Internet DRAFT - draft-li-dhc-secure-dhcpv6-deployment

draft-li-dhc-secure-dhcpv6-deployment







DHC Working Group                                                  L. Li
Internet-Draft                                                    Y. Cui
Intended status: Informational                                     J. Wu
Expires: September 7, 2016                           Tsinghua University
                                                                S. Jiang
                                            Huawei Technologies Co., Ltd
                                                           March 6, 2016


                        secure DHCPv6 deployment
                draft-li-dhc-secure-dhcpv6-deployment-03

Abstract

   Secure DHCPv6 provides authentication and encryption mechanisms for
   DHCPv6.  This draft analyses DHCPv6 threat model and provides
   guideline for secure DHCPv6 deployment.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 7, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as



Li, et al.              Expires September 7, 2016               [Page 1]

Internet-Draft          secure DHCPv6 deployment              March 2016


   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  DHCPv6 Threat Model . . . . . . . . . . . . . . . . . . . . .   2
   3.  Secure DHCPv6 Mechanism Deployment  . . . . . . . . . . . . .   3
     3.1.  Secure DHCPv6 Overview  . . . . . . . . . . . . . . . . .   3
     3.2.  Secure DHCPv6 Deployment Difficulties . . . . . . . . . .   4
     3.3.  Roaming Client with Loose Security Policy . . . . . . . .   4
     3.4.  Static Client with Strict Security Policy . . . . . . . .   4
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   The Dynamic Host Configuration Protocol for IPv6 [RFC3315] enables
   DHCPv6 servers to configure network parameters dynamically.  Due to
   the unsecured nature of DHCPv6, the various critical identifiers in
   DHCPv6 are vulnerable to several types of attacks.  Secure DHCPv6
   [I-D.ietf-dhc-sedhcpv6] provides authentication and encryption
   mechanisms for DHCPv6.

   This document analyses DHCPv6 threat model and provides some
   guideline for secure DHCPv6 deployment.  For secure DHCPv6
   deployment, we mainly consider two different scenarios: roaming
   client with loose security policy and static client with strict
   security policy.

2.  DHCPv6 Threat Model

   DHCPv6 privacy consideration [I-D.ietf-dhc-dhcpv6-privacy] analyses
   the privacy problem for DHCPv6, listing the various DHCPv6 options
   containing the privacy information and the possible attacks to
   DHCPv6.

   Most of the privacy considerations for DHCPv6 focus on the client
   privacy protection.  As the public service infrastructures, the
   privacy protection of the DHCPv6 server and relay agent is less
   important.

   The attack specific to a DHCPv6 client is the possibility of the
   injection attack, MitM attack, spoofing attack.  Because of the above
   attacks, the client may be configured with the incorrect
   configuration information, such as invalid IPv6 address.  In



Li, et al.              Expires September 7, 2016               [Page 2]

Internet-Draft          secure DHCPv6 deployment              March 2016


   addition, the client is also faced up with passive attacks, such as
   pervasive monitoring.  Pervasive monitoring may glean the privacy
   information of the IPv6 host, which is used to find location
   information, previously visited networks and so on.  [RFC7258] claims
   that pervasive monitoring should be mitigated in the design of IETF
   protocols, where possible.

   For the static clients, such as the devices in enterprise network,
   they are always assumed to connect to exactly one network.  The
   static client can be easily pre-configured with the certificates of
   the local DHCPv6 servers.  According to the pre-configured
   information, the static client can detect the spoofing attack.  The
   typical attack is MitM attack.  An intruder connects to the network
   and uses DHCP spoofing to install itself as a MitM.  Because of the
   MitM attack, the client's privacy information may be modified or
   gleaned by the MitM.  For the roaming clients, the typical attack is
   spoofing attack.  Because of the rogue server which masquerades as
   valid server, the client is configured with the incorrect
   configuration information.

   The attack specific to a DHCPv6 server is the possibility of "denial
   of service" (Dos) attack.  Invalid clients may masquerade as valid
   clients to request IPv6 addresses continually.  The attack may cause
   the exhaustion of valid IPv6 addresses, CPU and network bandwidth.
   In addition, it also causes problem for the maintenance and
   management of the large tables on the DHCPv6 servers.

3.  Secure DHCPv6 Mechanism Deployment

3.1.  Secure DHCPv6 Overview

   Secure DHCPv6 [I-D.ietf-dhc-sedhcpv6] provides the authentication and
   encryption mechanisms for DHCPv6.  The Information-request and Reply
   messages are exchanged to achieve DHCPv6 server authentication.  Then
   the DHCPv6 client authentication is achieved through the first
   encrypted DHCPv6 message sent from the client to the server, which
   contains the client's certificate information.  Once the mutual
   authentication, the subsequent DHCPv6 messages are all encrypted with
   the recipient's public key.

   DHCPv6 server authentication protects the DHCPv6 client from
   injection attack, spoofing attack, and MitM attack.  DHCPv6 client
   authentication protects the DHCPv6 server from Dos attack.  DHCPv6
   encryption protects DHCPv6 from passive attack, such as pervasive
   monitoring.






Li, et al.              Expires September 7, 2016               [Page 3]

Internet-Draft          secure DHCPv6 deployment              March 2016


3.2.  Secure DHCPv6 Deployment Difficulties

   Because of DHCPv6's specific property, the deployment of Secure
   DHCPv6 mechanism is faced with some specific difficulties.  The
   DHCPv6 server is always assumed to be pre-configured with the trusted
   clients' certificates or the trusted CAs' certificates to verify the
   clients' identity.  The difficulty of Secure DHCPv6 deployment is
   that it is hard for the client to verify the server's identity
   without access to the network.  According to the client's capability
   and security requirement, different schemes for secure DHCPv6
   deployment are applied.

3.3.  Roaming Client with Loose Security Policy

   In the scenario where the DHCPv6 clients are roaming and have loose
   security requirement, opportunistic security plays a role.
   Opportunistic security provides DHCPv6 encryption even when the
   mutual authentication is not available.  Based on the roaming
   client's capability, the DHCPv6 configuration process is either
   authenticated and encrypted, or non-authenticated and encrypted.

   If the client is pre-configured with the trusted servers'
   certificates or the trusted CAs' certificates, it has the capability
   to achieve server authentication.  If the client is pre-configured
   with its own CA-signed certificate, it sends the CA-signed
   certificate to the DHCPv6 server for client authentication.  When the
   client has been pre-configured with these certificate information,
   the DHCPv6 configuration process is authenticated and encrypted,
   which protects the DHCPv6 transaction from passive and active
   attacks.

   If the client is not pre-configured with these certificate
   information, the communication is non-authenticated and encrypted.
   Non-authenticated and encrypted communication is better than
   cleartext, which defends against pervasive monitoring and other
   passive attacks.  Although the client is not capable of verifying the
   server's identity, the client can obtain the server's public key
   through the server's certificate.  For the client authentication, the
   client can send the self-signed certificate to the server if the
   client is not configured with the CA-signed certificate.  For the
   DHCPv6 encryption, after the mutual public key communication process,
   the DHCPv6 message is encrypted with the recipient's public key.

3.4.  Static Client with Strict Security Policy

   In the scenario where the DHCPv6 clients are static and have strict
   security requirement, the PKI plays a role.  Then the default
   security policy is that DHCPv6 configuration communication must be



Li, et al.              Expires September 7, 2016               [Page 4]

Internet-Draft          secure DHCPv6 deployment              March 2016


   authenticated and encrypted.  The static clients, such as the desktop
   in enterprise network, are pre-configured with the trusted servers'
   certificates or the trusted CAs' certificates which form the
   certificate path.  Through the pre-configured information, the client
   has the capability to achieve server authentication locally according
   to the rule defined in [RFC5280].  For client authentication, the
   client sends the CA-signed certificate to the server for client
   authentication.  For DHCPv6 encryption, the DHCPv6 message is
   encrypted with the recipient's public key contained in the
   certificate.

   In some scenarios, the roaming client may also have strict security
   requirement, such as the byod in enterprise network.  Because of the
   strict security policy, the DHCPv6 configuration process is
   authenticated and encrypted.  Although the roaming client is not pre-
   configured with the certificates information, the trusted server's
   certificate and its own certificate can be obtained out of band, such
   as by scanning a QR code.  Through the obtained certificate
   information, the DHCPv6 client and the DHCPv6 server can achieve the
   mutual authentication.  And then the subsequent DHCPv6 messages are
   encrypted with the recipient's public key.

4.  Security Considerations

   Opportunistic encryption is used for secure DHCPv6 deployment in the
   scenario where the security policy is loose.  Downgrade attacks
   cannot be avoided if nodes can accept the un-authenticated and
   encrypted DHCPv6 configuration.

5.  References

5.1.  Normative References

   [I-D.ietf-dhc-sedhcpv6]
              Jiang, S., Li, L., Cui, Y., Jinmei, T., Lemon, T., and D.
              Zhang, "Secure DHCPv6", draft-ietf-dhc-sedhcpv6-10 (work
              in progress), December 2015.

   [RFC3315]  Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
              C., and M. Carney, "Dynamic Host Configuration Protocol
              for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
              2003, <http://www.rfc-editor.org/info/rfc3315>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <http://www.rfc-editor.org/info/rfc5280>.



Li, et al.              Expires September 7, 2016               [Page 5]

Internet-Draft          secure DHCPv6 deployment              March 2016


   [RFC7435]  Dukhovni, V., "Opportunistic Security: Some Protection
              Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
              December 2014, <http://www.rfc-editor.org/info/rfc7435>.

5.2.  Informative References

   [I-D.ietf-dhc-dhcpv6-privacy]
              Krishnan, S., Mrugalski, T., and S. Jiang, "Privacy
              considerations for DHCPv6", draft-ietf-dhc-
              dhcpv6-privacy-05 (work in progress), February 2016.

   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
              2014, <http://www.rfc-editor.org/info/rfc7258>.

Authors' Addresses

   Lishan Li
   Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-15201441862
   Email: lilishan48@gmail.com


   Yong Cui
   Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6260-3059
   Email: yong@csnet1.cs.tsinghua.edu.cn


   Jianping Wu
   Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5983
   Email: jianping@cernet.edu.cn









Li, et al.              Expires September 7, 2016               [Page 6]

Internet-Draft          secure DHCPv6 deployment              March 2016


   Sheng Jiang
   Huawei Technologies Co., Ltd
   Q14, Huawei Campus, No.156 Beiqing Road
   Hai-Dian District, Beijing, 100095
   CN

   Email: jiangsheng@huawei.com












































Li, et al.              Expires September 7, 2016               [Page 7]