Report on the
Security and Privacy Working
Group
Karen Sollins
MIT
May 30, 2007
The “Take-away”
Authentication in the core of the
network would provide significant added
value.
Authentication can valuably be scoped
to reduce the problem space.
Both trust and engineering play crucial
roles in making it feasible.
5/30/07
Sollins/PrivSec Report
2
Objective
Consider the value and feasibility of
provision of authentication as a core
service inside the network (not only
E2E)
Examples of need from members
Identification of challenges
Study approaches
Evaluate in the context of member supplied
examples
5/30/07
Sollins/PrivSec Report
3
Background
Role of security in architecture
End-to-end design criteria
The changing scene
The challenges of authentication
5/30/07
Sollins/PrivSec Report
4
Candidate approaches
I3: indirection at the IP layer
HIP: layer between IP and transport
NAP/NAC: integration of host, network
and perimeter authentication,
assurance, and authorization
5/30/07
Sollins/PrivSec Report
5
Examples from participants
Radius (BT)
GSM and 3GPP authentication (BT)
SIP (Nokia)
Stateful Anycast for DDoS mitigation (MIT)
Dynamic Routing in IPSec (Nortel)
DKIM (Cisco)
Distributed Authorization for Web Services
(Microsoft - invited in for this, not regular
participant)
5/30/07
Sollins/PrivSec Report
6
Authenticated entity types
 Host
 Host interface
 End-point
 Network/realm
 Switch
 VLAN
 Anycast group
5/30/07











Person
Network connection
Access class (NAP)
Web auth entities
Business/enterprise
SIP call id
DKIM ids
Mail sender/relay
Radius/AAA entities
3GPP subscriber/auth center
GAA/GBA entities
Sollins/PrivSec Report
7
Challenges
 Authentication as
component of a function
 Nature of authenticated
entities
 Policies
 Trust
 Anonymity
 Specific services
required to support it
 Scoping of
authentication




Limit types of entities
Scaling
Independence of control
Choice of algorithms and
strength
 Distribution of
vulnerability
This is representative, but not complete
5/30/07
Sollins/PrivSec Report
8
Organization
 Leadership: Dirk Trossen (new), Karen Sollins
 Participation: BT, Intel, Motorola, Nortel, Cisco, Nokia,
FranceTelecom (prev.), MIT
 Meetings: bi-weekly, Tuesday, 12-1pm ET,
teleconference
 White paper on work to date in progress (some text
exists!)
 Infrastructure:
 Mailing list: privsec@cfp.mit.edu
 Web site: http://cfp.mit.edu/groups/security/security.html
Includes all documents, slides and notes from each meeting
 Simple id/pw protection (“privsec”)

5/30/07
Sollins/PrivSec Report
9
Looking forward
WG meeting tomorrow morning
 3 talks
 Dave
Clark: an application architecture and the E2E
arguments
 Manish Dave: privacy, the Intel perspective
 Dave Reed: privacy issues in Living the Future
 Discussion about our next focus (led by Dirk
Trossen)
 What
we want to do
 How we want to do it
 Intellectual study
 Proof of concept
 How best to engage members
5/30/07
Sollins/PrivSec Report
10