Open Source Project SEND - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Open Source Project SEND

Description:

Configuration of trust anchor & certificate path. Adding IP Address ... Handling the Nonce & Timestamp options. CSI WG/IETF76. 5. Extended Functions. Supports ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 16
Provided by: tools
Category:
Tags: send | nonce | open | project | source

less

Transcript and Presenter's Notes

Title: Open Source Project SEND


1
Open Source Project SEND Extensions
Yuhong LI (Speaker) Wendong WANG
Guangxue SU Quanchao HUI
  • Beijing University of Posts Telecommunications
  • HUAWEI

2
Contents
  • Project overview
  • Basic and extended functions
  • Implementations
  • Tests
  • Future work

3
Project Overview
  • Project began from Nov. 2008
  • GPL-style License
  • Code
  • Plan to put at Google Code (http//code.google.co
    m)
  • Platforms
  • Host Linux
  • Router Quagga over Linux
  • Linux
  • Linux Kernel 2.6.24.6
  • Ubuntu 8.04

4
Basic Functions
  • Implementations of RFCs
  • RFC3971 - Secure Neighbor Discovery (SEND)
  • RFC3972 - Cryptographically Generated Addresses
    (CGAs)
  • RFC3779 - X.509 Extensions for IP Addresses and
    AS Identifiers
  • Supported features
  • Processing CPS/CPA messages (Authorization
    Delegation Discovery)
  • Configuration of trust anchor certificate path
  • Adding IP Address Extensions to certificates
  • Handling of the certificate path
  • Processing ND messages with SEND options
  • Generation Verification of CGA and CGA
    parameters
  • Generation Verification of the RSA signature
  • Handling the Nonce Timestamp options

5
Extended Functions
  • Supports
  • ECDSA as an alternative of RSA
  • Based on draft-shen-csi-ecc-01 ( the revised
    version in draft-cheneau-csi-ecc-sig-agility-00)
  • CRL verification

6
Implementations
  • SEND Kernel module
  • Embedded into IPv6 module of Linux kernel
  • About 6K lines of C
  • SEND Daemon module
  • Cryptographical procedures are implemented in
    user space in the form of Daemon
  • About 7K lines of C

12/10/2009
CSI WG/IETF76
6
7
Software Prototype ---- Host
8
Software Prototype --- Router
9
Tests of SEND Extensions
  • Performed in a link-local environment
  • 72 function tests for SEND and extensions
  • Performance tests on CGA and RSA/ECDSA

10
Test scenario 1 nodes support only SEND
  • Messages from the original NDP nodes are
    considered insecure and are discarded
  • Neighbor Discovery
  • SEND nodes discard ND messages without SEND
    options.
  • Router Discovery
  • SEND nodes send CPS to routers to require CPA
  • Routes are considered insecure and will be
    ignored if routes do not respond CPA messages
  • Redirect
  • SEND nodes ignore Redirect messages from NDP nodes

11
Test scenario 2 nodes work in compatible mode
  • SEND nodes in compatible mode accept NDP nodes,
    but mark them as insecure
  • Neighbor Discovery
  • SEND nodes on link are marked as secure
  • NDP nodes on the link are marked as insecure
  • Router Discovery
  • Routers which pass CPA verification are marked as
    secure
  • Other routers are marked as insecure
  • secure routers have higher priority when routing
  • Redirect
  • Both SEND/ND redirect messages are accepted.

12
Test results of CGA generating time
  • Platform
  • An Intel Duo2 (2.53GHz) workstation
  • Results of average CGA generating time
  • SEC0 100 µs
  • SEC1 60 ms
  • SEC2 2000s (varies from 1007000sec)
  • SEC3 N/A
  • Theoretically estimating, more than 30000 hours
    are required.

13
Performance comparisons of RSA
and ECDSA
Ref draft-shen-csi-ecc-01 ( the revised version
in draft-cheneau-csi-ecc-sig-agility-00) RSA-1024
and ECDSA-192 is of the same security
strength. ECDSA has a shorter signature length,
and a less signature generating time.
14
Future work
  • Supports signature algorithm agility based on
  • draft-cheneau-csi-cga-pk-agility-00
  • Support for Multiple Signature Algorithms in
    Cryptographically Generated Addresses (CGAs)
  • Proposed in Oct. 12, 2009 by Huawei
  • Support multiple signature algorithms through
    providing multiple public keys in CGA
  • draft-cheneau-csi-send-sig-agility-00
  • Signature Algorithm Agility in the Secure
    Neighbor Discovery (SEND) Protocol
  • Proposed in Oct. 12, 2009 by Huawei
  • Add Supported Signature Algorithm Option, provide
    agility to SEND
  • draft-cheneau-csi-ecc-sig-agility-00
  • ECC public key and signature support in
    Cryptographically Generated Addresses (CGA) and
    in the Secure Neighbor Discovery (SEND)
  • Proposed in Oct. 12, 2009 by Huawei
  • E.g. how to use ECC public key in CGA etc.

15
Thanks!Questions/Comments?
  • Contact us
  • Yuhong Li hoyli_at_bupt.edu.cn
  • Wendong Wang wdwang_at_bupt.edu.cn
  • Guangxue Su guangxsu_at_gmail.com
  • Quanchao Hui huiquanchao_at_gmail.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Open Source Project SEND" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!