Co-presenters: - PowerPoint PPT Presentation

About This Presentation
Title:

Co-presenters:

Description:

Florent Parent (Hexago) Other Authors: Shu Yamamoto. Hidetoshi Yokota ... Identify Security Requirements for Softwire deployments. Security Analysis -Florent ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 9
Provided by: kdd8
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Co-presenters:


1

Security Review Of Softwire
  • Co-presenters
  • Carl Williams
  • Florent Parent (Hexago)
  • Other Authors
  • Shu Yamamoto
  • Hidetoshi Yokota
  • KDDI RD Labs

1
2
Presentation Overview
  • Motivation for a Softwire Security Draft
  • Security Requirements - Carl
  • Identify Security Requirements for Softwire
    deployments
  • Security Analysis -Florent
  • Authentication, control and data protection.
  • IPSec in the softwire framework.

3
Motivation for a Softwire Solution
  • What are security requirements for softwire
    deployments.
  • What are is the threat analysis for softwire
    deployments.
  • What is the IPSec model for softwire deployments.

4
Possible Threats
  • An adversary may try to discover user identities
    by snooping data packets.
  • An adversary may try to modify packets (both
    control and data).
  • An adversary may try to hijack the IPv6 in IPv4
    tunnel.
  • An adversary can launch denial of service attacks
    by terminating softwire created tunnels.
  • An adversary may attempt to disrupt the user
    negotiation with the tunnel broker in order to
    weaken or remove confidentiality protection.
    Alternatively, an adversary may wish gain access
    to user passwords.
  • An adversary may impersonate the softwire
    concentrator to intercept traffic .
  • Overlap with L2TP IPsec draft.

5
Authentication
Authentication Softwire requirement
None should
User must
Mutual should
  • No user authentication
  • Used when relying on out-of-band authentication
  • Requires controlled environment (intra-provider,
    filtering)

6
Control and data plane protection
  • Softwire full payload security on control and
    data plane when desired
  • E.g. Nomadicity scenario
  • IPsec can provide the necessary security
    mechanisms
  • Comparable to RFC3193 L2TP using IPSec

Control Data
Integrity Must Must
Replay Must Must
Confidentiality Should May
7
IPsec
  • draft-ietf-v6ops-ipsec-tunnels provides
    guidelines
  • Tunnel mode with generic SPDs, or transport mode
    on tunnel interface
  • If transport mode is used, IPsec NAT traversal
    (RFC3947,3948) when the SOAF is IPv4.
  • Time to market?
  • IKE mutual authentication
  • preshared keys does not scale  to the millions 
  • Certificate based?
  • IKEv2 supports  legacy  authentication methods.
    Time to market?
  • How related are the  softwire  and IKE
    authentication?

8
Summary
  • IPv6 tunnel service using tunnel broker was
    deployed for FTTH users
  • TSP client (initiator) is installed at Home
    Gateway.
  • 1000 tunnels are always activated.
  • The connection from outside IPv4 network uses
    IPv6 tunnel together with address translator.
  • After trial, feedback from customers will be
    obtained in terms of usefulness and convenience.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Co-presenters:" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!