DHC Working Group L. Li
Internet-Draft Y. Cui
Intended status: Informational J. Wu
Expires: April 21, 2016 Tsinghua University
October 19, 2015
Opportunistic Security for DHCPv6
draft-li-dhc-secure-dhcpv6-deployment-01
Abstract
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables
DHCPv6 servers to configure network parameters. To secure DHCPv6,
the authentication and encryption mechanisms are proposed to protect
the DHCPv6 privacy information. However, how to deploy the secure
DHCPv6 mechanisms for DHCPv6 is not specified. This draft analyses
the DHCPv6 threat model and recommend the opportunistic security
mechanism for DHCPv6 deployment.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Li, et al. Expires April 21, 2016 [Page 1]
Internet-Draft Opportunistic Security for DHCPv6 October 2015
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. DHCPv6 threat model . . . . . . . . . . . . . . . . . . . . . 2
3. Secure DHCPv6 mechanisms deployment . . . . . . . . . . . . . 3
3.1. Secure DHCPv6 Mechanism Deployment Difficulties . . . . . 3
3.2. Opportunistic security for DHCP . . . . . . . . . . . . . 3
3.3. DHCPv6 authentication deployment . . . . . . . . . . . . 4
3.3.1. TOFU for DHCPv6 authentication deployment . . . . . . 4
3.3.2. PKI for DHCPv6 authentication deployment . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
5.1. Normative References . . . . . . . . . . . . . . . . . . 5
5.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
The Dynamic Host Configuration Protocol for IPv6 [RFC3315] enables
DHCPv6 servers to configure network parameters dynamically. Due to
the unsecured nature of DHCPv6, the various critical identifiers in
DHCPv6 are vulnerable to several types of attacks, such as pervasive
monitoring and spoofing attack. Currently, there have been some
proposed mechanisms to secure DHCPv6. Secure DHCPv6
[I-D.ietf-dhc-sedhcpv6] provides the authentication mechanism between
DHCPv6 client and server along with the DHCPv6 transaction.
[I-D.cui-dhc-dhcpv6-encryption] proposes the DHCPv6 encryption
mechanism between the DHCPv6 client and server. However, how to
deploy the proposed secure DHCPv6 mechanisms is still not specified.
This document analyses the DHCPv6 threat model and recommends the
opportunistic security mechanism for secure DHCPv6 mechanisms
deployment to support the incremental deployment. For the DHCPv6
authentication deployment, we analysis two deployment schemes: TOFU
and PKI, which are suitable for different DHCPv6 security
requirements.
2. DHCPv6 threat model
Most of the privacy considerations for DHCPv6 focus on the client
privacy protection. As the public service infrastructure, the
privacy protection of DHCPv6 server and relay agent is less
important. DHCPv6 privacy consideration
[I-D.ietf-dhc-dhcpv6-privacy] analyses the privacy problem for DHCPv6
Li, et al. Expires April 21, 2016 [Page 2]
Internet-Draft Opportunistic Security for DHCPv6 October 2015
client, listing the various DHCPv6 options containing the privacy
information and the possible attack to the DHCPv6 client. The attack
specific to a DHCPv6 client is the possibility of the "rogue" server,
which may provide the incorrect information to the client. In
addition, the client is also faced up with the pervasive monitoring
attack. Pervasive monitoring may gleans the privacy information
about the IPv6 host, which is used to find location information,
previously visited networks and so on. [RFC7258] claims that
pervasive monitoring should be mitigated in the design of IETF
protocols, where possible.
The attack specific to a DHCPv6 server is the possibility of the
invalid client masquerading as a valid client, which may cause the
consuming to address resources configured on a DHCPv6 server.
3. Secure DHCPv6 mechanisms deployment
3.1. Secure DHCPv6 Mechanism Deployment Difficulties
Because of the DHCPv6 property, secure DHCPv6 mechanisms deployment
has some specific difficulties. For the secure DHCPv6 mechanisms
deployment, the DHCPv6 server is always assumed to have connectivity
to authorized CA and verifies the client's certificate. The
difficulty for the deployment is that the client is difficult to
verify the server's identity without access to network. When the
client is pre-configured with the server authentication information,
such as one or multiple CA certificates that form the certification
path, the server's identity is verified through the pre-configured
server authentication information. When the client is not pre-
configured with the server authentication information, the client has
no capability to verify the server's identity. In the scenario where
the DHCPv6 client is mobile and connects to random networks, the
client cannot always get pre-configured with the authentication
information.
3.2. Opportunistic security for DHCP
There have been some proposed secure DHCPv6 mechanisms. Secure
DHCPv6 [I-D.ietf-dhc-sedhcpv6] provides the authentication mechanism
between DHCPv6 client and server along with the DHCPv6 transaction.
[I-D.cui-dhc-dhcpv6-encryption] proposes the DHCPv6 encryption
mechanism between the DHCPv6 client and server. The use of secure
DHCPv6 protects DHCPv6 from active attack, such as spoofing attack.
The use of DHCPv6 encryption defends DHCPv6 against pervasive
monitoring and other passive attacks.
In order to achieve the maximum protection that is available, we
recommend the opportunistic security for DHCPv6. Opportunistic
Li, et al. Expires April 21, 2016 [Page 3]
Internet-Draft Opportunistic Security for DHCPv6 October 2015
security for DHCPv6 use encryption even when authentication is not
available. Based on the DHCPv6 security requirement and the client
capability, the incremental deployment is supported. When the client
is pre-configured the server configuration information, it has the
capability to authenticate the server. When the client has
capability to authenticate the server, the client is secure enabled.
The communication is authenticated and encrypted, which protects the
DHCPv6 transaction from passive and active attacks. When the client
has no capability to authenticate the server, but is informed of the
server's public key, the client is encrypted enabled. The
communication is then not authenticated but encrypted, which protects
the DHCPv6 transaction from passive attacks, such as pervasive
monitoring attack. If the client has no capability to authenticate
the server and does not know the server's public key, clear text is
used as the baseline communication security policy.
In the scenario where the tight security policy is required, such as
the enterprise networks, the authentication and encryption are both
required. Opportunistic security can coexist with the explicit and
never preempt the explicit security policies. For example, the
enterprise's explicit policy is that authenticated and encrypted
communication is required, which covers the default opportunistic
security policy.
In the scenario where the security policy is loss, the DHCPv6 server
is not pre-configured with the authentication information, such as
the trusted CA certificates. So the server authentication is
optional in order to not impede the following DHCPv6 communication.
After the public keys exchange, the non-authenticated encryption
communication is applied to avoid the passive attack. In this way,
the DHCPv6 message content is protected from the pervasive
monitoring.
3.3. DHCPv6 authentication deployment
According to the different DHCPv6 security requirement and client
pre-configured information, different schemes for DHCPv6
authentication deployment is used. we analysis two deployment
schemes: TOFU and PKI, which are suitable for different DHCPv6
security requirements.
3.3.1. TOFU for DHCPv6 authentication deployment
TOFU plays a role in the scenario where the DHCPv6 client is mobile
and connects to random networks. In such scenario, the secure policy
is loss and the DHCPv6 client is not previously establish the trusted
relationship between the DHCPv6 server and client. The TOFU model
assumes that an authenticated public key obtained on first contact is
Li, et al. Expires April 21, 2016 [Page 4]
Internet-Draft Opportunistic Security for DHCPv6 October 2015
good enough to secure future communication. In addition, for the
subsequent connections, if the received public key conflicts to the
cached key, the user may change the current cached kay without any
validation.
TOFU-based authentication has a clear improvement over completely
insecure protocols, and it is also low-cost and simple to deploy.
However, TOFU-based authentication make it difficult to distinguish
rouge DHCPv6 servers by accepting any key on the initial connection.
And it also has no protection against MitM (Man in the Middle)
attacks without the validation of the conflicted public key.
3.3.2. PKI for DHCPv6 authentication deployment
In the scenario where the tight security policy is required and the
client are stable terminal devices, the PKI model plays a role to
verify the certificate and perform the authentication. The client
validates the server's certificate locally according to the rule
defined in [RFC5280] through the pre-configured information. The
client is pre-configured with the trusted relationship between the
DHCPv6 client and server, or one or multiple CA certificates, which
form the certificate path.
The PKI model achieves the authentication of the certificate all the
time, which improves the security performance. However, without the
pre-configured information, the DHCPv6 communication will fail. And
it also brings the deployment difficulties.
4. Security Considerations
TBD
5. References
5.1. Normative References
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
2003, <http://www.rfc-editor.org/info/rfc3315>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<http://www.rfc-editor.org/info/rfc5280>.
Li, et al. Expires April 21, 2016 [Page 5]
Internet-Draft Opportunistic Security for DHCPv6 October 2015
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection
Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
December 2014, <http://www.rfc-editor.org/info/rfc7435>.
5.2. Informative References
[I-D.cui-dhc-dhcpv6-encryption]
Cui, Y., Li, L., Wu, J., and Y. Lee, "Encryption Mechanism
for DHCPv6", draft-cui-dhc-dhcpv6-encryption-04 (work in
progress), October 2015.
[I-D.ietf-dhc-dhcpv6-privacy]
Krishnan, S., Mrugalski, T., and S. Jiang, "Privacy
considerations for DHCPv6", draft-ietf-dhc-
dhcpv6-privacy-01 (work in progress), August 2015.
[I-D.ietf-dhc-sedhcpv6]
Jiang, S., Shen, S., Zhang, D., and T. Jinmei, "Secure
DHCPv6", draft-ietf-dhc-sedhcpv6-08 (work in progress),
June 2015.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
2014, <http://www.rfc-editor.org/info/rfc7258>.
Authors' Addresses
Lishan Li
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-15201441862
Email: lilishan9248@126.com
Yong Cui
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6260-3059
Email: yong@csnet1.cs.tsinghua.edu.cn
Li, et al. Expires April 21, 2016 [Page 6]
Internet-Draft Opportunistic Security for DHCPv6 October 2015
Jianping Wu
Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5983
Email: jianping@cernet.edu.cn
Li, et al. Expires April 21, 2016 [Page 7]