scenarios
DESCRIPTION
Scenarios. Business Applications. Scenario 1: Secure EPON FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security RPR provider network? ??? Scenario 3: Secure Bridged Networks RPR enterprise networks? ???. Levels of Trust. - PowerPoint PPT PresentationTRANSCRIPT
01/27/03 1
ScenariosScenariosEPON
IEEE802 Link(EPON/802.3/New MACs)
IEEE802Link
IEEE802BridgedNetwork
IEEE802Link
ES
IEEE802Link IEEE802
BridgedNetwork
IEEE802Link
IEEE802Link
IEEE802BridgedNetwork
IEEE802Link
SB
IEEE802Link
IEEE802BridgedNetwork
IEEE802 Link
SB SB
1)
2)
3)3a)
3b)
3c)
ES: End SystemSB: Security-aware BridgeIn blue: Scope of secure communication
ES
ES ES
ES ESES ES
ESES
ES ES
01/27/03 2
Business ApplicationsBusiness Applications
• Scenario 1: Secure EPON
– FTTH/FTTB (provider network)
• Scenario 2: IEEE 802 Link Security
– RPR provider network?
– ???
• Scenario 3: Secure Bridged Networks
– RPR enterprise networks?
– ???
01/27/03 3
Levels of TrustLevels of Trust
• Scenarios 3a, 3b and 3c depict different levels of trust of a network
• In the absence of any SA (#3), all bridges are trusted
• 3a) Implies the opposite (complete paranoia)
• 3b) The ES’s trust exactly one SB (there may be other SB’s but the ES’s don’t trust them).
• 3c) The left ES trusts the left SB and the right ES, the right SB. Neither ES trusts the SB furthest from it. SB’s trust each other, and they may be separated by a normal (security–unware) bridge B or an SB they don’t trust.
• Different security approach depending on trust level
01/27/03 4
Classification of ScenariosClassification of Scenarios
• Classify scenarios by trust models (first cut):
• Scenario T1: ES-EN-ES
– Enterprise trust model
– ES-EN links may be shared medium
• Scenario T2: ES-PN-EN
– Provider network in one Admin Domain
• Scenario T3: ES-PN-EN
– Provider network spans multiple Admin Domains
– EPON ES-PN links or other shared mediaES: End SystemEN: Enterprise NetworkPN: Provider Network
01/27/03 5
Unified Solution: Two Architecture Views?
Unified Solution: Two Architecture Views?
• Single-hop security associations
– Basis of the solution is the link security
– Secure Bridged network is designed as a (secure) sequence of secure
links
• Multi-hop security associations
– A secure bridged network operates as a single end-to-end security
association where end points may be secure bridges, not stations
– Link security may be obtained by considering the link as the simplest
form of a network
• Combinations are possible
01/27/03 6
Scope of Security AssociationsScope of Security Associations
SA1
IEEE802BridgedNetwork
SA5
SB
ES
ES
SBSB
SB
SA2 SA3
SA
4
IEEE802BridgedNetwork
B
ES
ES
BB
B
SA1
SA1
SA
1
SA1
SA1
SA: Security Association
b) Single-Hop Security Associationsa) End-to-end (multi-hop) Security Associations
01/27/03 7
FactorsFactors
Single-hop SAs
• SA management is between contiguous “devices” (simple)
• L2 network infrastructure must be security-aware
– New infrastructure?
– Upgrade existing? What is the impact?
• Disadvantage: can’t support secure link layer between bridged stations separated by security-unaware bridges
Multi-hop SAs
• No impact in the network infrastructure (transparent service)
• SA management is more complicated
– During SA establishment?
– After topology changes
• Restricted link protection
– Control and management frames may
cannot be protected
– Is it needed? Special mechanisms can
be added