Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Multiple Interfaces IPsec Security Requirements

advertisement 
unrestricted
MIF Security IPsec Requirements
Daniel Migault, Carl Williams
draft-mglt-mif-security-requirements-00.txt - IETF83
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Table of Contents
I. MIF designed Transport Protocols like SCTP, MPTCP provides:
Bandwidth Aggregation
Multihoming
Mobility (Soft Handover)
Problem Satement: On untrusted and unreliable WLAN, ISPs need
To Secure with IPsec End Users' Communications
To make IPsec Secure Communication also benefit from the MIF features
Currently IPsec does not address MIF features
II. IPsec MIF features
What IPsec badly configured causes?
IPsec Security Requirements
III. What is Next?
MIF, Daniel Migault mglt.ietf@gmail.com
1
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Bandwidth Aggregation
ISP Network
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
2
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
S
N
Bandwidth Aggregation
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
3
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Multihoming
ISP Network
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
4
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
S
N
Multihoming
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
5
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
S
N
Multihoming
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
6
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Mobility Soft Handover
ISP Network
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
7
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
S
N
Mobility Soft Handover
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
8
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Mobility Soft Handover
ISP Network
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
9
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Offload Context
On WLAN ISPs need:
MIF features to enhance End User Experience
To Secure the Communication (IPsec)
How to deal with IPsec ?
Bad IPsec configuration breaks Communication: We don't want it
Initiating a new IPsec configuration for each new Interface multiplies exchanges, IKEv2 negotiations, authentications...: We don't want it
We want IPsec provides the same features as MIF Transport Protocols like
MPTCP, SCTP...
MOBIKE address the problem for a single Interface: We want to extend
this to MIF
MIF, Daniel Migault mglt.ietf@gmail.com
10
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Ex. Mobility
ISP Network
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
11
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
CA
S
I
ISP Network
RD
In
D
D
IP A DRE
S
EW
S
N
Ex. Mobility
face dow
r
n
te
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
12
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Mobility Soft Handover
ISP Network
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
13
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
ISP Network
D
IP A DRE
S
EW
A
D
D
In
te
rf
ac
e
fo
r
Tr
a
ff
ic
S
N
Mobility Soft Handover
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
14
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
S
N
Mobility Soft Handover
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
15
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
No
Ap
p
lic
at
io
n
Da
t
a
S
N
Mobility Soft Handover
MIF, Daniel Migault mglt.ietf@gmail.com
16
WLAN Provider
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
ISP Network
D
IP A DRE
S
EW
E
In
te
rf
ac
e
fo
r
Tr
a
ff
ic
S
N
Mobility Soft Handover
R
EM
O
V
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
17
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
D
IP A DRE
S
EW
ISP Network
S
N
Mobility Soft Handover
WLAN Provider
MIF, Daniel Migault mglt.ietf@gmail.com
18
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
MOBIKE
MOBIKE does not work because it deals:
With a Single Interface
Tunnel mode only
Multihoming and Mobility (Hard Handover)
MOBIKE needs to be extended for:
Multiple Interface: ADD / REMOVE
Traffic Selector for Mobility / Multihoming / Multiple Interfaces Management
IPsec Transport mode
MIF, Daniel Migault mglt.ietf@gmail.com
19
France Telecom - Orange Labs IETF 83, march 2012
ToC
EU
Offload
Bad IPsec Conf.
MOBIKE
Future
Future Work
We would like it to be a Working Group Document
Check if there are other use cases than offload
Vehicular / MPTCP / Connecton Manager
We expect to provide a finalized version of the draft by next IETF
MIF, Daniel Migault mglt.ietf@gmail.com
20
France Telecom - Orange Labs IETF 83, march 2012
Related documents
Document
Document
GridNet2 Trip Report: SUMOVER Workshop 28-30 November 2005 London
GridNet2 Trip Report: SUMOVER Workshop 28-30 November 2005 London
Emerging Wireless Internet Standards
Emerging Wireless Internet Standards
The Internet Engineering Task Force: Making the Internet Work Better Russ Housley
The Internet Engineering Task Force: Making the Internet Work Better Russ Housley
Download
advertisement