ietf84 karp
play

IETF84-KARP Key Management and Adjacency Management for KARP-based - PowerPoint PPT Presentation

Mar 12, 2023 •160 likes •435 views

IETF84-KARP Key Management and Adjacency Management for KARP-based Routing Systems Definitions Administrative Domain (AD) Set of routers under a single administration RFC 4375 provides a convenient definition (in the context of

  1. IETF84-KARP Key Management and Adjacency Management for KARP-based Routing Systems

  2. Definitions  Administrative Domain (AD)  Set of routers under a single administration • RFC 4375 provides a convenient definition (in the context of Emergency Management)  An AD is not bigger than an autonomous system • Because we are dealing with Interior Gateway Protocols  Group Controller/Key Server (GCKS)  Specific to a particular routing protocol (RP), because “adjacency” may be defined differently for each RP • Rules may be the same for different protocols, but stored data will be different 2012-07-31 IETF 84-KARP 2

  3. Definitions..2  Group Member (GM)  Any router within the Administrative Domain • Note that depending on the keying model in use, we may form smaller “groups”  Neighbor  The set of routers that are adjacent to a particular router 2012-07-31 IETF 84-KARP 3

  4. AS and AD 2012-07-31 IETF 84-KARP 4

  5. Keying ¡Scopes ¡(1) ¡ Whole ¡AD ¡  Same ¡key ¡for ¡the ¡en;re ¡AD ¡ ¡ 2012-07-31 IETF 84-KARP 5

  6. Keying ¡Scopes ¡(2) ¡ All ¡routers ¡on ¡a ¡link ¡  Key ¡per ¡link ¡ ¡ 2012-07-31 IETF 84-KARP 6

  7. Keying ¡Scopes ¡(3) ¡ Group ¡per ¡sending ¡router ¡  Separate ¡key ¡per ¡router ¡ ¡ 2012-07-31 IETF 84-KARP 7

  8. Keying ¡Groups ¡(4) ¡ Group ¡per ¡sending ¡router ¡per ¡interface ¡  Separate ¡key ¡per ¡router ¡per ¡interface ¡ ¡ 2012-07-31 IETF 84-KARP 8

  9. Keying ¡Groups ¡(4) ¡ Group ¡per ¡sending ¡router ¡per ¡interface ¡  Separate ¡key ¡per ¡router ¡per ¡interface ¡ ¡ 2012-07-31 IETF 84-KARP 9

  10. Keying Assumptions for RKMP and MaRK  Both documents make the same statement  “Routers need to be provisioned with some credentials for a one-to-one authentication protocol”  “Preshared keys or asymmetric keys and an authorization list are expected to be common deployments” 2012-07-31 IETF 84-KARP 10

  11. Observations (1)  To establish the router identities and legitimate adjacencies, this will involve walking to each router and carefully configuring the paired keys and authorization lists  Or, at the very least, remotely logging on to each router...  This seems somewhat error prone to us 2012-07-31 IETF 84-KARP 11

  12. Observations (2)  Adjacency control has to be centralized  No individual router can determine, by itself, who its legitimate neighbors are  We have explored the issue of key generation in the context of making adjacency management easier.  The operation of MaRK appears to us to make managing adjacency more difficult  Specifically, the election of a GCKS for the routers on a link, which can be different each time it happens. 2012-07-31 IETF 84-KARP 12

  13. Our goals  To explore ways that allow easy adjacency control (which has to be centralized)  Without depending on a central facility when you have a power failure  In a manner that works for both the unicast and the multicast cases 2012-07-31 IETF 84-KARP 13

  14. Key Management Architecture Overall Controller Protocol GCKS Protocol Keystore Group Group Member Member Local Local KS/GCKS KS/GCKS Local Local Keystore Keystore 2012-07-31 IETF 84-KARP 14

  15. Structure  Two levels for the Automatic Keying Management  GCKS  GM Negotiation  GM  GM Negotiation  Four steps  Mutual authentication (GCKS  each GM)  Push policy and adjacency information on this path  Mutual authentication (GM to each adjacent GM)  Push or negotiate keying material from GM to/with adjacent GMs 2012-07-31 IETF 84-KARP 15

  16. System Goals  To generate, distribute and update keying materials  11 “security goals”  6 “non-security goals”  These were assembled from review of the Design Guide and the Threats and Requirements Guide  Details are in the draft 2012-07-31 IETF 84-KARP 16

  17. Results  The framework allows us to simplify the establishment of the pre-shared keys  Allows us to introduce centralized control of adjacency  Allows incremental deployment, with different keying models on different interfaces  Avoids DoS attacks on the central controller after power failure 2012-07-31 IETF 84-KARP 17

  18. System architecture Conforms to the Multicast Group Security Architecture Specification 2012-07-31 IETF 84-KARP 18

  19. Key Management Phases: Between Components Overall Controller Step 1 Step 1 Protocol Step 2 Step 2 GCKS Protocol Keystore Step 3 Group Group Member Member Local Step 4 Local KS/GCKS KS/GCKS Local Local Keystore Keystore 2012-07-31 IETF 84-KARP 19

  20. System Operation (1)  Step 1 – Mutual authentication GCKS to GM  Establish secure path and mutual authenticity between GCKS and individual Group Members • This path will be used to distribute information for use by the GM to identify and authenticate its neighbors  Standard IKE or IKEv2 exchange 2012-07-31 IETF 84-KARP 20

  21. System Operation (2)  Step 2 – Push policies to the GM  SA policy corresponding to the TEK  Signed certificate to identify this router  Key scope to be used  Policy token  Adjacency information  Plus the necessary hashes and nonces to ensure that the security requirements are met 2012-07-31 IETF 84-KARP 21

  22. System Operation (3)  Step 3 – Mutual Authentication between adjacent GMs  Establish secure path and mutual authenticity between adjacent Group Members • To be used to distribute parameters that will be used by the GM to send information to its neighbors (i.e., routing protocol control packets)  The identity information pushed in Step 2 is used to identify legitimate neighbors  Standard IKE or IKEv2 exchange 2012-07-31 IETF 84-KARP 22

  23. System Operation (4)  Step 4 – Exchange or negotiation of keying materials  SA information corresponding to the TEK of the sending router  Request for SA information corresponding to the TEK of neighbor routers  Plus the necessary hashes and nonces to ensure that the security requirements are met 2012-07-31 IETF 84-KARP 23

  24. Key Management Exchanges: Within GMs KMP (Key Management SA parameters related to TEK Protocol) LKS (Local Key Server) Join group Notification Initial key of new keys Change key Key Store RP SA parameters (Routing Protocol) related to TEK 2012-07-31 IETF 84-KARP 24

  25. Academic Aspects  Formal validation of the security of the protocols has been done, using AVISPA (Automated Validation of Internet Security Protocols and Applications)  GCKS and GMs are modeled  Intruder can take any role  Security goals (for example, secrecy of the generated TEK) can be formulated  AVISPA reports “safe” for the set of security goals and scenarios explored 2012-07-31 IETF 84-KARP 25

  26. Thank You! Questions? 2012-07-31 IETF 84-KARP 26

Recommend

One control to rule them all Michael Welzl IAB/IRTF CC Workshop @IETF84 28. 07. 2012 How we

One control to rule them all Michael Welzl IAB/IRTF CC Workshop @IETF84 28. 07. 2012 How we

One control to rule them all Michael Welzl IAB/IRTF CC Workshop @IETF84 28. 07. 2012 How we use the Internet today: 3 stories 1. I clean our flat while listening to Spotify in parallel, downloading files via my own Suddenly I begin to

64 views • 5 slides
Edmonds Karp Algorithm Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department

Edmonds Karp Algorithm Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department

Introduction Edmonds Karp Algorithm Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of Computer Science Introduction Objectives Your Objectives: Implement the Edmonds Karp algorithm for Network Flow Introduction

435 views • 16 slides
Geo Routing in ad hoc nets References: Brad Karp and H.T. Kung GPSR: Greedy

Geo Routing in ad hoc nets References: Brad Karp and H.T. Kung GPSR: Greedy

Geo Routing in ad hoc nets References: Brad Karp and H.T. Kung GPSR: Greedy Perimeter Stateless Routing for Wireless Networks, Mobicom 2000 M. Zorzi, R.R. Rao, ``Geographic Random Forwarding (GeRaF) for ad hoc and

313 views • 14 slides
On the Price of Heterogeneity in Parallel Systems P . Brighten Godfrey and Richard M. Karp

On the Price of Heterogeneity in Parallel Systems P . Brighten Godfrey and Richard M. Karp

On the Price of Heterogeneity in Parallel Systems P . Brighten Godfrey and Richard M. Karp SPAA06 - July 31, 2006 1 Introduction Consider a parallel system in which processing speed, Bottleneck bandwidth to each node has a

613 views • 24 slides
The VIP Study of the Latin Script Cary Karp ck@nrm.museum The Latin alphabet is used in the

The VIP Study of the Latin Script Cary Karp ck@nrm.museum The Latin alphabet is used in the

IDN Variant Issues Project ICANN Dakar, 24 October 2011 The VIP Study of the Latin Script Cary Karp ck@nrm.museum The Latin alphabet is used in the writing systems of more languages than is any other single script. a b c d e f g h i j k l

626 views • 20 slides
Green Industrial Policies: Trade and Public Policy Larry Karp Megan Stevenson January 2012 Karp

Green Industrial Policies: Trade and Public Policy Larry Karp Megan Stevenson January 2012 Karp

Green Industrial Policies: Trade and Public Policy Larry Karp Megan Stevenson January 2012 Karp & Stevenson () Green Industrial Policy January 2012 1 / 15 Industrial policy (IP): an old debate Green industrial policy (GIP) is the use of

690 views • 30 slides
LogP: Towards a Realistic Model of Parallel Computation y David Culler, Richard Karp ,

LogP: Towards a Realistic Model of Parallel Computation y David Culler, Richard Karp ,

LogP: Towards a Realistic Model of Parallel Computation y David Culler, Richard Karp , David Patterson, Abhijit Sahay, Klaus Erik Schauser, Eunice Santos, Ramesh Subramonian, and Thorsten von Eicken Computer Science Division, University

476 views • 24 slides
Andrew Karp Group Editor, Lenses & Technology Jobson

Andrew Karp Group Editor, Lenses & Technology Jobson

Andrew Karp Group Editor, Lenses & Technology Jobson Op:cal Group Eye 2 Wearables and Implantables: New Ways of Seeing Your Content Here

727 views • 16 slides
Remote Procedure Call (RPC) and Transparency Brad Karp UCL Computer Science CS GZ03 / M030 11

Remote Procedure Call (RPC) and Transparency Brad Karp UCL Computer Science CS GZ03 / M030 11

Remote Procedure Call (RPC) and Transparency Brad Karp UCL Computer Science CS GZ03 / M030 11 th October 2017 Transparency in Distributed Systems Programmers accustomed to writing code for a single box Transparency: retain feel

536 views • 34 slides
Multi-Tiered Systems of Support: Interventions and Assessment Strategies Karen Karp Johns

Multi-Tiered Systems of Support: Interventions and Assessment Strategies Karen Karp Johns

Welcome Ensuring Mathematical Success for All Multi-Tiered Systems of Support: Interventions and Assessment Strategies Karen Karp Johns Hopkins University Topics for Today Brief overview of RtI Model , one version of a multi-tiered system

824 views • 35 slides
NP Completeness Tractability Polynomial time Stephen Cook Leonid Levin Richard Karp

NP Completeness Tractability Polynomial time Stephen Cook Leonid Levin Richard Karp

NP Completeness Tractability Polynomial time Stephen Cook Leonid Levin Richard Karp Computation vs. verification Power of non-determinism Encodings Transformations & reducibilities P vs. NP Completeness

1.45k views • 91 slides
NP Completeness Tractability Polynomial time Stephen Cook Leonid Levin Richard Karp

NP Completeness Tractability Polynomial time Stephen Cook Leonid Levin Richard Karp

NP Completeness Tractability Polynomial time Stephen Cook Leonid Levin Richard Karp Computation vs. verification Power of non-determinism Encodings Transformations & reducibilities P vs. NP Completeness

1.13k views • 99 slides
A Public DHT Service Sean Rhea, Brighten Godfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy,

A Public DHT Service Sean Rhea, Brighten Godfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy,

A Public DHT Service Sean Rhea, Brighten Godfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and Harlan Yu UC Berkeley and Intel Research August 23, 2005 Two Assumptions 1. Most of you have a pretty good idea

619 views • 43 slides
The Time-less Datacenter Paul Borrill and Alan H. Karp Earth Computing The Datacenter Resilience

The Time-less Datacenter Paul Borrill and Alan H. Karp Earth Computing The Datacenter Resilience

The Time-less Datacenter Paul Borrill and Alan H. Karp Earth Computing The Datacenter Resilience Company Stanford EE Computer Systems Colloquium Wednesday, November 16, 2016 http://ee380.stanford.edu Cloud Computing The Three Taxes: 1.

499 views • 28 slides
Welcome and Introduction Peter D. Karp, Ph.D. Bioinformatics Research Group SRI International

Welcome and Introduction Peter D. Karp, Ph.D. Bioinformatics Research Group SRI International

Welcome and Introduction Peter D. Karp, Ph.D. Bioinformatics Research Group SRI International SRI International Bioinformatics 1 Pathway Tools Workshop Workshop format First three days formal presentations Last two days

349 views • 17 slides
Formalizing the Edmonds-Karp Algorithm Peter Lammich and S. Reza Sefidgar TU Mnchen August

Formalizing the Edmonds-Karp Algorithm Peter Lammich and S. Reza Sefidgar TU Mnchen August

Formalizing the Edmonds-Karp Algorithm Peter Lammich and S. Reza Sefidgar TU Mnchen August 2016 1 / 16 Flow Networks Digraph with capacities Source (s) and sink (t) 6 a c 3 4 3 s t 5 4 3 b d 2 / 16 Flow Networks

751 views • 54 slides
Andrew Karp Group Editor 20/20 & Vision Monday , Lenses and Technology Todays Vision

Andrew Karp Group Editor 20/20 & Vision Monday , Lenses and Technology Todays Vision

Andrew Karp Group Editor 20/20 & Vision Monday , Lenses and Technology Todays Vision Technologies More Amazing Than X Ray Specs

407 views • 6 slides
WELCOME Andrew Karp VM Editor Lenses & Technology Trend Analysis Burger Kings Have it

WELCOME Andrew Karp VM Editor Lenses & Technology Trend Analysis Burger Kings Have it

WELCOME Andrew Karp VM Editor Lenses & Technology Trend Analysis Burger Kings Have it Your Way campaign epitomized a new type of CUSTOMER EXPERIENCE (CX) in which the customer is driving the interaction. Trend Analysis This type

590 views • 20 slides
Recent and Planned Enhancements to Pathway Tools and BioCyc Peter Karp Bioinformatics Research

Recent and Planned Enhancements to Pathway Tools and BioCyc Peter Karp Bioinformatics Research

Recent and Planned Enhancements to Pathway Tools and BioCyc Peter Karp Bioinformatics Research Group SRI International pkarp@ai.sri.com SRI International Bioinformatics 1 Pathway/Genome Databases on the Web

458 views • 20 slides
Bioinformatics Panel Presentation Peter D. Karp, Ph.D. Director, Bioinformatics Research Group

Bioinformatics Panel Presentation Peter D. Karp, Ph.D. Director, Bioinformatics Research Group

Bioinformatics Panel Presentation Peter D. Karp, Ph.D. Director, Bioinformatics Research Group SRI International Menlo Park, CA pkarp@ai.sri.com SRI International Bioinformatics My Background Direct bioinformatics research group of 6

409 views • 12 slides
Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp,

Protecting Users by Confining JavaScript with SWAPI Deian Stefan, Petr Marchenko, Brad Karp, David Mazires, Dave Herman, and John C. Mitchell Modern websites are complex Modern websites are complex Modern websites are complex Page code

1.65k views • 97 slides
String Matching: Rabin-Karp Algorithm Greg Plaxton Theory in Programming Practice, Fall 2005

String Matching: Rabin-Karp Algorithm Greg Plaxton Theory in Programming Practice, Fall 2005

String Matching: Rabin-Karp Algorithm Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin The (Exact) String Matching Problem The (exact) string matching problem: Given a text

98 views • 7 slides
Dual Enrollment as an Acceleration Approach Melinda Mechur Karp, Ph.D. Senior Research Associate

Dual Enrollment as an Acceleration Approach Melinda Mechur Karp, Ph.D. Senior Research Associate

COMMUNITY COLLEGE RESEARCH CENTER Acceleration and dual enrollment/ November 25, 2013 November 25, 2013 Dual Enrollment as an Acceleration Approach Melinda Mechur Karp, Ph.D. Senior Research Associate Community College Research Center

544 views • 16 slides
String Searching The previous slide is not a great example of what is meant by String

String Searching The previous slide is not a great example of what is meant by String

S TRINGS AND P ATTERN M ATCHING Brute Force, Rabin-Karp, Knuth-Morris-Pratt Whats up? Im looking for some string. Thats quite a trick considering that you have no eyes. Oh yeah? Have you seen your writing? It looks like an EKG!

726 views • 49 slides

More recommend