Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012
Time Synchronization Time synchronization is used for various applications. Securing the time protocol is a must for securing the applications that use it. IEEE 1588 standard: Precision Time Protocol (PTP). IEEE 1588 is challenging to secure: A large number of nodes involved in the protocol. Hop-by-hop data modification. IEEE 1588 - Annex K: experimental security appendix. Time Synchronization using IPsec and MACsec 2
Agenda Brief overview of IPsec, MACsec, and Annex K. The IPsec and MACsec scenarios. Attacker types. Effectiveness of each attacker in the IPsec and MACsec scenarios, Annex K. Summary and comparison. Conclusion. Time Synchronization using IPsec and MACsec 3
IPsec A suite of security protocols defined by the IETF (RFC 4301 architecture). Two main functions: Integrity protection using Authentication Header (AH). Confidentiality using Encapsulating Payload (ESP). Both functions support: Integrity protection using Integrity Check Value (ICV). Replay protection using Sequence Number. Both functions support: Tunnel mode. Transport mode. IPsec AH encapsulation. Partly Protected by ICV Protected by ICV Time Synchronization using IPsec and MACsec Next Header 1B Ethernet Header IPv4 Header Payload Len 1B Reserved 2B Parameters Index (SPI) 4B Sequence Number Field 4B Integrity Check Value ICV (variable length) IP Header (tunnel mode) IP Payload Ethernet FCS 4B 4
MACsec IEEE 802.1AE MAC security protocol. IEEE 802.1X authentication, key exchange. Supports both encrypted and non-encrypted mode. Integrity protection using Integrity Check Value (ICV). L2 header protected by ICV. Replay protection using Sequence Number. MACsec encrypted packet. Protected by ICV Encrypted MAC DA MAC SA MACsec Ethertype 2B MACsec Header 6B / 14B Ethertype 2B Ethernet Payload Integrity Check Value ICV 16B Ethernet FCS 4B Time Synchronization using IPsec and MACsec 5
IEEE 1588 Annex K Experimental annex in IEEE 1588-2008 (v2). Provides data integrity using symmetric key scheme. Authentication TLV includes: Integrity Check Value (ICV). Replay protection using replaycounter. Annex K authenticated packet. Protected by ICV Ethernet Header IPv4/IPv6 + UDP Headers (optional) PTP Header PTP Payload Authentication TLV Ethernet FCS 4B Time Synchronization using IPsec and MACsec 6
PTP the IPsec Scenario Can be used when PTP is transported over an IP network. -to-network configuration. IPsec can be used in encrypted (ESP) or authenticated (AH) mode. Either dedicated tunnel for time sync, or single tunnel for all traffic. Typical example: Femtocells in 3GPP. Slave IPsec Tunnel Operator Customer Public Time Synchronization using IPsec and MACsec 7
PTP the MACsec Scenario Can be used in L2 networks. Either with/without encryption. All data is secured on a hop-by-hop basis. Typical example: Audio and Video Bridging (AVB). L2 Slave MACsec Tunnel L2 Bridge MACsec Tunnel Time Synchronization using IPsec and MACsec 8
Typical Attackers Mary internal man-in-the-middle (MITM). Jeanie internal injector. Emma external MITM. Enya external injector. Slave 2 Jeanie (2) Emma Mary (2) Mary (1) Enya Jeanie (1) Time Synchronization using IPsec and MACsec 9
MACsec IPsec 1588 Annex K Enya WHAT can Enya do? Slave 2 Jeanie (2) Emma Mary (2) Mary (1) Enya Jeanie (1) Cryptographic Performance Attack. L2/L3 DoS attacks. Time Synchronization using IPsec and MACsec 10
MACsec IPsec 1588 Annex K Emma WHAT can Emma do? Slave 2 Jeanie (2) Emma Mary (2) Mary (1) Enya Packet Interception and Removal. Packet Delay Manipulation. Cryptographic Performance Attack. L2/L3 DoS attacks. Jeanie (1) Time Synchronization using IPsec and MACsec 11
Jeanie WHAT can Jeanie do? Slave 2 Jeanie (2) Emma Mary (2) Mary (1) Enya Spoofing. Replay. Attack. Rogue Attack. L2/L3 DoS attacks. Jeanie (1) Time Synchronization using IPsec and MACsec 12
Jeanie (1) WHERE can Jeanie be found? IPsec scenario. Jeanie 1 is relevant specifically in the IPsec scenario. -to-network scheme. Slave 2 IPsec Tunnel Jeanie (2) Mary (1) Jeanie (1) MACsec scenario / Annex K Slave 2 Jeanie (2) Time Synchronization using IPsec and MACsec 13
Mary WHAT can Mary do? Slave 2 Jeanie (2) Emma Mary (2) Mary (1) Enya Packet Interception and Manipulation. Packet Delay Manipulation. Packet Interception and Removal. Spoofing. Replay. Rogue Attack. L2/L3 DoS attacks. Jeanie (1) Time Synchronization using IPsec and MACsec 14
Mary WHERE can Mary be found? IPsec scenario. Mary 1 is relevant specifically in the IPsec scenario. -to-network scheme. Slave 2 IPsec Tunnel Jeanie (2) Mary (1) Jeanie (1) Mary 2 is relevant specifically in the MACsec scenario. Hop-by-hop scheme. MACsec scenario / Annex K Time Synchronization using IPsec and MACsec Slave 2 Mary (2) 15
Threats Characteristics Analysis Summary IPsec IEEE 1588 Annex MACsec Scenario Scenario K L3 L2 typically public Any typically LAN network approach Hop-by-hop -to-network Hop-by-hop Accuracy + (TCs/BCs) ~ (no TCs/BCs) + (TCs/BCs) L2/L3 DoS Attack Prevention + - - Internal attackers in the trusted network (Jeanie 1, Mary 1) + - + Internal MITM attacks in intermediate nodes (Mary 2) - + - Jeanie (2) Emma Mary (2) Mary (1) Enya Time Synchronization using IPsec and MACsec Jeanie (1) 16
Conclusion IPsec and MACsec are used in different topologies and scenarios. Two complementary building blocks for securing time synchronization. Intermediate solutions in the absence of a standard security solution for PTP. Hybrid solutions can be used in certain topologies. Slave IPsec Tunnel Public Hybrid MACsec Tunnel L2 Time Synchronization using IPsec and MACsec 17
Thanks!