| < draft-ietf-dime-e2e-sec-req-02.txt | draft-ietf-dime-e2e-sec-req-03.txt > | |||
|---|---|---|---|---|
| DIME H. Tschofenig | DIME H. Tschofenig | |||
| Internet-Draft | Internet-Draft ARM Limited | |||
| Intended status: Informational J. Korhonen | Intended status: Informational J. Korhonen, Ed. | |||
| Expires: July 30, 2015 Broadcom | Expires: December 19, 2015 Broadcom Corporation | |||
| G. Zorn | G. Zorn | |||
| Network Zen | Network Zen | |||
| K. Pillay | K. Pillay | |||
| Oracle Communications | Oracle Communications | |||
| January 26, 2015 | June 17, 2015 | |||
| Diameter AVP Level Security End-to-End Security: Scenarios and | Diameter AVP Level Security End-to-End Security: Scenarios and | |||
| Requirements | Requirements | |||
| draft-ietf-dime-e2e-sec-req-02.txt | draft-ietf-dime-e2e-sec-req-03.txt | |||
| Abstract | Abstract | |||
| This specification discusses requirements for providing Diameter | This specification discusses requirements for providing Diameter | |||
| security at the level of individual Attribute Value Pairs. | security at the level of individual Attribute Value Pairs. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 30, 2015. | This Internet-Draft will expire on December 19, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 36 ¶ | skipping to change at page 2, line 36 ¶ | |||
| between neighboring Diameter peers and mandates that either TLS (for | between neighboring Diameter peers and mandates that either TLS (for | |||
| TCP), DTLS (for SCTP), or IPsec is used. These security protocols | TCP), DTLS (for SCTP), or IPsec is used. These security protocols | |||
| offer a wide range of security properties, including entity | offer a wide range of security properties, including entity | |||
| authentication, data-origin authentication, integrity, | authentication, data-origin authentication, integrity, | |||
| confidentiality protection and replay protection. They also support | confidentiality protection and replay protection. They also support | |||
| a large number of cryptographic algorithms, algorithm negotiation, | a large number of cryptographic algorithms, algorithm negotiation, | |||
| and different types of credentials. | and different types of credentials. | |||
| The need to also offer additional security protection of AVPs between | The need to also offer additional security protection of AVPs between | |||
| non-neighboring Diameter nodes was recognized very early in the work | non-neighboring Diameter nodes was recognized very early in the work | |||
| on Diameter. This lead to work on Diameter security using the | on Diameter. This led to work on Diameter security using the | |||
| Cryptographic Message Syntax (CMS) [3]. Due to lack of deployment | Cryptographic Message Syntax (CMS) [3]. Due to lack of deployment | |||
| interest at that time (and the complexity of the developed solution) | interest at that time (and the complexity of the developed solution) | |||
| the specification was, however, never completed. | the specification was, however, never completed. | |||
| In the meanwhile Diameter had received a lot of deployment interest | In the meanwhile Diameter had received a lot of deployment interest | |||
| from the cellular operator community and because of the | from the cellular operator community and because of the | |||
| sophistication of those deployments the need for protecting Diameter | sophistication of those deployments the need for protecting Diameter | |||
| AVPs between non-neighboring nodes re-surfaced. Since early 2000 | AVPs between non-neighboring nodes re-surfaced. Since early 2000 | |||
| (when the work on [3] was discontinued) the Internet community had | (when the work on [3] was discontinued) the Internet community had | |||
| seen advances in cryptographic algorithms (for example, authenticated | seen advances in cryptographic algorithms (for example, authenticated | |||
| encryption algorithms) and new security building blocks were | encryption algorithms) and new security building blocks were | |||
| developed. | developed. | |||
| This document collects requirements for developing a solution to | This document collects requirements for developing a solution to | |||
| protect Diameter AVPs. | protect Diameter AVPs. | |||
| 2. Terminology | 2. Terminology | |||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', | |||
| 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this | 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this | |||
| specification are to be interpreted as described in [1]. | documents are to be interpreted as described in RFC 2119 [1]. | |||
| This document re-uses terminology from the Diameter base | This document re-uses terminology from the Diameter base | |||
| specification [2]. | specification [2]. | |||
| In the figures below we use the symbols 'AVP' and '{AVP}k'. AVP | In the figures below we use the symbols 'AVP' and '{AVP}k'. AVP | |||
| refers to an unprotected AVP and {AVP}k refers to an AVP that | refers to an unprotected AVP and {AVP}k refers to an AVP that | |||
| experiences security protection (using key "k") without further | experiences security protection (using key "k") without further | |||
| distinguishing between integrity and confidentiality protection. | distinguishing between integrity and confidentiality protection. | |||
| 3. Security Threats | 3. Security Threats | |||
| The follow description aims to illustrate various security threats | The following description aims to illustrate various security threats | |||
| that raise the need for protecting Diameter Attribute Value Pairs | that raise the need for protecting Diameter Attribute Value Pairs | |||
| (AVPs). Figure 1 illustrates an example Diameter topology where a | (AVPs). Figure 1 illustrates an example Diameter topology where a | |||
| Diameter clients want to interact with the example.com home domain. | Diameter clients want to interact with the example.com home domain. | |||
| To interconnect the two visited networks a AAA interconnection | To interconnect the two visited networks a AAA interconnection | |||
| provider, labeled as AAA Broker, is used. | provider, labeled as AAA Broker, is used. | |||
| +oooooooooooooooooo+ +====================+ | +oooooooooooooooooo+ +====================+ | |||
| | Example.net | | | | | Example.net | | | | |||
| | | | | | | | | | | |||
| +--------+ +--------+ +--------+ +--------+ | +--------+ +--------+ +--------+ +--------+ | |||
| skipping to change at page 5, line 15 ¶ | skipping to change at page 5, line 15 ¶ | |||
| To detect such actions additional security protection needs to be | To detect such actions additional security protection needs to be | |||
| applied at the Diameter layer. | applied at the Diameter layer. | |||
| Nodes that could launch such an attack are any Diameter agents | Nodes that could launch such an attack are any Diameter agents | |||
| along the end-to-end communication path. | along the end-to-end communication path. | |||
| Impersonation: Imagine a case where a Diameter message from | Impersonation: Imagine a case where a Diameter message from | |||
| Example.net contains information claiming to be from Example.org. | Example.net contains information claiming to be from Example.org. | |||
| This would either require strict verification at the edge of the | This would either require strict verification at the edge of the | |||
| AAA broker network or cryptographic assurance at the Diameter | AAA broker network or cryptographic assurance at the Diameter | |||
| layer to provent a successful impersonation attack. | layer to prevent a successful impersonation attack. | |||
| Any Diameter realm could launch such an attack aiming for | Any Diameter realm could launch such an attack aiming for | |||
| financial benefits or to disrupt service availability. | financial benefits or to disrupt service availability. | |||
| 4. Scenarios for Diameter AVP-Level Protection | 4. Scenarios for Diameter AVP-Level Protection | |||
| This scenario outlines a number of cases for deploying security | This scenario outlines a number of cases for deploying security | |||
| protection of individual Diameter AVPs. | protection of individual Diameter AVPs. | |||
| In the first scenario, shown in Figure 2, end-to-end security | In the first scenario, shown in Figure 2, end-to-end security | |||
| skipping to change at page 6, line 42 ¶ | skipping to change at page 6, line 42 ¶ | |||
| security protection for individual Diameter AVPs. Without protection | security protection for individual Diameter AVPs. Without protection | |||
| there is the possibility for password sniffing, confidentiality | there is the possibility for password sniffing, confidentiality | |||
| violation, AVP insertion, deletion or modification. Additionally, | violation, AVP insertion, deletion or modification. Additionally, | |||
| applying digital signature offers non-repudiation capabilities; a | applying digital signature offers non-repudiation capabilities; a | |||
| feature not yet available in today's Diameter deployment. | feature not yet available in today's Diameter deployment. | |||
| Modification of certain Diameter AVPs may not necessarily be the act | Modification of certain Diameter AVPs may not necessarily be the act | |||
| of malicious behavior but could also be the result of | of malicious behavior but could also be the result of | |||
| misconfiguration. An over-aggressively configured firewalling | misconfiguration. An over-aggressively configured firewalling | |||
| Diameter proxy may also remove certain AVPs. In most cases data | Diameter proxy may also remove certain AVPs. In most cases data | |||
| origin authentication and integrity protection of AVPs will provide | origin authentication and integrity protection of AVPs will provide | |||
| most benefits for existing deployments with minimal overhead and | the most benefits for existing deployments with minimal overhead and | |||
| (potentially) operating in a full-backwards compatible manner. | (potentially) operating in a full-backwards compatible manner. | |||
| 5. Requirements | 5. Requirements | |||
| Requirement #1: Solutions MUST support an extensible set of | Requirement #1: Solutions MUST support an extensible set of | |||
| cryptographic algorithms. | cryptographic algorithms. | |||
| Motivation: Crypto-agility is the ability of a protocol to | Motivation: Solutions MUST be able to evolve to adapt to | |||
| adapt to evolving cryptographic algorithms and security | evolving cryptographic algorithms and security requirements. | |||
| requirements. This may include the provision of a modular | This may include the provision of a modular mechanism to allow | |||
| mechanism to allow cryptographic algorithms to be updated | cryptographic algorithms to be updated without substantial | |||
| without substantial disruption to deployed implementations. | disruption to deployed implementations. | |||
| Requirement #2: Solutions MUST support confidentiality, integrity, | Requirement #2: Solutions MUST support confidentiality, integrity, | |||
| and data-origin authentication. Solutions for integrity | and data-origin authentication. Solutions for integrity | |||
| protection MUST work in a backwards-compatible way with existing | protection MUST work in a backwards-compatible way with existing | |||
| Diameter applications. | Diameter applications. | |||
| Requirement #3: Solutions MUST support replay protection. Any | Requirement #3: Solutions MUST support replay protection. All | |||
| Diameter node has an access to network time and thus can | Diameter nodes have access to network time and thus can | |||
| synchronise their clocks. | synchronize their clocks. | |||
| Requirement #4: Solutions MUST support the ability to delegate | Requirement #4: Solutions MUST support the ability to delegate | |||
| security functionality to another entity | security functionality to another entity | |||
| Motivation: As described in Section 4 the ability to let a | Motivation: As described in Section 4 the ability to let a | |||
| Diameter proxy to perform security services on behalf of all | Diameter proxy to perform security services on behalf of all | |||
| clients within the same administrative domain is important for | clients within the same administrative domain is important for | |||
| incremental deployability. The same applies to the other | incremental deployability. The same applies to the other | |||
| communication side where a load balancer terminates security | communication side where a load balancer terminates security | |||
| services for the servers it interfaces. | services for the servers it interfaces. | |||
| Requirement #5: Solutions MUST be able to selectively apply their | Requirement #5: Solutions MUST be able to selectively apply their | |||
| cryptographic protection to certain Diameter AVPs. | cryptographic protection to certain Diameter AVPs. | |||
| Motivation: Some Diameter applications assume that certain AVPs | Motivation: Some Diameter applications assume that certain AVPs | |||
| are added, removed, or modified by intermediaries. As such, it | are added, removed, or modified by intermediaries. As such, it | |||
| MUST be possible to apply security protection selectively. | MUST be possible to apply security protection selectively. | |||
| Furthermore, there are AVPs that MUST NOT be confidentiality | ||||
| protected but MAY still be integrity protected such as those | ||||
| required for Diameter message routing. | ||||
| Requirement #6: Solutions MUST recommend a mandatory-to-implement | Requirement #6: Solutions MUST recommend a mandatory-to-implement | |||
| cryptographic algorithm. | cryptographic algorithm. | |||
| Motivation: For interoperability purposes it is beneficial to | Motivation: For interoperability purposes it is beneficial to | |||
| have a mandatory-to-implement cryptographic algorithm specified | have a mandatory-to-implement cryptographic algorithm specified | |||
| (unless profiles for specific usage environments specify | (unless profiles for specific usage environments specify | |||
| otherwise). | otherwise). | |||
| Requirement #7: Solutions MUST support symmetric keys and asymmetric | Requirement #7: Solutions MUST support symmetric keys and asymmetric | |||
| skipping to change at page 8, line 27 ¶ | skipping to change at page 8, line 30 ¶ | |||
| This entire document focused on the discussion of new functionality | This entire document focused on the discussion of new functionality | |||
| for securing Diameter AVPs selectively between non-neighboring nodes. | for securing Diameter AVPs selectively between non-neighboring nodes. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This document does not require actions by IANA. | This document does not require actions by IANA. | |||
| 8. Acknowledgments | 8. Acknowledgments | |||
| We would like to thank Guenther Horn, Martin Dolly, for his review | We would like to thank Guenther Horn, Martin Dolly, Steve Donovan and | |||
| comments. | Tom Taylor for their review comments. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [1] Bradner, S., "Key words for use in RFCs to Indicate | [1] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [2] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, | [2] Fajardo, V., Arkko, J., Loughney, J., and G. Zorn, | |||
| "Diameter Base Protocol", RFC 6733, October 2012. | "Diameter Base Protocol", RFC 6733, October 2012. | |||
| skipping to change at page 9, line 8 ¶ | skipping to change at page 9, line 8 ¶ | |||
| Security Application", draft-ietf-aaa-diameter-cms-sec-04 | Security Application", draft-ietf-aaa-diameter-cms-sec-04 | |||
| (work in progress), March 2002. | (work in progress), March 2002. | |||
| [4] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | [4] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible | |||
| Authentication Protocol (EAP) Application", RFC 4072, | Authentication Protocol (EAP) Application", RFC 4072, | |||
| August 2005. | August 2005. | |||
| Authors' Addresses | Authors' Addresses | |||
| Hannes Tschofenig | Hannes Tschofenig | |||
| Hall in Tirol 6060 | ARM Limited | |||
| Austria | Austria | |||
| Email: Hannes.tschofenig@gmx.net | Email: Hannes.tschofenig@gmx.net | |||
| URI: http://www.tschofenig.priv.at | URI: http://www.tschofenig.priv.at | |||
| Jouni Korhonen | Jouni Korhonen (editor) | |||
| Broadcom | Broadcom Corporation | |||
| Porkkalankatu 24 | 3151 Zanker Rd. | |||
| Helsinki 00180 | San Jose, CA 95134 | |||
| Finland | USA | |||
| Email: jouni.nospam@gmail.com | Email: jouni.nospam@gmail.com | |||
| Glen Zorn | Glen Zorn | |||
| Network Zen | Network Zen | |||
| 227/358 Thanon Sanphawut | 227/358 Thanon Sanphawut | |||
| Bang Na Bangkok 10260 | Bang Na Bangkok 10260 | |||
| Thailand | Thailand | |||
| Email: glenzorn@gmail.com | Email: glenzorn@gmail.com | |||
| End of changes. 15 change blocks. | ||||
| 27 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||