           Segment Routing over IPv6 (SRv6) Proof of Transit


   Various technologies, including SRv6, allow to perform Traffic
   Engineering (TE), steering IP traffic through a specific path.
   However, there is no native mechanism in IP that allows to verify
   whether or not a packet did follow the path it was supposed to.  This
   document specifies a new TLV for the Segment Routing Header (SRH)
   that allows to provide a cryptographically generated proof of transit
   over the different segments.  The proposed mechanisms allows to
   verify whether a packet did go through the segments listed in its SRH
   header in the intended order.

1.  Introduction

   Validating the network paths taken by packets is critical in
   constructing a secure Internet architecture (like SCION
   [I-D.dekater-panrg-scion-overview]).  The objective is to enforce
   packet forwarding along ingress-specified paths and verify whether
   packets have taken those paths.  However, path validation and proof
   of transit is also a desireable property for a wider range of use
   cases, like for instance Service Function Chaining (SFC), workload
   identity, traffic path compliance, uRFP validation, and Segment
   Routing Security ([I-D.liu-nasr-requirements], [I-D.ietf-sfc-proof-of

   Segment Routing over IPv6 does provide a mechanism, namely the keyed
   Hashed Message Authentication Code (HMAC) TLV, to verify whether the
   Segment Routing Header (SRH) applied to a packet was done by an
   authorized trusted party also ensuring that the segment list has not
   been modified after generation (see Section 2.1.2 in [RFC8754]).
   Intermediate segments can verify the HMAC and discard packets that do
   not pass the validation.  However, at the egress, HMAC alone does not
   allow to verify whether a packet actually went through the listed
   segments.  It does only allow to validate that the list of segments
   has not been tempered and has been generated by the trusted ingress,
   or by a segment belonging to the group of holders of the key used to
   generate the HMAC.

   This documents proposes a new TLV, that leverages on the HMAC
   mechanism but extends it in order for the egress node to be able to
   verify whether or not the packet did go through the list of segments
   in the desired order.  The basic idea being to recursively encrypt
   the HMAC at the ingress with a key specific to each segment.  Then
   each segment does one decrypt operation when forwarding the packet.
   The egress will first decrypt and then validate the obtained un-
   encrypted HMAC using the procedure defined in [RFC8754].  The HMAC
   validation at the egress can be successful only if the packet went
   through all segments of the segment list also respecting the order of
   the list.  If the packet does not go through even one single segment,
   or the order is different, the decryption at the egress will not
   return a valid HMAC, and the proof of transit fails.

3.  Definitions of Terms

   This document assumes familiarity with the terminology defined in
   [RFC8754], [RFC8402], and [RFC9256].

4.  Proof of Transit Procedure

   The target of the SRv6 Proof of Transit (POT) is to make prove that
   the packet goes from the ingress through the sequence of segment
   identifiers (SID) encoded in the SRH segment list, from SID(N) to
   SID(0) (recall that segments are encoded in reverse order in the
   segment list), where SID(0) is also the egress.
   So the encoded path is a simple linear path as depicted in Figure 1.

   +--------+   +--------+   +--------+         +--------+   +--------+
   |Ingress +---+ SID(N) +---+SID(N-1)| - - - - | SID(1) +---+ SID(0) |
   +--------+   +--------+   +--------+         +--------+   +--------+

                       Figure 1: Reference topology.

   In order to perform POT the following set on shared keys is

   *  K_hmac_ie: A shared key between the ingress and the egress, i.e.
      SID(0), used to generated and validate the HMAC.

   *  K_pot_in(i): A shared key between the ingress and SID (i),
      including SID(0), the egress.  There is one shared key between the
      ingress and each SID in the segment list.

   It is assumed that the key allows as well to identify encryption or
   hashing algorithm to be used as well.

   The operations to be carried out by the ingress and the various
   segments are different, as described in the following, and they are
   based on the following primitives:

   HMAC[key](value):  Calculate HMAC using shared key "key" on "value".

   ENC[key](value, salt):  Encrypt "value" using the key "key" and the
      "salt" .

   DEC[key](value, salt):  Decrypt "value" using the key "key" and the

4.1.  Processing at the ingress node

   The ingress node has the role to prepend the SRv6 header to each
   packet, including the POT TLV.  To this end, for each packet, it
   performs the following steps:

   1.  Generate a Path Verification Factor (PVF) using the HMAC of the
       generated SRH following the specifications in [RFC8754] and the
       key shared with the egress and identified by a Key Set ID:

       PVF = HMAC[K_hmac_ie](srh)

   2.  Generate a random Nonce value used to avoid replay attacks (see
       Section 7) and uses this Nonce as a "salt" in the encryption
       procedure.  The encryption is repeated for every SID in the
       segment list:

       For i = 0 to N do

           PVF = ENC[K_pot_in(i)](PVF, Nonce)

       After this loop PVF is the result of "N" encryption operations
       using different keys.  It is also worth noting that the
       encryption order is the reverse of the segment order.  Indeed the
       last encryption operation is performed using the key K_pot_in(N)
       of the first segment SID(N).  The encryption/Decryption
       operations basically follow a Last-In First-Out (LIFO) policy.

   3.  The resulting PVF, the Key Set ID and the Nonce are copied in the
       POT TLV and the packet is sent out.

   The ingress node is the one that needs more resources.  It has to
   share and store locally a secret key with all SIDs along the path
   (and an additional HMAC shared key), hence require more memory.  It
   has to repeatedly encrypt the PVF as many times as the number of
   segments in the path, hence requiring more computation.

4.2.  Processing at the middle segments

   Middle segments do perform a relatively simple operation.  When they
   receive a packet with the POT TLV in the SRH, they do a lookup on the
   Key Set ID to retrieve the locally stored key shared with the ingress
   and use it along the Nonce found in the TLV to decrypt (only once)
   the PVF in the POT TLV

       PVF = DEC[k_pot_in(i)](PVF, Nonce)

   Then it updates the the POT TLV with the obtained value and forwards
   the packet.

4.3.  Processing at the last segment

   The last segment SHOULD keep track of the most recently received
   Nonces, if the Nonce contained in the received POT TLV is a
   duplicate, then the packet MUST be discarded (see Section 7).  If the
   Nonce has never been seen before, the egress will first perform a
   last decryption operation in the same way like the other segments in
   the segment list:

   PVF = DEC[k_pot_in(0)](PVF, Nonce)

   In this way it obtains an un-encrypted HMAC.  Then it will verify
   this HMAC using the procedure described in Section of
   [RFC8754].  If the verification is successful the overall procedure
   described allows to state that the packet did transit through the
   segments listed in the SRH.  If the verification fails, the reason is
   one of the following:

   *  The HMAC has been tempered.

   *  The packet did not go through all segments (missing at least one).

   *  The packet went though the complete list of segments but not in
      the right order.

   The present specification does not allow to distinguish the specific
   reason of the failed verification but allow to identify those faulty
   cases and take action.

5.  Proof of Transit TLV

   The format of the Proof of Transit TLV use to transport the
   previously described values is depicted in Figure 2.

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     |      Type     |     Length    | Reserved      | Nonce Length  |
     |                      Key Set ID (4 octets)                    |
     |                                                               |
     ~                             Nonce                             ~
     |                       (Variable Length)                       |
     |                                                               |
     ~                        Encrypted HMAC                         ~
     |                       (Variable Length)                       |

                   Figure 2: Proof of Transit TLV format.


   Type:  (TBD)

   Length:  The length of the variable-length data in octets.

   Reserved:  8 reserved bits.  It MUST be initialized to zero by the

      sender and MUST be ignored by the receiver.

   Nonce Length:  The length of the variable-length Nonce in octets.
      Different cryptographic algorithm use different nonce size.

   Key Set ID:  A 4-octet opaque number that uniquely identifies the set
      of pre-shared keys and algorithm used in the cryptographic

   Encrypted HMAC:  This is the same as defined in Section 2.1.2 of
      [RFC8754], with the only difference that it is recursively
      encrypted on the ingress and decrypted along the path (see
      Section 4.1).

   In the HMAC TLV defined [RFC8754], the length of the HMAC field is
   not explicitly encoded in the TLV, since it can be easily calculated
   by subtracting 8 from the TLV length.  Where 8 is the number of
   octets occupied by the fixed size fields at the beginning of the TLV.
   However, here there is a second variable length field, namely the
   Nonce, which makes it impossible to calculate its size and the size
   of the HMAC directly from the TLV length, hence the need to
   explicitly encode the Nonce length in the TLV.  In this way the HMAC
   size is simply the TLV length minus the Nonce length minus 8 (where
   again 8 account for the first 8 fixed size fields).

7.  Security Considerations

   This specification relies on [RFC8754], as such security
   consideration for SRH apply.

   The POT TLV does not introduce any vulnerability to the overall
   architecture and has the same security risk as HMAC.

7.1.  Nonce Considerations

   Symmetric cryptography uses a "salt" or "Initialization Vector" to
   increase security level.  An initialization vector (IV) is a
   cryptographically-secure random non-repeating value added as the
   initial state to a block cipher algorithm depending on the mode of
   operation, preventing the cipher from producing the same ciphertext
   for similar blocks.  In the case of this specification the Nonce is
   the salt value and is used to avoid generating the same POT TLV for
   packets having the same SRH.  This allows to protect against replay
   attacks, where a malicious attacker re-uses the POT TLV to make the
   egress believe the packet went through the path encoded in SRH.
   However, to work correctly the egress has to keep track of the most
   recently received Nonces and discard any packet carrying a duplicate

   Nonce values MUST be generated following [RFC4086] and [RFC8937].

   An alternative solution to the replay attack is to use keys that are
   unique for each packet.  This can be achieved using a key derivation
   function that derives a new unique key from a pre-shared master key
   for each packet.  The POT TLV should be capable of encoding such
   solution by converting the Nonce field to a key index field that
   allows to retrieve the right derived key to be used on each segment.
   However, such a solution is out of the scope of this document.

7.2.  Hashing and Encryption algorithms considerations

   The proposed POT mechanism uses two types of algorithms: an
   authentication algorithm based on a hash function and an encryption

   As with the computation of the SRH HMAC described in Section 2.1.2 of
   [RFC8754], an implementation of the POT mechanism described in this
   document can use multiple hash functions.  Security recommendations
   of [RFC8754] concerning HMAC apply as well to this specification.

   Regarding the encryption algorithm, the mechanism described in this
   document does not use an Authenticated Encryption with Associated
   Data (AEAD) algorithm given that the encryption algorithm is used to
   encrypt an authentication tag sequentially.  Using an AEAD algorithm
   would increase the size of the POT proof by the size of the
   authentication tag with each hop, which would make the size of the
   TLV too big for long paths.  An algorithm suitable to be used to
   encrypt the POT HMAC is AES-XTS [IEEE1619-2007], or alternatively
   AES-CTR [MODES], taking in consideration the usage restriction
   presented in Section 4 of [RFC9459].

7.3.  Key Management Considerations

   While key management is outside the scope of this document, the
   recommendations of BCP 107 [RFC4107] should be considered when
   choosing the key management system.

