[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: revised IPsec processing model
Stephen Kent <kent@bbn.com> writes:
> As I revise the processing model to take into account the comments
> I have received, I will try to reword it to be as clear as
> possible about the security implications associated with different
> assumptions about routing tables and the extent to which they may
> change without secure intermediation, as the security implications
> of such changes.
It might be useful to consider the methods described in
"Authentication and Confidentiality via IPsec" (ESORICS, 2000) by
myself, Amy Herzog, and Javier Thayer. That way people could
establish that certain security goals depend only on specific aspects
of a network's IPsec configuration. In this case, one knows whether
those goals could be undermined by changes in routing tables.
The paper is available at http://www.ccs.neu.edu/home/guttman, and the
abstract is below.
More work along this line has been done, including some
implementations to analyze configurations. Another paper will be
available shortly.
Joshua
The IP security protocols (\ipsec) may be used via security gateways
that apply cryptographic operations to provide security services to
datagrams, and this mode of use is supported by an increasing number
of commercial products. In this paper, we formalize the types of
authentication and confidentiality goal that {\ipsec} is capable of
achieving, and we provide criteria that entail that a network with
particular {\ipsec} processing achieves its security goals.
This requires us to formalize the structure of networks using
{\ipsec}, and the state of packets relevant to {\ipsec} processing.
We can then prove confidentiality goals as invariants of the
formalized systems. Authentication goals are formalized in the manner
of~\cite{Schneider96}, and a simple proof method using ``unwinding
sets'' is introduced. We end the paper by explaining the network
threats that are prevented by correct {\ipsec} processing.
--
Joshua D. Guttman <guttman@mitre.org>
MITRE, Mail Stop S119 Office: +1 781 271 2654
202 Burlington Rd. Fax: +1 781 271 8953
Bedford, MA 01730-1420 USA Cell: +1 781 526 5713