Multicast IPsec Composite
Cryptographic Groups
George Gross
IdentAware™ Multicast Security
gmgross@IdentAware.com
IETF-66, Montreal, Canada
July 11th 2006
7/11/2006
IETF-66 MSEC IPsec composite groups
page 1
Composite Cryptographic Groups
• Definition: The logical group formed from
union of two or more sub-groups, each subgroup supporting different cryptographic
properties (e.g. IPsec software version).
• Composite groups occur when large-scale
groups contains multiple protocol versions
or multiple partially interoperable vendors.
– e.g. retiring 3-DES, migrating to AES
– software bug fixes
7/11/2006
IETF-66 MSEC IPsec composite groups
page 2
IPsec Subsystem
Composite Group Requirements
• Multicast application is unaware of subgroups, it only sends one packet to the
composite group, not each sub-group.
• Must provide a mechanism where each data
packet gets replicated for each sub-group,
and treated with the respective sub-group’s
IPsec cryptographic policy.
• IPsec policy per sub-group, set by its GCKS
7/11/2006
IETF-66 MSEC IPsec composite groups
page 3
Motivation for Composite Groups
• Can not easily upgrade a large-scale group,
no “flag day” is allowed
• Cryptographic algorithms age or break,
need strategy to move to new ones
– witness recent attacks on MD5, SHA-1
• Parallel vendor-specific sub-groups support
different feature sets, want best combination
• Straddle IPv4 and IPv6 sub-groups
7/11/2006
IETF-66 MSEC IPsec composite groups
page 4
Transport mode
multicast data
security association
Transport
Mode IPsec
Group Speaker
Host IPsec Subsystem
A2
A1
A5
A0
A3
B2
A4
Sub-Group A
B1
B0
Internet
7/11/2006
B3
B5
Sub-Group B
IETF-66 MSEC IPsec composite groups
page 5
B4
Composite Cryptographic Group
IPsec Transport Mode
• End-to-end security, no plain-text on wire
• Supports Native, BITS, and BITW
architectural modes
• Requires IPsec subsystem replicate each
data SA packet for each sub-group before
applying its cryptographic algorithms
– do not want the multicast application to be
aware of the cryptographic sub-groups
7/11/2006
IETF-66 MSEC IPsec composite groups
page 6
Application data
sent unencrypted
across multicast LAN
to security gateways
Tunnel
Mode IPsec
Group Speaker
multicast-capable LAN
IPsec Tunnel Endpoint
IPsec Tunnel Endpoint
IPsec Security Gateway
IPsec Security Gateway
Internet
A2
A1
B2
A5
A0
A3
B1
A4
Sub-Group A
B0
B3
B5
Sub-Group B
7/11/2006
IETF-66 MSEC IPsec composite groups
page 7
B4
Composite Cryptographic Group
IPsec Tunnel Mode
• Application multicasts its data to two or
more IPsec security gateways, one gateway
per sub-group.
• Advantage: simply bolt together as many
gateways as there are sub-groups
• Drawback: Unencrypted data must transit a
trusted network to reach the gateways
7/11/2006
IETF-66 MSEC IPsec composite groups
page 8
Composite Groups Proposed for
Experimental Track
• Request that draft-gross-ipsec-compositegroup-00.txt become a MSEC WG item
• Publish as an IETF experimental RFC
• Revise and transition to a proposed standard
RFC after:
– additional operational experience
– wider recognition by industry that this provides
a solution that merits full standardization
7/11/2006
IETF-66 MSEC IPsec composite groups
page 9
Background Reading
• draft-gross-msec-ipsec-composite-group00.txt
• draft-ietf-msec-ipsec-extensions-02.txt
• RFC4301 - IP security architecture
7/11/2006
IETF-66 MSEC IPsec composite groups
page 10