l3a: a protocol for layer three accounting alwyn goodloe, matthew jacobs, gaurav shah university of...
TRANSCRIPT
L3A: A Protocol for Layer Three Accounting
Alwyn Goodloe, Matthew Jacobs, Gaurav ShahUniversity of Pennsylvania
Carl A. GunterUniversity of Illinois
SOHO to Enterprise Example
Home Internet Office
C AP VPN SWPA to AP
Ipsec to Office
SSH to Server
Three levels ofAuthentication andEncryption!
Address TranslatorsAnd Firewalls
Multi-Tunnel Configuration
Application
Protocols to set upTunnels/
Security Objectives Of Tunnels
N/W Security/Key Exchange
Cramming Attacks
Client Server
AccountingSystem
SD
Professional Workstation 6000
PRO
Attacker
E2E SecurityTunnel
NetworkAccessServer(NAS)
NAS SecurityTunnel
UnauthenticatedIngress
Countermeasures
Add difficult-to-discover state to return port. Problematic: On-path attackers Establishing sufficient state
Example: Network Address Translation (NAT) Determined by four flow parameters Well known destinations give strategies for server ports
and addresses Weaknesses in NAT parameter selections Brute force: 10,000 pkts/sec on stock machine Observed 7 minutes for timeout
Tunnel as Countermeasure
NAS
Client ServerEncrypted and
Authenticated E2E Tunnel
AuthenticatedClient2NAS
Tunnel
AuthenticatedNAS2Server
Tunnel
Challenge: Coordinate the creation of the tunnels
Related Work
Accounting Simple Network
Management Protocol (SNMP)
RADIUS Juniper Networks:
GPRS gateway provides protection against “over-billing” attacks
Tunnel Configuration Solsoft Policy Server Z. Fu and S.F. Wu
2001 Cisco Dynamic
Multipoint VPN (DM VPN)
Cisco Tunnel Endpoint Discovery (TED)
L3A Set-Up
Client NAS Server
Req(cred)
Ack(cred)
Fin
SPD CS:(CN)
SPD CS:(CN)
SPD SC:(SN)
SPD:SC:(SN)
L3A Set-Up With Reuse
Client
Server1
Server2
NAS
Req(Cred)
SPD CS2:(CN)
SPD CS2:(CN)
SPD S2C:(S2N)
SPD S2C:(S2N)
Ack(cred)
L3A Tear-Down
eb d
f
1.delete(e)
remove e
remove f
2.delete(e,f)
3.TD-Req(n-s)
6.TD-Ack(n,s)
4.delete(c)
5.delete(c,d)
remove c
remove e, f
remove dremove c, d
remove a
remove bremove a, b
7.delete(a)
8.delete(a,b)
a c
Client NAS
Server
Implementation
Micron 600MHz Pentiums, 128 MB memory in C/S and 256 in NAS, 100 Mbps Ethernet links
FreeBSD 4.8, OpenSSL crypto, PF_KEY interface to SPD
IKE- our implementation of IKEv2 with support for nested tunnels
IKE-
Initiator
Update SADB:I->RUpdate SPDB:I->R
Update SADB:R->I
Update SPDB:R->I
Update SADB:I->R
Update SPDB:I->R
Update SADB:R->I
Update SPDB:R->I
1. SPI-i,0,F,KE-i,n-i
2. SPI-i,SPI-r,F, KE-r, n-r
3. SPI-i,SPI-r, E*(Sk-r,M)where M = ID-i,ID-r,Cert-i,Auth-i,TS-i,TS-r
4. SPI-i, SPI-r, E*(SK-r,N)where N = ID-i, Cert-r, Auth-r
SD
Professional Workstation 6000
PRO
SD
Professional Workstation 6000
PRO
Responder
Performance Measurements
Throughput How does L3A bulk transmission compare to no
accounting or other approaches to accounting? Latency
How does L3A set-up compare to other approaches in ms required for set-up and tear-down?
Both measured for a single client and server; NAS was only lightly loaded.
NAS
Client ServerEncrypted and
Authenticated E2E Tunnel
AuthenticatedClient2NAS
Tunnel
AuthenticatedNAS2Server
Tunnel
Throughput Cases
Base – no security End-to-end – IPsec with encryption and
authentication between client and server Typical – IPsec E2E and IPsec with
encryption and authentication between client and NAS
L3A – E2E and authenticated tunnels between client and NAS NAS and server
Throughput
0
10
20
30
40
50
60
70
80
90
Base End-to-end Typical L3A
Mb
/s
79.7
25.4
9.6
19.3
L3A is 100% faster than typical L3A is 32% slower than no accounting
Latency Cases
End-to-end – IPsec IKE- from end to end L3A without reuse L3A with reuse of client to NAS tunnel
Latency
0
20
40
60
80
100
120
140
160
180
End-to-end L3A w/ Reuse L3A w/o Reuse
Tim
e (m
s)
66
97.9
159.5
Latency to establish tunnels for accounting is 142% greater than end-to-end protection alone, but
In the most common case, it will be only 48% longer.
Conclusions
Introduced concept of cramming attacks Reviewed possible countermeasures and did
penetration study of NAT Proposed L3A protocol Implementation shows reasonable
performance Main contribution: progress on how to design
multi-tunnel protocols