[Dime] New Security Consideration Section for the QoS Drafts

To: <dime at ietf.org>
Subject: [Dime] New Security Consideration Section for the QoS Drafts
From: "Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>
Date: Sun, 9 Nov 2008 11:26:51 +0200
Delivered-to: ietfarch-dime-web-archive at core3.amsl.com
Delivered-to: dime at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
Sender: dime-bounces at ietf.org
Thread-index: AclCTUvI7I3mzyMrSM6RyzIzmNPMZw==

Hi all, 

Here is a first proposal for an updated security consideration section for 
* draft-ietf-dime-diameter-qos-06.txt
* draft-sun-dime-itu-t-rw

Ciao
Hannes

-----------------------------

11.  Security Considerations

   This document describes a mechanism for performing authorization of a
   QoS reservation at a third party entity.  Therefore, sufficient
   information needs to be made available to the Authorizing Entity to
   can make such an authorization decision.  Information may come from
   various sources, including the application layer signaling, the
   Diameter protocol (with its security mechanisms), from policy
   information stored available with a AAA server and from a QoS
   signaling protocol.

   Below there is a discussion about considerations for the Diameter QoS
   interaction between an Authorizing Entity and a Network Element.
   Security between the Authorizing Entity and the Network Element has a
   number of components: authentication, authorization, integrity and
   confidentiality.

   Authentication refers to confirming the identity of an originator for
   all datagrams received from the originator.  Lack of authentication
   of Diameter messages between the Authorizing Entity and the Network
   Element can seriously jeopardize the fundamental service rendered by
   the Network Element.  A consequence of not authenticating the message
   sender by the Network Element would be that an attacker could spoof
   the identity of a "legitimate" Authorizing Entity in order to
   allocate resources, change resource assignments or free resources.
   The adversary can also manipulate the state at the Network Element in
   such a way that it leads to a denial of service attack by, for
   example, setting the allowed bandwidth to zero or allocating the
   entire bandwidth available to a single flow.

   A consequence of not authenticating the Network Element to an
   Authorizing Entity is that an attacker could impact the policy based
   admission control procedure run by the Authorizing Entity to provide
   a wrong view of the resources used in the network.  Failing to
   provide the required credentials should be subject to logging.

   Authorization refers to whether a particular Authorizing Entity is
   authorized to signal a Network Element with requests for one or more
   applications, adhering to a certain policy profile.  Failing the
   authorization process might indicate a resource theft attempt or
   failure due to administrative and/or credential deficiencies.  In
   either case, the Network Element should take the proper measures to
   log such attempts.

   Integrity is required to ensure that a Diameter message has not been
   maliciously altered.  The result of a lack of data integrity
   enforcement in an untrusted environment could be that an imposter
   will alter the messages exchanged between a Network Entity and an
   Authorizing Entity potentially causing a denial of service.

   Confidentiality protection of Diameter messages ensures that the
   signaling data is accessible only to the authorized entities.  When
   signaling messages from the Application Server, via the Authorizing
   Entity towards the Network Element traverse untrusted networks, lack
   of confidentiality will allow eavesdropping and traffic analysis.
   Additionally, Diamater QoS messages may carry authorization tokens
   that require confidentiality protection.

   Lastly, there can be security vulnerability to the applications
   traversing a Network Element when a resource on a Network Element is
   controlled by multiple Authorizing Entities.  The operation of a
   Network Element may be disrupted due to conflicting directives from
   multiple Authorizing Entities.  Care must be taken in deployment to
   ensure that Network Elements are impacted by misconfiguration.

   Diameter offers security mechanisms to deal with the functionality
   demanded in the paragraphs above.  In particular, Diameter offers
   communication security between neighboring Diameter peers using
   Transport Layer Security (TLS) or IPsec.  Authorization capabilities
   are application specific and part of the overal implementation.













_______________________________________________
DiME mailing list
DiME at ietf.org
https://www.ietf.org/mailman/listinfo/dime

Prev by Date: Re: [Dime] [AAA-DOCTORS] AD Review of dime-qos-parameters-06.txt
Next by Date: Re: [Dime] [AAA-DOCTORS] AD Review of dime-qos-parameters-06.txt
Previous by thread: [Dime] Agenda Proposal
Next by thread: [Dime] Announcing draft-jones-3gpp-eps-command-codes-00
Index(es):
- Date
- Thread

[Dime] New Security Consideration Section for the QoS Drafts

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.