| < draft-xu-tictoc-ipsec-security-for-synchronization-01.txt | draft-xu-tictoc-ipsec-security-for-synchronization-02.txt > | |||
|---|---|---|---|---|
| TICTOC Y. Xu | TICTOC Y. Xu | |||
| Internet-Draft Huawei Technologies | Internet-Draft Huawei Technologies | |||
| Intended status: Standards Track July 5, 2011 | Intended status: Standards Track September 16, 2011 | |||
| Expires: January 6, 2012 | Expires: March 19, 2012 | |||
| IPsec security for packet based synchronization | IPsec security for packet based synchronization | |||
| draft-xu-tictoc-ipsec-security-for-synchronization-01.txt | draft-xu-tictoc-ipsec-security-for-synchronization-02.txt | |||
| Abstract | Abstract | |||
| Cellular networks often use Internet standard technologies to handle | Cellular networks often use Internet standard technologies to handle | |||
| synchronization. This document defines a extension based on WESP. | synchronization. This document defines an extension based on WESP. | |||
| Usually, several traffic flows are carried in one IPsec tunnel, for | Usually, several traffic flows are carried in one IPsec tunnel, for | |||
| some applications, such as, 1588 or NTP, the packets need to be | some applications, such as, 1588 or NTP, the packets need to be | |||
| identified after IPsec encryption to handle specially. In order to | identified after IPsec encryption to handle specially. In order to | |||
| achieve high scalability in implement, a separate IPsec tunnel will | achieve high scalability in implement, a separate IPsec tunnel will | |||
| not be established for some special traffic. This document analyses | not be established for some special traffic. This document analyses | |||
| the need for security methods for synchronization messages | the need for security methods for synchronization messages | |||
| distributed over the Internet. This document also gives a solution | distributed over the Internet. This document also gives a solution | |||
| on how to mark the synchronization message when IPSec is implemented | on how to mark the synchronization message when IPSec is implemented | |||
| in end to end frequency synchronization." | in end to end frequency synchronization." | |||
| skipping to change at page 4, line 7 ¶ | skipping to change at page 4, line 7 ¶ | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 | 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . . 15 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 15 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . . 15 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 15 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 1. Introduction | 1. Introduction | |||
| When transfering timing in internet, a shared infrastructure is used, | When transferring timing in internet, a shared infrastructure is used, | |||
| and hence the path is no longer physically deterministic. It leaves | and hence the path is no longer physically deterministic. It leaves | |||
| open the possibility to disrupt, corrupt or even spoof the timing | open the possibility to disrupt, corrupt or even spoof the timing | |||
| flow, where a timing signal purports to come from a higher quality | flow, where a timing signal purports to come from a higher quality | |||
| clock than it actually does. In the extreme, this may be used to | clock than it actually does. In the extreme, this may be used to | |||
| attack the integrity of the network, to disrupt the synchronization | attack the integrity of the network, to disrupt the synchronization | |||
| flow, or cause authentication failures. On the other hand, it may be | flow, or cause authentication failures. On the other hand, it may be | |||
| possible for unauthorized users to request service from a clock | possible for unauthorized users to request service from a clock | |||
| server. This may overload a clock server and compromise its ability | server. This may overload a clock server and compromise its ability | |||
| to deliver timing to authorized users. | to deliver timing to authorized users. | |||
| For the cellular backhaul applications, two kinds of synchronization | For the cellular backhaul applications, two kinds of synchronization | |||
| is needed, one is the recovery of an accurate and stable frequency | are needed, one is the recovery of an accurate and stable frequency | |||
| synchronization signal as a reference for the radio signal (e.g. | synchronization signal as a reference for the radio signal (e.g. | |||
| GSM, UMTS FDD, LTE FDD). In addition to frequency synchronization, | GSM, UMTS FDD, LTE FDD). In addition to frequency synchronization, | |||
| phase/time synchronization are also needed in Mobile technologies, | phase/time synchronization are also needed in Mobile technologies, | |||
| This is the case for the TDD technologies such as UMTS TDD,LTE TDD. | This is the case for the TDD technologies such as UMTS TDD,LTE TDD. | |||
| Frequency synchronization is normally implemented in an end-to-end | Frequency synchronization is normally implemented in an end-to-end | |||
| scenario where none of the intermediate nodes in the network have to | scenario where none of the intermediate nodes in the network have to | |||
| recognize and process the synchronization packets. However In phase/ | recognize and process the synchronization packets. However In phase/ | |||
| time synchronization, a hop-by-hop scenario will request intermediate | time synchronization, a hop-by-hop scenario will request intermediate | |||
| nodes to process the synchronization packets If very accurate phase/ | nodes to process the synchronization packets If very accurate phase/ | |||
| time is needed (e.g. sub-microsecond accuracy). | time is needed (e.g. sub-microsecond accuracy). | |||
| Femtocell is the typical cellular backhaul application that requires | Femtocell is the typical cellular backhaul application that requires | |||
| time synchronization. A Femtocell is defined as a wireless base | time synchronization. A Femtocell is defined as a wireless base | |||
| station for deployment in residential environments and is typically | station for deployment in residential environments and is typically | |||
| connected to the mobile core network via a public broadband | connected to the mobile core network via a public broadband | |||
| connection (eg., DSL modem, cable modem). Femtocell improves | connection (eg., DSL modem, cable modem). Femtocell improves | |||
| cellular network coverage and saves cost for operators. Just like a | cellular network coverage and saves cost for operators. Just like a | |||
| typical macrocell (larger base station), Femtocells (residential base | typical macrocell (larger base station), a Femtocell (residential base | |||
| stations) require a certain level of synchronization (frequency or | station) requires a certain level of synchronization (frequency or | |||
| phase/time) on the air interface, predominantly frequency | phase/time) on the air interface, predominantly frequency | |||
| requirements. | requirements. | |||
| The [3GPP.33.320] specification defines some of the high-level | The [3GPP.33.320] specification defines some of the high-level | |||
| network architecture aspects of a Home NodeB (3G UMTS) and a Home | network architecture aspects of a Home NodeB (3G UMTS) and a Home | |||
| eNodeB (4G LTE). In addition, the Femto Forum organization also | eNodeB (4G LTE). In addition, the Femto Forum organization also | |||
| provides a network reference model very similar to 3GPP. Both | provides a network reference model very similar to 3GPP. Both | |||
| architectures have commonalities as illustrated in Figure 1. | architectures have commonalities as illustrated in Figure 1. | |||
| +-------------+ | +-------------+ | |||
| skipping to change at page 7, line 25 ¶ | skipping to change at page 7, line 25 ¶ | |||
| be performed in the synchronization device itself, or it might be | be performed in the synchronization device itself, or it might be | |||
| performed in a separate device, e.g. a secure gateway. An example | performed in a separate device, e.g. a secure gateway. An example | |||
| might be where the timing packets have to pass through an encrypted | might be where the timing packets have to pass through an encrypted | |||
| tunnel (e.g. an IPSec tunnel). Full encryption might be required for | tunnel (e.g. an IPSec tunnel). Full encryption might be required for | |||
| various reasons. The contents of the packet may be considered | various reasons. The contents of the packet may be considered | |||
| secret, such as might be the case where accuracy of the time | secret, such as might be the case where accuracy of the time | |||
| distribution is being sold as a service. Alternatively, it may be | distribution is being sold as a service. Alternatively, it may be | |||
| because other traffic from a device is considered secret, and hence | because other traffic from a device is considered secret, and hence | |||
| it is easier to encrypt all traffic. | it is easier to encrypt all traffic. | |||
| IPsec,as a popular security mechanism, is being considered in some | IPsec, as a popular security mechanism, is being considered in some | |||
| mobile applications, especially in case of unsecure backhaul links | mobile applications, especially in case of unsecure backhaul links | |||
| (e.g. Femtocells, [3GPP.33.320]) being involved. IPsec can provide | (e.g. Femtocells, [3GPP.33.320]) being involved. IPsec can provide | |||
| data source authentication, confidentiality, integrity that is | data source authentication, confidentiality, integrity that is | |||
| suitable to end to end synchronization without intermediate nodes. | suitable to end to end synchronization without intermediate nodes. | |||
| It provides security services by Authentication header (AH) and | It provides security services by Authentication header (AH) and | |||
| Encapsulating security payload (ESP). Authentication Header provides | Encapsulating security payload (ESP). Authentication Header provides | |||
| integrity protection and data origin authentication. Moreover, ESP | integrity protection and data origin authentication. Moreover, ESP | |||
| can be used to provide confidentiality besides data origin | can be used to provide confidentiality besides data origin | |||
| authentication, connectionless integrity. For the time packet | authentication, connectionless integrity. For the time packet | |||
| protection, the critical issue is the precision of the timestamps. | protection, the critical issue is the precision of the timestamps. | |||
| skipping to change at page 8, line 7 ¶ | skipping to change at page 8, line 7 ¶ | |||
| packets as defined in [IEEE1588]as the port is encrypted by IPsec. | packets as defined in [IEEE1588]as the port is encrypted by IPsec. | |||
| It becomes complicated when processing IPsec packets as the nodes | It becomes complicated when processing IPsec packets as the nodes | |||
| will not be able to identify the 1588 packets that need to be time | will not be able to identify the 1588 packets that need to be time | |||
| stamped any more. This document describes a method to resolve this | stamped any more. This document describes a method to resolve this | |||
| problem. For time packets, some identifiers that can be used to | problem. For time packets, some identifiers that can be used to | |||
| recognize all such packet at the physical layer are defined in WESP, | recognize all such packet at the physical layer are defined in WESP, | |||
| and all of these are provided with data integrity protection. For | and all of these are provided with data integrity protection. For | |||
| example, if only frequency synchronization is needed, an end-to-end | example, if only frequency synchronization is needed, an end-to-end | |||
| scenario where none of the intermediate nodes in the network have to | scenario where none of the intermediate nodes in the network have to | |||
| recognise and process the synchronization packets might be suitable | recognise and process the synchronization packets might be suitable | |||
| to use IPsec security mechansim. In this case, the synchronization | to use IPsec security mechanism. In this case, the synchronization | |||
| packets will be encrypted if the packed is transported in the IPSec | packets will be encrypted if the packed is transported in the IPSec | |||
| tunnel. | tunnel. | |||
| IPsec can meet synchronization rquirement 1 and 2 in section 3. | IPsec can meet synchronization requirement 1 and 2 in section 3. | |||
| However IPsec still need some enhancement to meet requirement 3. | However IPsec still need some enhancement to meet requirement 3. | |||
| Normally, device will decrypt IPSec message in IP layer, but in order | Normally, device will decrypt IPSec message in IP layer, but in order | |||
| to improve the synchronization accuracy, some synchronization | to improve the synchronization accuracy, some synchronization | |||
| protocol (e.g. [IEEE1588]) requests to process the synchronization | protocol (e.g. [IEEE1588]) requests to process the synchronization | |||
| message in hardware, therefore the synchronization device may need to | message in hardware, therefore the synchronization device may need to | |||
| identify synchronization messages in physical layer before the | identify synchronization messages in physical layer before the | |||
| message is decrypted. How to identify the synchronization messages | message is decrypted. How to identify the synchronization messages | |||
| in IPsec becomes the most important issue to keep the synchronization | in IPsec becomes the most important issue to keep the synchronization | |||
| accuracy in IPsec synchronization scenario. | accuracy in IPsec synchronization scenario. | |||
| skipping to change at page 10, line 21 ¶ | skipping to change at page 10, line 21 ¶ | |||
| header is an empty field initialized to zero if using ESP with | header is an empty field initialized to zero if using ESP with | |||
| encryption. | encryption. | |||
| o HdrLen is identical with the definition in [RFC5840]. It is the | o HdrLen is identical with the definition in [RFC5840]. It is the | |||
| offset from the beginning of the WESP header to the beginning of | offset from the beginning of the WESP header to the beginning of | |||
| the Rest of Payload Data (i.e., past the IV, if present and any | the Rest of Payload Data (i.e., past the IV, if present and any | |||
| other WESP options defined in the future) within the encapsulated | other WESP options defined in the future) within the encapsulated | |||
| ESP header, in octets. HdrLen MUST be set to zero when using ESP | ESP header, in octets. HdrLen MUST be set to zero when using ESP | |||
| with encryption. | with encryption. | |||
| o TrailerLen contains the size of the Integrity Check Value (ICV) | o TrailerLen contains the size of the Integrity Check Value (ICV) | |||
| being used by the negotiated algorithms within the IPsec SA. | being used by the negotiated algorithms within the IPsec SA. | |||
| TrailerLen MUST be set to zero when using ESP with encryption.One | TrailerLen MUST be set to zero when using ESP with encryption. One | |||
| issue must be taken into account that if using ESP with | issue must be taken into account that if using ESP with | |||
| encryption, TrailerLen has lost the significance of ICV, as any | encryption, TrailerLen has lost the significance of ICV, as any | |||
| attacker could juggle the field definition above, Next Header, | attacker could juggle the field definition above, Next Header, | |||
| HdrLen, TrailerLen to zero, and forward the modified packet to the | HdrLen, TrailerLen to zero, and forward the modified packet to the | |||
| receiver. The receiver will deal with the dummy encrypted packet | receiver. The receiver will deal with the dummy encrypted packet | |||
| falsely. | falsely. | |||
| o Authentication cotains extended data type, extended data length, | o Authentication contains extended data type, extended data length, | |||
| the optional Algorithm ID field and extended data and ICV when | the optional Algorithm ID field and extended data and ICV when | |||
| using ESP with encryption. This part will be depicted in next | using ESP with encryption. This part will be depicted in next | |||
| section. | section. | |||
| o Flags: The bits are defined most-significant-bit (MSB) first, so | o Flags: The bits are defined most-significant-bit (MSB) first, so | |||
| bit 0 is the most significant bit of the flags octet. The four | bit 0 is the most significant bit of the flags octet. The four | |||
| bits "Rsvd" are used for the future, the least significant bit of | bits "Rsvd" are used for the future, the least significant bit of | |||
| the four bit to indicate the some extended information is included | the four bit to indicate the some extended information is included | |||
| when using ESP not only integrity but also with encryption, i.e., | when using ESP not only integrity but also with encryption, i.e., | |||
| if the least significant bit is set to one, the corresponding | if the least significant bit is set to one, the corresponding | |||
| extended information will be contained in Authentication payload. | extended information will be contained in Authentication payload. | |||
| skipping to change at page 13, line 46 ¶ | skipping to change at page 13, line 46 ¶ | |||
| | | | | | | | | |||
| | message with time packets | | | | message with time packets | | | |||
| |<----------------------------------|-------------------| | |<----------------------------------|-------------------| | |||
| | | | | | | | | |||
| +--------------+ | | | +--------------+ | | | |||
| |identify the | | | | |identify the | | | | |||
| |timing packet | | | | |timing packet | | | | |||
| | | | | | | | | | | |||
| +--------------+ | | | +--------------+ | | | |||
| Figure 5. example procedure | Figure 7. Example Procedure | |||
| In the Security Gateway scenario, The IPsec with tunnel mode is | In the Security Gateway scenario, The IPsec with tunnel mode is | |||
| established between Femtocell and Security Gateway. After Femtocell | established between Femtocell and Security Gateway. After Femtocell | |||
| and Clock server exchange the Sync Request and Sync Response, the | and Clock server exchange the Sync Request and Sync Response, the | |||
| clock server will send the time packets to Femtocell to implement | clock server will send the time packets to Femtocell to implement | |||
| frequency synchronization with the protection of IPsec tunnel. When | frequency synchronization with the protection of IPsec tunnel. When | |||
| Femtocell receives the message, it can identify whether it is time | Femtocell receives the message, it can identify whether it is time | |||
| packet, and can also identify whether the time packet is the event | packet, and can also identify whether the time packet is the event | |||
| message by the time packet information in the unencryped field as | message by the time packet information in the unencrypted field as | |||
| defined in the new ESP format. If the message is time packet and | defined in the new ESP format. If the message is time packet and | |||
| identifies that it is the event message, Femtocell will do special | identifies that it is the event message, Femtocell will do special | |||
| process for the event message, such as recording the message | process for the event message, such as recording the message | |||
| receiving time. On the server side, When Security Gateway receives | receiving time. On the server side, When Security Gateway receives | |||
| the message, it identifies the time packet at first, then put | the message, it identifies the time packet at first, then put | |||
| appropriate value to Data type field to identify the message type in | appropriate value to Data type field to identify the message type in | |||
| Payload Data, after that, it could put more packet information into | Payload Data, after that, it could put more packet information into | |||
| Authentication Payload, such as UDP port number or timestamps, then | Authentication Payload, such as UDP port number or timestamps, then | |||
| Extended Data Length, Algorithm ID, Extended Data integrity Check | Extended Data Length, Algorithm ID, Extended Data integrity Check | |||
| value, could also be filled consequently. | value, could also be filled consequently. | |||
| skipping to change at page 14, line 42 ¶ | skipping to change at page 14, line 42 ¶ | |||
| This document describes the modification or extension for the WESP | This document describes the modification or extension for the WESP | |||
| for the additional application. The approach described in this | for the additional application. The approach described in this | |||
| document requires the ESP endpoints to be modified to support the new | document requires the ESP endpoints to be modified to support the new | |||
| protocol. It allows the ESP receiver or intermediate node not only | protocol. It allows the ESP receiver or intermediate node not only | |||
| to distinguish encrypted and unencrypted traffic deterministically, | to distinguish encrypted and unencrypted traffic deterministically, | |||
| but also identify whether the encrypted packets are the common | but also identify whether the encrypted packets are the common | |||
| packets or the time packets by a simpler implementation for the | packets or the time packets by a simpler implementation for the | |||
| transport node. | transport node. | |||
| Note that whether the time packets identified by the defined mark | ||||
| or tag are transparent or not, there is always a possibility for | ||||
| attackers to employ interception attacks to block transmission. | ||||
| How to prevent interception attack is out of scope of this draft. | ||||
| 9. IANA Considerations | 9. IANA Considerations | |||
| There have been no IANA considerations so far in this document. | There have been no IANA considerations so far in this document. | |||
| 10. Acknowledgments | 10. Acknowledgments | |||
| The authors appreciate the valuable work and contribution done to | The authors appreciate the valuable work and contribution done to | |||
| this document by Marcus Wong. | this document by Marcus Wong. | |||
| 11. References | 11. References | |||
| End of changes. 14 change blocks. | ||||
| 17 lines changed or deleted | 22 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||