Skip to main content

Network Attestation for Secure Routing (NASR)
bofreq-liu-nasr-01

Document Type Proposed BOF request
Title Network Attestation for Secure Routing (NASR)
Last updated 2024-05-09
State Proposed
Editor Peter Chunchi Liu
Responsible leadership
Send notices to (None)
bofreq-liu-nasr-01

Name: Network Attestation for Secure Routing (NASR)

Description

Traffic signing and encryption has been insofar the primary method to ensure data confidentiality, integrity and authenticity. However, an increasing amount of attacks, vulnerabilities, and new emerging requirements are deeming the data security provided by such methods insufficient.

Clients with high security and privacy requirements are not anymore satisfied with pure encryption-based data security measures in the application or transport layer that do not allow any control over the underlay networks. Clients now require their data to exclusively traverse the network through trusted devices, trusted operating environments, trusted links and trusted services, avoiding any exposure to insecure or untrusted devices. Hence, how to establish routing trustworthiness and transparency so as to achieve predictable forwarding behaviors becomes the main challenge.

The goal of Network Attestation for Secure Routing WG is to address the challenges associated with routing data on top of trusted devices, trusted operating environments, trusted links and trusted services only, so as to achieve transparent and predictable forwarding behavior. Verifiable operational correctness proofs should also be given to serve as a trusted evidence for visualization, internal inspection and external auditing.

RATS (Remote Attestation Procedures) working group has provided a framework and approaches to assess and establish the trustworthiness of a single device. Several individual submissions are also offering part of the solution to achieve NASR goal. However, a comprehensive framework that allows network/path trust appraisal, attestation, trust-aware routing or packet steering, and provide verifiable proof of forwarding, remains elusive.

NASR BoF was previously discussed as NASR Side Meeting at IETF 119 and Path Validation Side Meeting at IETF 118.

Required Details

Information for IAB/IESG

The proponents believe that a new working group is required, but the request is for a non-WG forming BoF. However, the proponents, with the help of interested persons, are already actively working on various items, namely on a draft charter text, a proposed architecture document and other potential deliverables. Discussion on the progress on these items will be part of the agenda.

Due to the similarities between RATS and NASR, mainly related to the notions of trust, and also NASR's dependency on RATS outputs, NASR will work closely with RATS working group for collaboration and consultation. NASR will also take consideration of useful works from concluded working groups, such as I2NSF, SFC. NASR will also closely collaborate with:

  • Other IETF Working Groups that address topics related to attestation and routing security, including but not limited to, RATS, SAVNET, SIDROPS, IDR, SPRING.
  • Other IRTF Research Groups that provide research inputs and reviews, such as PANRG, CFRG.

Agenda

  • To be updated

Previous Discussions

  • Path Validation Side Meeting @IETF 118.
  • NASR Side Meeting @IETF 119
  • First Chartering Team Meeting, 4.17 Minutes
  • Second Chartering Team Meeting, 5.15, Upcoming
  • Interim Meeting, 6.12, Upcoming