ECSG LinkSec Notes Plenary 3/10-3/12/03 chair Dolors Sala, dolorsieee.org notes Allyn Romanow, allyn@cisco.com Summary: SG charter was slightly wordsmithed but basically unchanged going forward. Three technical efforts to produce drafts underway - contact the following people to contribute: Marcus Leech, mleech@nortelnetworks.com - requirements Renee Struik, rstruik@certicom.com - threat models Bob Moskowitz, rgm@trusecure.com - architecture --------------------- 3/10 am Robert Love RPR Reslient Packet Ring, 802.17. Presentations on RPR because security may fall within LinkSec Which frames need to be protected? data, maybe control Followup - does LinkSec have any requirements for RPR? e.g., a hook in MAC, any particular functionality from the MAC? - if so, they need this from us right away need from .17 - supply a couple of people to work with LinkSec Presentation from Rene Struik Distributed Security Proposal for IEEE Link Security from 802.15 Discussion was brief and along the lines that much ground was covered which would require much time to discuss. --------------------------- 3/10 pm 3:30 No weekly call next week Review of rules and patent policy Approval of Minutes from Jan meeting Minutes will be general, let Allyn know if you want something specific in the minutes Jan meeting summary - agreed on work plan Events between plenaries Placement of Group SEC email ballot for placement of SG motion failed to become a SG of 802.1 - wanted to discuss during the SEC meeting, some people wanted to put SG in 802.10 This am in SEC, motion in place again, WGs to evaluate the recommendation, tabled, all WGs have as an item to discuss, to recommend to SEC on Friday Objectives during this plenary meeting - Agree on initial set of scenarios agree on initial set of objectives discuss threats, architecture PAR discussion - one or more, scope and purpose, schedule Set goals for next meeting Presentations Mats Naslund - on Security issues in public access LANs. There is no security on the wired part of the network and there needs to be for billing purposes. Dolors - link security scenarios -EPON - OLT and ONU without other ONUs knowing about it -extension to other MACs -secure bridge - multi-hop at L2 3/11 afternoon Meeting with EPON group Want to agree on threats and requirments from EPON Marcus Leech, Nortel Presentation on Physics of Upstream EPON Physics of the optics allows eavesdropping Discussion of upstream encryption - Two positions were articulated - One is that whether upstream encryption is needed depends on the threat model and the cost. In this view, it is necessary to specify the threat models for FTTH and FTTB and then to see how crucial upstream security is. The second view is that it doesn't matter what the specific threat model is because the cost of incrementally including upstream encryption along with downstream encryption is so low as to be negligible. Antti - Presentation, EPON Security, same as previous presentation, but with FTTBusiness added. FTTH and FTTB should be treated differently because man-in-the-middle attack doesn't apply to FTTH. We should develop a separate threat model for each application and see whether upstream encrytion is needed. Several people disagreed and felt that upstream encryption was warranted, especially as the cost isn't great. 3/12 morning Suggestion that implications of nested security should be on the agenda at some point Presentation by Mani on Enterprise Security Focus on security at two locations - with the nodes and path security between systems Clarification by Marcus concerning lawful intercept - enterprise does not have legal obligation but public service providers do Mani favors -centralized policy server for access control -distributed authentication model -enhanced 802.10 SDE- support for VLAN, QoS tags, replay protection service What's the scope? It really depends on who shows up to the LinkSec meetings and what they are interested in working on. So far .3 has participated. Dolors- High Level Business level requirements -theft of service -separate cusomers -billing records -consistency between media (smooth transition, unified security across media, ability to securely bridge across media, ability to handoff security associations) -specify a complete solution Comment- What about mobility? Discussion of what is meant by mobility, what linksec needs to consider. Handoff, fast handoff? Relationship with .11, needs to be made clear ongoing. Marcus Leech will lead effort on requirements. Volunteers called for Dolors - Objectives Select and/or specifiy: 1 unified security arch - Bob M. is planning on a presentation. work with Bob M. or present an alternative arch model 2 bridge-transparent SDE 3 authentication protocol 4 key management protocol 5 link security mechanism for 802.3 if additonal MAC functionality needed 6 Discovery protocol Theoretically, what we are doing here is above MAC layer and should work with all 802 MACs Will show these slides at the SEC meeting Discussion on how to renew the SG Charter Dolors proposed an updated charter Discussion of whether to start from the original SG charter, or the proposed new one. Poll on which charter to start working with who wants to start with the current charter? 20 who wants to start with the new charter? 6-7 Ken Alonge-proposal to revisit decision of placement of the SG Tony- SEC procedural issues to take vote on Friday night, rather than issue with placement the decision of where SG has already been made, no reason to revist There were no additional comments on placement of the SG Minor changes in current charter. Change wording from 802.3 in particular, to early emphasis on 802.3 poll make change - 13 don't make change - 6 abstain - 9 See Dolors slides for text of the SG charter poll- who thinks this is a good charter for the SG? 32 who thinks this is not a good charter? 0 Abstain 4 Is there enough publicity for other groups to participate in LinkSec? EPON not here cause doing comment resolution recommendation - talk with other group chairs to see if they want Dolors to give a brief report on linksec at the closing plenary of the other meetings planning for future meetings June 2-6 Ottawa Jonathan Thatcher will do a presentation on .3 implementation constraints Threats - how strong or weak are intruders? how should we consider threat model? Marcus - doing a threat model based on what a particular kind of attacker can accomplish and then looking for an encryption technology strong enough only for this is foolish We need to assume a moderately well-funded corporate attacker relatively cheap technology exists for this level of attack Two relevant observations- Eavesdropping is possible Arbitrary traffic injection is possible What are security implications for each MAC? for some kinds of traffic security doesn't matter, for others it does matter Renee will lead effort on threat models Mani will help solicit volunteers Bob Moskowitz is leading the architecture effort solicit volunteers There will be a note out on the mailing list soliciting volunteers for each effort.