L3A: A Protocol for Layer Three Accounting

1
L3A A Protocol for Layer Three Accounting

• Alwyn Goodloe, Matthew Jacobs, Gaurav Shah
• University of Pennsylvania
• Carl A. Gunter
• University of Illinois

2
SOHO to Enterprise Example
Home
Internet
Office
C
AP
VPN
S
Three levels of Authentication and Encryption!
3
Multi-Tunnel Configuration
Application
Protocols to set up Tunnels/ Security Objectives
Of Tunnels
N/W Security/ Key Exchange
4
Cramming Attacks
Unauthenticated Ingress
5
Countermeasures

• Add difficult-to-discover state to return port.
  Problematic
• On-path attackers
• Establishing sufficient state
• Example Network Address Translation (NAT)
• Determined by four flow parameters
• Well known destinations give strategies for
  server ports and addresses
• Weaknesses in NAT parameter selections
• Brute force 10,000 pkts/sec on stock machine
• Observed 7 minutes for timeout

6
Tunnel as Countermeasure
Challenge Coordinate the creation of the tunnels
7
Related Work

• Accounting
• Simple Network Management Protocol (SNMP)
• RADIUS
• Juniper Networks GPRS gateway provides
  protection against over-billing attacks

• Tunnel Configuration
• Solsoft Policy Server
• Z. Fu and S.F. Wu 2001
• Cisco Dynamic Multipoint VPN (DM VPN)
• Cisco Tunnel Endpoint Discovery (TED)

8
L3A Set-Up
Server
Client
NAS
SPD C?S(C?N)
Req(cred)

SPD C?S(C?N)
SPD S?C(S?N)
Ack(cred)
SPDS?C(S?N)
Fin
9
L3A Set-Up With Reuse
Server1
NAS
Client
SPD C?S2(C?N)
Req(Cred)
Server2
SPD C?S2(C?N)
SPD S2?C(S2?N)
Ack(cred)
SPD S2?C(S2?N)
10
L3A Tear-Down
11
Implementation

• Micron 600MHz Pentiums, 128 MB memory in C/S and
  256 in NAS, 100 Mbps Ethernet links
• FreeBSD 4.8, OpenSSL crypto, PF_KEY interface to
  SPD
• IKE- our implementation of IKEv2 with support for
  nested tunnels

12
IKE-
13
Performance Measurements

• Throughput
• How does L3A bulk transmission compare to no
  accounting or other approaches to accounting?
• Latency
• How does L3A set-up compare to other approaches
  in ms required for set-up and tear-down?
• Both measured for a single client and server NAS
  was only lightly loaded.

14
Throughput Cases

• Base no security
• End-to-end IPsec with encryption and
  authentication between client and server
• Typical IPsec E2E and IPsec with encryption and
  authentication between client and NAS
• L3A E2E and authenticated tunnels between
• client and NAS
• NAS and server

15
Throughput

• L3A is 100 faster than typical
• L3A is 32 slower than no accounting

16
Latency Cases

• End-to-end IPsec IKE- from end to end
• L3A without reuse
• L3A with reuse of client to NAS tunnel

17
Latency

• Latency to establish tunnels for accounting is
  142 greater than end-to-end protection alone,
  but
• In the most common case, it will be only 48
  longer.

18
Conclusions

• Introduced concept of cramming attacks
• Reviewed possible countermeasures and did
  penetration study of NAT
• Proposed L3A protocol
• Implementation shows reasonable performance
• Main contribution progress on how to design
  multi-tunnel protocols

19
L3A Messages
20
Cramming Attacks