates a MAC and encapsulates it in the AUTH payload of the
first message of GSAM_AUTH. The calculation of the MAC is the same
as that in IKE v2. The secret key used in the MAC is the MSSK for
the secure group calculated at the network layer. It has been
independently derived by the EU and the Q as a pre-shared key when an
EU has been authorized to join in the secure group at the application
layer.
Upon receiving the second message of GSAM_AUTH, an EU verifies the
value in the received AUTH payload using the MSSK to authenticate Q.
If verification fails, the EU will discard the received message.
Otherwise, verification succeeds and the EU will accept the
GSAM_KEK_SA specified in the SA and KD payloads. Moreover, an EU
marks itself as a GM in the requested secure group. The EU updates
its local GSPD [RFC5374] as shown in Table 1. G_IP is the IP address
of the group identified in the IDg payload. Q_IP and H_IP are the IP
addresses of the Q and the EU. The updated records in the GSPD
indicate that the SIGMP/SMLD packets that are sent from a GM / Q to
the group that a GM wants to join must be protected by IPsec.
Atwood & Li Expires January 22, 2015 [Page 6]
�
Internet-Draft GSAM July 2014
+-------------------+---------------+----------------+--------------+
| Destination | Source | Protocol | Action |
| address | address | number | |
+-------------------+---------------+----------------+--------------+
| G_IP | Q_IP | SIGMP(2) | IPsec |
| | | | protect |
| G_IP | H_IP | SIGMP(2) | IPsec |
| | | | protect |
| G_IP | * | SIGMP(2) | Discard |
| G_IP | * | * | Bypass |
+-------------------+---------------+----------------+--------------+
Table 1: Updated Records in local GSPD
Finally, the EU must update the SAD, to record the SA paremeters that
have been given to it.
4.3. Non-Querier Operations
An NQ initiates a GSAM_INIT exchange when an ER has just lost in the
querier election for SIGMP/SMLD and has become an NQ. NQ operations
in the GSAM_INIT exchange are identical to the initiator operations
in IKE_SA_INIT of IKE v2.
After the GSAM_INIT exchange, GSAM_INIT_SA has been negotiated. It
will be used to protect the GSAM_AUTH exchange and achieve private
communication between an NQ and Q. Moreover, the GSAM_INIT_SA will
be maintained as a long-term security association. No new GSAM_INIT
exchange between an NQ and Q is necessary as long as an NQ does not
discover a new Q.
An NQ initiates a GSAM_AUTH exchange when an ER where an NQ is
located has just lost in a querier election in SIGMP / SMLD and a
GSAM_INIT_SA has been negotiated between an NQ and Q. An NQ could
use any authentication method configured by the network administrator
to finish registration in GSAM_AUTH.
An NQ calculates a MAC or a signature according to the assigned
authentication method and encapsulates it into the AUTH payload of
the first message. Here the authentication method depends on the
configuration of the network administrator.
Upon receiving the second message of GSAM_AUTH, an NQ verifies the
value in the received AUTH payload to authenticate Q using the
assigned method. If verification fails, an NQ will discard the
received message. Otherwise, verification succeeds and an NQ will
accept the GSAM_KEK_SA (and more KEK_GSAs if existing) specified in
the SA and KD payloads. Moreover, an NQ marks itself as a GM in the
Atwood & Li Expires January 22, 2015 [Page 7]
�
Internet-Draft GSAM July 2014
group 224.0.0.22 for IPv4 system or FF02:0:0:0:0:0:0:16 for IPv6
system (and also a GM in all the groups mentioned in KEK_GSAs). If
additional KEK_GSAs are specified in SA and KD payloads, NQ also
updates its local GSPD as shown in Table 1 and G_IP indicates all the
IP addresses of the groups mentioned in additional KEK_GSAs.
4.4. Querier Operations
Q operations in the GSAM_INIT exchange are identical to the responder
operations in IKE_SA_INIT of IKE v2.
Upon receiving the first message of GSAM_AUTH exchange, Q parses the
payload of IDg. If IDg identifies a super group (224.0.0.22 for IPv4
system or FF02:0:0:0:0:0:0:16 for IPv6 system), the sender of the
message is considered to be an NQ. Otherwise, the sender is
considered to be an EU.
If the sender is an EU, Q retrieves the pre-shared key MSSK shared
with the EU identified in the received IDh payload for a secure group
identified in the received IDg payload. Similarly, if the sender is
an NQ, Q retrieves a certification or a secret key of an NQ
identified in IDh payload. Then Q uses the retrieved key or
certification to verify the received AUTH payload. If retrieval or
verification fails, Q will discard the received message and terminate
the GSAM_AUTH exchange. Otherwise, it indicates that an EU has been
authorized to join the secure group at the application layer or an NQ
has been authorized by the network administrator in its configuration
file. In this case, Q starts the "registration" to an EU for the
secure group or an NQ for all secure groups.
The registration is based on a secure group table (SGT). For an NQ,
Q updates all the records in SGT: the source address of the received
message is added into GMS field of all the records. It means an NQ
becomes a GM in all the groups that Q is maintaining. For an EU, Q
searches its SGT to look for a record whose MA is the address of the
group identified in the received IDg payload. If the record is
found, the source address of the received message is added into GMS
of the found record. It means an EU becomes a GM in the group
identified in the received IDg payload. Otherwise, Q creates a new
record in SGT. In the new record, the value of the MA field is the
address of the group identified in the received IDg payload. The
addresses showing in the GMS field of the record indexed by
224.0.0.22 (or FF02:0:0:0:0:0:0:16) are copied into the GMS field of
the new record. Moreover, the source address of the received message
is also filled in the GMS of the new record. It means the EU and all
the registered NQs become GMs of the group identified in the received
IDg payloads. After the registration of an EU, Q updates its local
GSPD as Table 1.
Atwood & Li Expires January 22, 2015 [Page 8]
�
Internet-Draft GSAM July 2014
After registration, Q creates an SA pair, named GSAM_KEK_SA, which
consists of two SAs: 1) KEK_GSA and 2) KEK_USA. KEK_GSA is a group
security association whose direction is from Q to a secure group
identified in the received IDg payload. In detail, when the exchange
is between an EU and Q, the direction of KEK_GSA is from Q to a
secure group that an EU requests to join. When the exchange is
between an NQ and Q, the direction is from Q to the group 224.0.0.22
or FF02:0:0:0:0:0:0:16. It is used to protect the messages in Phase
2 sent by Q. KEK_USA is a unicast security association whose
direction is from the new GM (an EU/NQ) to Q. It is used to protect
the message in Phase 2 sent by GMs.
Moreover, Q also calculates a new MAC or a signature according to the
negotiated authentication method. If the exchange is between an EU
and Q, the authentication method must be pre-shared key. Q uses the
retrieved MSSK as the secret key to calculate a MAC value. If the
exchange is between an NQ and Q, the authentication method depends on
the network configuration of an NQ. Q may calculate a MAC or a
signature for NQ.
After that, Q sends to an EU / NQ the second message as a response.
In the response to an EU, SA and KD payloads specify the newly
created GSAM_KEK_SA. In the response to an NQ, SA and KD payloads
specified not only the newly created GSAM_KEK_SA, but also all other
KEK_GSAs that Q is maintaining. the AUTH payload contains the new MAC
or signature.
5. Phase 2: GSA Distribution
In Phase 2, Q suggests GSAM_TEK_SA to GMs. If any GM rejects the
suggestion due to SPI collisions, a negotiation will be required
among GMs.
5.1. Message Exchanges
There are two exchanges in GSA distribution: GSAM_PUSH and
GSAM_RE_DISTRIBUTION.
5.1.1. GSAM_PUSH Exchange
GSAM_PUSH exchange is shown in Figure 2 .
Q -> GMs: HDR, SK{ SA, KD, AUTH}
Figure 2: GSAM_PUSH Exchange
Atwood & Li Expires January 22, 2015 [Page 9]
�
Internet-Draft GSAM July 2014
In this message, Q distributes an SA pair (i.e., GSAM_TEK_SA, but
sometimes more GSAM_TEK_SAs) or an SA (i.e., KEK_GSAs) in the payload
SA and KD. Moreover, Q declares a signature in payload AUTH. The
notation SK {...} indicates that all the payloads in "{}" are
encrypted and integrity protected using a KEK_GSA.
5.1.2. GSAM_RE_DISTRIBUTION Exchange
The GSAM_RE_DISTRIBUTION exchange is triggered when any GM detects an
SPI collision and refuses to accept the GSAM_TEK_SA received in the
GSAM_PUSH message. In other words, it is just optional: there is no
GSAM_RE_DISTRIBUTION exchange if no SPI collisions are detected by
any GM. The GSAM_RE_DISTRIBUTION exchange is shown in Figure 3. All
the messages are protected by GSAM_KEK_SA. It is explained as
follows:
GM -> Q : HDR, SK{ IDg, REJ, AUTH }
Q -> GMs: HDR, SK{ S_REQ, AUTH }
GMs -> Q: HDR, SK{ SPI_LIST, AUTH }
Q -> GMs: HDR, SK{ SAtf, KDtf, AUTH }
Figure 3: GSAM_RE_DISTRIBUTION Exchange
In the first message, a GM that detects an SPI collision asserts
the identification of the secure group that is the destination
address of the rejected GSAM_TEK_GSA in payload IDg and shows its
rejection to the suggested GSAM_TEK_GSA in payload REJ. Moreover,
GM declares a MAC in payload AUTH.
Q multicasts the second message into a secure group identified by
the received IDg. In this message, Q requests a list, called
spi_list, in payload S_REQ and shows its signature in payload AUTH.
All GMs in the secure group will send the third message to respond
to the request from Q. In the third message, a GM reports its
spi_list in payload SPI_LIST and declares its MAC in the payload
AUTH.
The fourth message is the same as the GSAM_PUSH message. In the
fourth message, Q multicasts an SA pair (i.e., GSAM_TEK_SA) in
payload SA and KD and declares a signature in the AUTH payload.
However, the SPI parameter in GSAM_TEK_SA has been negotiated with
all GMs in the secure group and therefore it cannot cause any
collision.
Atwood & Li Expires January 22, 2015 [Page 10]
�
Internet-Draft GSAM July 2014
5.2. Querier Operations
When an EU is registered as the first GM of a secure group in the
segment, Q will multicast the GSAM_PUSH exchange message in two
groups in order: (1) the group 224.0.0.22 or FF02:0:0:0:0:0:0:16 and
(2) the secure group that an EU requests to join.
Q multicasts the first multicast GSAM_PUSH message into group
224.0.0.22 or FF02:0:0:0:0:0:0:16. In this message, the KEK_GSA that
is just distributed to an EU using GSAM_AUTH exchange is specified in
the payloads of SA and KD.
Q creates a new SA pair, called GSAM_TEK_SA, which consists of two
GSAs: (1) GSA_q whose direction is from Q to the secure group that an
EU (the new GM) requests to join and (2) GSA_r whose direction is
from an EU to the secure group that an EU requests to join. The
values of important parameter of SPI in GSA_q and GSA_r are suggested
ones since they are assigned by Q with no negotiation with other GMs.
After making sure that all the NQs have received the previous
GSAM_PUSH message, Q starts to multicast the other GSAM_PUSH message
into the group that the EU has requested to join. In the second
message, the payloads SA and KD specify the parameter and key
material of the new SA pair (GSAM_TEK_SA).
After that, Q starts two timers, called q-timer and r-timer
respectively. When q-timer / r-timer expires, Q will update its
local SAD [RFC5374] according to GSA_q / GSA_r. The initial value of
q-timer should be large enough to make sure all GMs have updated
their local SADs according to the distributed GSA_q.
There must be an interval between the first GSAM_PUSH message and the
second one. The interval should be large enough to make sure the
first message has been received by GMs in 224.0.0.22 or
FF02:0:0:0:0:0:0:16 before the second one is sent.
If the registered EU is not the first GM of a secure group, Q
multicasts the second GSAM_PUSH message directly without the first
message.
When an NQ is registered as a GM in all the groups, Q will directly
multicast GSAM_PUSH exchange message in the group of 224.0.0.22 for
IPv4 system or FF02:0:0:0:0:0:0:16 for IPv6 system. In this message,
GSAM_TEK_GSAs for all the groups are specified in the payloads SA and
KD. If the only group Q is maintaining is the super group, no
GSAM_PUSH exchange is needed.
Atwood & Li Expires January 22, 2015 [Page 11]
�
Internet-Draft GSAM July 2014
Upon receiving the first message of GSAM_RE_DISTRIBUTION, Q verifies
the value in the payload AUTH to authenticate a GM. If
authentication fails, Q discards the received message directly.
Otherwise, Q deletes the q_timer and r_timer if they exist. It
multicasts the second message of GSAM_RE_DISTRIBUTION to negotiate
SPI values with all the GMs in the secure group.
Upon receiving the third message, Q verifies the AUTH payload to
authenticate a GM. If authentication fails, Q discards the received
message directly. Otherwise, Q searches its local SGT and looks for
a record that is indexed by a secure group identified in the received
IDg. The GMS of the found record contains the addresses of all the
GMs in the secure group. Q compares the source addresses of the
received third messages with the values in the GMS until it has
received the third message from all the GMs in the secure group.
After that, Q starts to calculate a list, called spi_list_all, which
is a union of spi_lists received from all GMs in the secure group.
Then Q resets the values of SPI in GSAM_TEK_SA. The new SPI values
must not be in the spi_list_all to effectively avoid SPI collisions
at any GM. Then Q multicasts the fourth message of
GSAM_RE_DISTRIBUTION, whose payloads SA and KD specify the revised
GSAM_TEK_SA. Finally, Q re-starts q-timer and r-timer. When q-timer
/ r-timer expires, Q updates its local SAD according to GSA_q / GSA_r
whose SPI value has been negotiated among GMs.
5.3. GM Operations
Upon receiving the GSAM_PUSH message, a GM verifies the value in the
payload AUTH to authenticate Q. If authentication fails, a GM
discards the received message directly. Otherwise, a GM parses the
received payloads SA and KD. If payloads SA and KD specify KEK_GSAs
and a GM is an NQ, a GM will accept the KEK_GSA directly and wait for
receiving the following GSAM_PUSH message protected by KEK_GSA.
Otherwise payloads SA and KD specify a GSAM_TEK_SA. In this case, a
GM checks SPI, an important parameter of GSAM_TEK_SA. If SPI values
in GSAM_TEK_SA have not used in its local SAD, a GM will start
q-timer and r-timer and no other exchange is needed. When q-timer/
r-timer expires, a GM updates its local SAD according to GSA_q /
GSA_r. If the source address of received GSA_r is the same as a
local address, the initial value of r-timer should be large enough to
make sure all other GMs and Q have updated their local SADs according
to GSA_r. If the suggested SPI values in GSAM_TEK_SA have collided
with the used SPI values in local SAD, a GM must start
GSAM_RE_DISTRIBUTION exchange as follows.
Atwood & Li Expires January 22, 2015 [Page 12]
�
Internet-Draft GSAM July 2014
A GM calculates a MAC and encapsulates it in AUTH payload. Then it
sends the first message of GSAM_RE_DISTRIBUTION to Q to show its
rejection.
Upon receiving the second message in GSAM_RE_DISTRIBUTION, a GM
verifies the received AUTH payload. If the verification fails, a GM
discards the received message. Otherwise, a GM deletes the pending
q-timer and r-timer at once if they exist. It accesses its local SAD
to obtain the all the used SPI values in the SAD and saves them in an
spi_list. After that, the status of local SADB is set as "read_only"
to prevent any modification from any other processes. The GM
encapsulates an spi_list in the payload SPI_LIST. Moreover, a MAC
value is calculated and encapsulated in the AUTH payload. After
that, the GM sends the third message with the payload SPI_LIST and
AUTH payload.
Upon receiving the fourth message in GSAM_RE_DISTRIBUTION, the GM
verifies the value in the payload AUTH to authenticate Q. If
authentication fails, the GM discards the received message directly.
Otherwise, the GM is forced to accept GSAM_TEK_SA specified in the
received payload SA and KD. It re-starts q-timer and r-timer. When
q-timer/r-timer expires, a GM updates its local SAD according to
GSA_q/GSA_r. After that, GMs clears the "read_only" status of its
local SAD to permit the modification to the SAD from other processes.
6. Handover of Q
Although ERs are usually stable, a new ER may be added into the
network and an old ER may fail to work. In these cases, a querier
election is caused and then a new Q may be elected in the link. The
new Q will take over the work of old Q automatically and become GCKS
soon in the link. All the EUs and NQs will discover the new Q since
they will receive the general query sent by the new Q in SIGMP/SMLD.
They initiate new GSAM sessions with the new Q. If they are
authenticated successfully, the new Q will distribute new
GSAM_TEK_SAs to them. SIGMP / SMLD messages will be protected by the
new GSAM_TEK_SAs.
7. IANA Considerations
GSAM runs over UDP. A UDP port should be assigned to GSAM.
8. References
Atwood & Li Expires January 22, 2015 [Page 13]
�
Internet-Draft GSAM July 2014
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
8.2. Informative References
[I-D.atwood-pim-sigmp]
william.atwood@concordia.ca, w. and B. Li, "Secure
Internet Group Management Protocol", draft-atwood-pim-
sigmp-01 (work in progress), July 2014.
[I-D.yeung-g-ikev2]
Rowles, S., Yeung, A., Tran, P., and Y. Nir, "Group Key
Management using IKEv2", draft-yeung-g-ikev2-07 (work in
progress), November 2013.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005.
[RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A.
Yegin, "Protocol for Carrying Authentication for Network
Access (PANA)", RFC 5191, May 2008.
[RFC5374] Weis, B., Gross, G., and D. Ignjatic, "Multicast
Extensions to the Security Architecture for the Internet
Protocol", RFC 5374, November 2008.
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
"Internet Key Exchange Protocol Version 2 (IKEv2)", RFC
5996, September 2010.
[RFC6407] Weis, B., Rowles, S., and T. Hardjono, "The Group Domain
of Interpretation", RFC 6407, October 2011.
Authors' Addresses
William Atwood
Concordia University/CSE
1455 de Maisonneuve Blvd, West
Montreal, QC H3G 1M8
Canada
Phone: +1(514)848-2424 ext3046
Email: william.atwood@concordia.ca
URI: http://users.encs.concordia.ca/~bill
Atwood & Li Expires January 22, 2015 [Page 14]
�
Internet-Draft GSAM July 2014
Bing Li
Concordia University/CSE
1455 de Maisonneuve Blvd, West
Montreal, QC H3G 1M8
Canada
Email: leebingice@gmail.com
Atwood & Li Expires January 22, 2015 [Page 15]
