One document matched: draft-mahesh-bfd-authentication-00.txt
Network Working Group M. Jethanandani
Internet-Draft A. Mishra
Intended status: Standards Track A. Saxena
Expires: August 17, 2015 Ciena Corporation
M. Bhatia
Ionos Networks
February 13, 2015
Optimizing BFD Authentication
draft-mahesh-bfd-authentication-00
Abstract
This document describes an optimization to BFD Authentication as
described in Section 6.7 of BFD [RFC5880].
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 17, 2015.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Jethanandani, et al. Expires August 17, 2015 [Page 1]
Internet-Draft BFD Authentication February 2015
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Authentication Mode . . . . . . . . . . . . . . . . . . . . . 3
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 3
5.1. Normative References . . . . . . . . . . . . . . . . . . 3
5.2. Informative References . . . . . . . . . . . . . . . . . 4
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
Authenticating every BFD [RFC5880] packet with a Simple Password, or
with a MD5 Message-Digest Algorithm [RFC1321] and Secure Hash
Algorithm (SHA-1) algorithms is computationally intensive process,
making it difficult if not impossible to authenticate every packet -
particularly at faster intervals. In addition, the recent escalating
series of attacks on MD5 and SHA-1 [SHA-1-attack1] [SHA-1-attack2]
raise concerns about their remaining useful lifetime as outlined in
Updated Security Considerations for the MD5 Message-Digest and the
HMAC-MD5 Algorithm [RFC6151] and Security Considerations for the
SHA-0 and SHA-1 Message-Digest Algorithm [RFC6194]. If replaced by
stronger algorithms, the computational requirement of a stronger
algorithms will make the task of authenticating every packet even
more difficult to achieve.
This document proposes that only BFD frames that signal a state
change in BFD be authenticated. The rest of the frames can be
transmitted and received without authentication enabled. Bulk of the
frames that are transmitted and received have no state change
associated with them. Limiting authentication to frames that affect
a BFD session state allows for more sessions to be supported for
authentication. Moreover, most BFD frames that signal a state change
are generally transmitted at a slower interval of 1s leaving enough
time to compute the hash.
Section 2 talks about the changes to authentication mode as described
in BFD [RFC5880].
Jethanandani, et al. Expires August 17, 2015 [Page 2]
Internet-Draft BFD Authentication February 2015
2. Authentication Mode
The cryptographic authentication mechanisms specified in BFD
[RFC5880] describes enabling and disabling of authentication as a one
time operation. As a security precaution, it mentions that
authentication state be allowed to change at most once. Once turned
on, the document talks about every packet being enabled with
Authentication bit and payload. In addition, it states that an
implementation SHOULD NOT allow the authentication state to be
changed based on the receipt of a BFD Control packet.
This document proposes that the authentication mode be modified to be
enabled on demand. Instead of every packet being authenticated, the
two ends can decide which frames need to be authenticated, and
authenticate only those frames. For example, the two ends can decide
that BFD frames that indicate a state change should be authenticated
and enable authentication on those frames only. If the two ends have
not previously negotiated which frames they will transmit or receive
with authentication enabled, then the BFD session will fail to come
up, because at least one end will expect every frame to be
authenticated.
3. IANA Considerations
This document makes no request of IANA.
Note to RFC Editor: this section may be removed on publication as an
RFC.
4. Security Considerations
The approach described in this document enhances the ability to
authentication a BFD session by taking away the onerous requirement
that every frame be authenticated. By authenticating frames that
affect the state of the session, the security of the BFD session is
maintained. As such this document does not change the security
considerations for BFD.
5. References
5.1. Normative References
[FIPS-180-2]
National Institute of Standards and Technology, FIPS PUB
180-2, "The Keyed-Hash Message Authentication Code
(HMAC)", August 2002.
Jethanandani, et al. Expires August 17, 2015 [Page 3]
Internet-Draft BFD Authentication February 2015
[FIPS-198]
National Institute of Standards and Technology, FIPS PUB
198, "The Keyed-Hash Message Authentication Code (HMAC)",
March 2002.
[I-D.ietf-bfd-generic-crypto-auth]
Bhatia, M., Manral, V., Zhang, D., and M. Jethanandani,
"BFD Generic Cryptographic Authentication", draft-ietf-
bfd-generic-crypto-auth-06 (work in progress), April 2014.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6039] Manral, V., Bhatia, M., Jaeggli, J., and R. White, "Issues
with Existing Cryptographic Protection Methods for Routing
Protocols", RFC 6039, October 2010.
[RFC6151] Turner, S. and L. Chen, "Updated Security Considerations
for the MD5 Message-Digest and the HMAC-MD5 Algorithms",
RFC 6151, March 2011.
[RFC6194] Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security
Considerations for the SHA-0 and SHA-1 Message-Digest
Algorithms", RFC 6194, March 2011.
5.2. Informative References
[Dobb96a] Dobbertin, H., "Cryptanalysis of MD5 Compress", May 1996.
[Dobb96b] Dobbertin, H., "The Status of MD5 After a Recent Attack",
CryptoBytes", 1996.
[I-D.ietf-karp-design-guide]
Lebovitz, G. and M. Bhatia, "Keying and Authentication for
Routing Protocols (KARP) Design Guidelines", draft-ietf-
karp-design-guide-10 (work in progress), December 2011.
[MD5-attack]
Wang, X., Feng, D., Lai, X., and H. Yu, "Collisions for
Hash Functions MD4, MD5, HAVAL-128 and RIPEMD", August
2004.
[NIST-HMAC-SHA]
National Institute of Standards and Technology, Available
online at http://csrc.nist.gov/groups/ST/hash/policy.html,
"NIST's Policy on Hash Functions", 2006.
Jethanandani, et al. Expires August 17, 2015 [Page 4]
Internet-Draft BFD Authentication February 2015
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, February
1997.
[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005.
[RFC4822] Atkinson, R. and M. Fanto, "RIPv2 Cryptographic
Authentication", RFC 4822, February 2007.
[RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
and M. Fanto, "IS-IS Generic Cryptographic
Authentication", RFC 5310, February 2009.
[RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M.,
Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic
Authentication", RFC 5709, October 2009.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, June 2010.
[RFC6234] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234, May 2011.
[SHA-1-attack1]
Wang, X., Yin, Y., and H. Yu, "Finding Collisions in the
Full SHA-1", 2005.
[SHA-1-attack2]
Wang, X., Yao, A., and F. Yao, "New Collision Search for
SHA-1", 2005.
Authors' Addresses
Mahesh Jethanandani
Ciena Corporation
3939 North 1st Street
San Jose, CA 95134
USA
Phone: +1 (408) 904-2160
Email: mjethanandani@gmail.com
Jethanandani, et al. Expires August 17, 2015 [Page 5]
Internet-Draft BFD Authentication February 2015
Ashesh Mishra
Ciena Corporation
3939 North 1st Street
San Jose, CA 95134
USA
Phone: +1 (408) 904-2114
Email: mishra.ashesh@gmail.com
Ankur Saxena
Ciena Corporation
3939 North 1st Street
San Jose, CA 95134
USA
Email: ankurpsaxena@gmail.com
Manav Bhatia
Ionos Networks
Bangalore
India
Email: manav@ionosnetworks.com
Jethanandani, et al. Expires August 17, 2015 [Page 6]
| PAFTECH AB 2003-2026 | 2026-04-23 22:02:52 |