“secure” migration to host identity based networks kristian slavov, patrik salmela ericsson...
TRANSCRIPT
![Page 1: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/1.jpg)
““Secure” migration to host Secure” migration to host identity based networksidentity based networks
Kristian SlavovKristian Slavov, Patrik Salmela, Patrik Salmela
Ericsson Research, NomadicLabEricsson Research, NomadicLab
NordicHIP 9.10.2007NordicHIP 9.10.2007
![Page 2: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/2.jpg)
AssumptionsAssumptions
Host Identity based networkHost Identity based network Hosts in the network utilise host identity binding Hosts in the network utilise host identity binding
protocols for communicationsprotocols for communications HIP, NodeIDHIP, NodeID
Legacy hostLegacy host Doesn’t support used communication protocolsDoesn’t support used communication protocols Cannot address all hosts due to complex global Cannot address all hosts due to complex global
network network Need to authenticates to the networkNeed to authenticates to the network
![Page 3: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/3.jpg)
ProblemsProblems
Legacy hostLegacy host How to connect to a host not necessarily How to connect to a host not necessarily
reachable via legacy techniques?reachable via legacy techniques?
Peer hostPeer host How to identify and authenticate the client?How to identify and authenticate the client?
What is required? What is required? Security features, network protocol agility, Security features, network protocol agility,
name resolutionname resolution
![Page 4: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/4.jpg)
HIP ProxyHIP Proxy
Basically a simple proxyBasically a simple proxy Store-(modify)-forwardStore-(modify)-forward Can do name resolution for the client hostCan do name resolution for the client host
Additional featuresAdditional features Can create HIP connections on behalf of the Can create HIP connections on behalf of the
legacy hostlegacy hostCreates temporary host identities for legacy hostsCreates temporary host identities for legacy hosts
Enables a mobile sub-networkEnables a mobile sub-network
![Page 5: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/5.jpg)
Legacy Authentication ServiceLegacy Authentication Service
Understands legacy authentication Understands legacy authentication proceduresprocedures SIM, HTTP-Digest, etc.SIM, HTTP-Digest, etc.
Stores (host) identities for subscribed Stores (host) identities for subscribed usersusers AuC, AAA, etc.AuC, AAA, etc.
Issues binding certificates for temporary Issues binding certificates for temporary and permanent (host) identities.and permanent (host) identities.
![Page 6: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/6.jpg)
λ*
ββ*
LAS
HIP Proxy
Legacy host performs network attachment.
HIP Proxy generates temporary identity for the legacy proxy.
α*
![Page 7: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/7.jpg)
λ*
ββ*
LAS
HIP Proxy
Legacy host authenticates itself to the network.
A HIP connection is established between HIP proxy and the authentication server.
α*
![Page 8: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/8.jpg)
λ*
ββ*
LAS
HIP Proxy
As a result LAS creates identity binding certificate for the HIP proxy.
α*α
β
![Page 9: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/9.jpg)
λ*
ββ*
LAS
HIP Proxy
Traffic sent by the legacy host is intercepted at the HIP proxy.
New HIP association is created using identity certificate provided by the LAS.
α*α
β
![Page 10: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/10.jpg)
RecapRecap
HIP Proxy creates temporary host identity to a HIP Proxy creates temporary host identity to a legacy hostlegacy host
Legacy host authenticates to LASLegacy host authenticates to LAS
LAS negotiates with HIP Proxy and issues a LAS negotiates with HIP Proxy and issues a certificate binding temporary identity and certificate binding temporary identity and permanent identity together.permanent identity together.
Legacy host initiates connection to a peer hostLegacy host initiates connection to a peer host
HIP Proxy intercepts, runs connection HIP Proxy intercepts, runs connection establishment protocol with the peer host using establishment protocol with the peer host using identity certificateidentity certificate
Traffic flows between legacy host and peer hostTraffic flows between legacy host and peer host
![Page 11: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/11.jpg)
WeaknessesWeaknesses
Network access divided into two parts with Network access divided into two parts with different (security) propertiesdifferent (security) properties access network (i.e. legacy host to HIP proxy)access network (i.e. legacy host to HIP proxy) core network (i.e. HIP proxy to peer host)core network (i.e. HIP proxy to peer host)
Access network is insecureAccess network is insecure Security depends on the legacy hostSecurity depends on the legacy host Identification in the access networkIdentification in the access network
![Page 12: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/12.jpg)
Security problemsSecurity problems
HIP proxyHIP proxy Uses legacy host’s identity to do bad thingsUses legacy host’s identity to do bad things
Target for hacking attacksTarget for hacking attacks Operators may certify HIP proxiesOperators may certify HIP proxies
LAS configured to issue identity binding certificates only to trusted LAS configured to issue identity binding certificates only to trusted HIP proxiesHIP proxies
Certificate revocationCertificate revocation LifetimesLifetimes The peer host must explicitly check from the CAThe peer host must explicitly check from the CA
The peer host could subscribe for revocation info at the LAS of the The peer host could subscribe for revocation info at the LAS of the certificatecertificate
Name resolutionName resolution No DNSSEC or alikeNo DNSSEC or alike
HIP proxy needs to tamper the DNS queries/repliesHIP proxy needs to tamper the DNS queries/replies
![Page 13: “Secure” migration to host identity based networks Kristian Slavov, Patrik Salmela Ericsson Research, NomadicLab NordicHIP 9.10.2007](https://reader036.vdocuments.site/reader036/viewer/2022082417/56649f1a5503460f94c2f8fb/html5/thumbnails/13.jpg)
ConclusionConclusion
Allows legacy hosts to communicate with Allows legacy hosts to communicate with “full-featured” hosts“full-featured” hosts
Allows the peer hosts to associate the Allows the peer hosts to associate the legacy host with proper host identitylegacy host with proper host identity
Allows Allows certain type ofcertain type of network mobility for legacy network mobility for legacy hostshosts
An opportunistic security solutionAn opportunistic security solution