1 / 14

Analysis of LMP Security According to KARP Design Guide

Analysis of LMP Security According to KARP Design Guide . Mahesh Jethanandani. Agenda. What Why Recommendations Last presented in IETF 87 in KARP WG. Disclaimer. I am not a LMP expert This is an analysis according to KARP design guide. What?. LMP used to manage TE links Used for:

cher
Download Presentation

Analysis of LMP Security According to KARP Design Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analysis of LMP Security According to KARP Design Guide Mahesh Jethanandani

  2. Agenda • What • Why • Recommendations Last presented in IETF 87 in KARP WG

  3. Disclaimer • I am not a LMP expert • This is an analysis according to KARP design guide

  4. What? • LMP used to manage TE links • Used for: • Control channel connectivity • Verify the physical connectivity of data links • Correlate link property information • Suppress downstream alarms • Localize link failures for protection/restoration purposes … all this in multiple kinds of networks

  5. LMP Procedure • Core Procedures • Control Channel Management • Link Property Correlation • Additional Procedures • Link Connectivity Verification • Fault Management

  6. Why? • [RFC 6862] outlines 22 threats that all protocols should consider. • LMP is vulnerable to • Spoofing of control packets • Modification of control packets • Replay of control packets • Breaking of the key • LMP uses UDP • No authentication mechanism

  7. Security Requirements for LMP • Provide • Authentication • Integrity • Replay protection • Confidentiality is not required • Protection of LMP end-point is not a requirement • Key management including automatic key rollover • Authentication should be cryptographically sound • Algorithm should be agile

  8. Integrity and Authentication • RFC 4204 recommends IPSec • Headers and payload need not be encrypted • Manual keying mode should be supported • No replay protection • No automatic re-keying • Only for diagnostic purposes

  9. Issues with Inter-Session • MESSAGE_IDs are re-initialized • Cold Reboot: after each reboot, the MESSAGE_IDs will be re-initialized • MESSAGE_ID is a 32-bit monotonically increasing number. Will rollover.

  10. Recommendations • Replay protection • IPSec • UDP authentication

  11. Replay Protection • MESSAGE_ID maintained in stable memory • Local or Network clock part of MESSAGE_ID • Increase MESSAGE_ID from 32 to 64 bit

  12. IPSec? • No need for encryption • Difficult to avoid LMP traffic escaping the IPSec channel • More light weight • Use IKE extensions to achieve SA • Use IKE for key management • Shameless plug for my other draft (draft-mahesh-karp-rkmp)

  13. UDP Authentication • How to authenticate UDP payload? • LDP uses a TLV to carry auth payload.

  14. Questions?

More Related