the extended esp for ipsec security synchronization
DESCRIPTION
The Extended ESP for IPSec Security Synchronization. Rock. Introduction. Aspects related to security planned to be studied in TICTOC In IETF 78, two documents has discussed the requirements on identify time packet in IPSec, these documents could found in following link: - PowerPoint PPT PresentationTRANSCRIPT
HUAWEI TECHNOLOGIES CO., LTD.Page 1
The Extended ESP for IPSec Security Synchronization
Rock
Introduction• Aspects related to security planned to be studied in TICTOC • In IETF 78, two documents has discussed the requirements on
identify time packet in IPSec, these documents could found in following link: – Packet Timing Security Aspects
(Tictoc-2 from IETF-78: www.ietf.org/proceedings/78/slides/tictoc-
2/tictoc-2.htm ) – Security requirement for 1588v2 over IPsec (tictoc-3 from IETF -
78: www.ietf.org/proceedings/78/slides/tictoc-3/tictoc-3.htm ) • There is a new document gives a solution on how to mark the
synchronization message when IPSec is implemented in end to end frequency synchronization. (draft-xu-tictoc-IPsec-security-for-synchronization-00)
Page 3
Current ESP Format
No reserved field for additional usage, such as identifying encrypted payload data.
Page 4
The New Flexible ESP Format
The new ESP format contains additional authentication information. it is comprised of ESP special usage flags (one octet zeros), extended data type, extended data length, and the optional Authentication Payload.
Page 5
The New Flexible ESP Format Used In Time Packet
This figure gives sample usage of new ESP format for time packet. The value of the data type field and the format of Authentication Payload need further discussion.
Page 6
• No impact on current IPv4 header, all the extension is on ESP.• This solution could also be used in IPv6 which already supports ESP.• The extension on ESP could be used not only to identify encrypted
time packet, but also to identify other encrypted service packet when
necessary.
The Advantage on this solution
Page 7
• The solution is related to Tictoc and IPSecMe group, how to
coordinate two groups to discuss this solution?
Issues
Thank Youwww.huawei.com