Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [1904.4 TF] [1904-ANWG] Slides used for discussion last night



Happy to bring in more discussion, Glen. Please see inline in red

On 3/8/23 17:01, Glen Kramer wrote:

Thank you, Marek. You bring many good points that provide more food for thought. Please see below.

 

From: Marek Hajduczenia <mxhaj79@xxxxxxxxx>
Sent: Tuesday, March 7, 2023 4:46 PM
To: STDS-1904-4-TF@xxxxxxxxxxxxxxxxx
Subject: Re: [1904.4 TF] [1904-ANWG] Slides used for discussion last night

 

Hi Glen,

Some thoughts / feedback

[GK] I don’t have a strong argument for continued support of 128-bit key. I thought that it was possible that instead of generating keys in the OLT itself, operators will use some external security server. And that external infrastructure may or may not support 256-bit keys in various head ends. Maybe this is not the case. Just want to observe two things:

1)      The 128 and 256 refers to only the key size. The AES engine itself is always 128 bit wide.  

2)      The newest ITU-T PON recommendation G.9804 includes encryption methods with both key sizes: AES-128 (mandatory), AES-256 (mandatory), Camellia-128, Camellia-256, and SM4(-128)

Does anyone have any concerns with not supporting AES-128?

[mh0308] I personally think we should minimize the key size count, not add to the complexity of supporting different encryption schemes. I understand what the driver was on the ITU-T side, but I feel we do not have to deal with that honestly. My vote would be for 256b key only.

[GK] To use zero-overhead encryption, the ONU must first receive the full 48-bit extended MPCP clock from the OLT. Without this value, encryption cannot operate, so it cannot be enabled by default. Correspondingly, the OAMPDU that delivers the extended MPCP clock to the ONU signifies to the ONU that the NMS/OLT wants it to use encryption. I called this OAMPDU “Encryption Configuration”. It has only two fields: enable/disable flag and 48-bit MPCP clock.  I think there must be a certain script or a sequence of configuration operations that is executed to configure new ONU before it can perform its duties. Rules, Queues, LLIDs, VLAN tags – all need to be provisioned. Enabling the encryption should be set as the first step in this process.

[mh0308] Are we still considering zero encryption as a viable option? Did I miss anything?

[GK] Yes, the broadcast traffic is never encrypted because every ONU must receive it. But this question asked a different thing. Just looking at the problem from the ONU perspective. When ONU receives an envelope header, it checks if it has one of ONU’s assigned LLIDs. If not, the envelope is ignored. If it is, then ONU checks the encryption enable flag. If encryption is enabled, the ONU checks the Key index and determines what key it should use to decrypt the envelope payload. But what should ONU do if the encryption flag is set to disabled? This could be a broadcast LLID or any LLID assigned to this ONU. This envelope arrived unencrypted. The ONU has to make a decision. It can drop this envelope, or it can process it without applying the decryption.

[mh0308] In all honesty, the general trend in operator's world is to encrypt everything when we can just because we can (costs us zero, right). While I do not necessarily see the add-on value of encrypting encrypted traffic, most operators will likely opt for solution where everything, even broadcast, is encrypted, just because it eliminated potential security exposures. If we have encryption on already, it does not add to complexity, right? The counter-argument is that if everyone is within the same encryption group, that means also a potentially malicious ONU might be in on it.
As far as what the ONU should do with envelopes that are encrypted and the ONU encryption is disabled - wouldn't that imply configuration misalignment?

I don’t think discarding such unencrypted envelope is the right approach. For example, it could be a multicast OAMPDU instructing ONUs to switch to protection path. If OLT took the trouble of sending it, ONU should not unilaterally decide that it was not important.

[mh0308] Why wouldn't we encrypt OAM as well? That is a potential security exposure.

Now, the follow-up question. When OLT switches from key 0 to key 1 and indicates this in the downstream envelope header, the ONU uses this indication to also switch the encryption from key 0 to key 1 in the upstream direction. Shouldn’t ONU similarly follow the OLT’s lead, if for a given LLID, the OLT changed the encryption enabled flag to encryption disabled? ONU can follow this lead and disable the encryption for the same LLID in the upstream direction (if it was bidirectional LLID). Alternatively, the ONU can ignore the flag it received from the OLT and continue encrypting this LLID in the upstream. To me, ONU always following the OLT lead seems like a more robust solution.

[mh0308] I am not sure I follow the problem here - to me, as you said, ONU (is expected to) always do what the OLT tells it to. Encryption enabled, that would mean downstream and upstream. Disabled, the same thing. I do not see much value in doing downstream encryption only (seems like lot of implementation complexity for little gain).
However, the problem only happens when ONU does not listen to OLT commands, i.e., disables encryption when told to enable it or vice versa. I would claim that is non-compliant behavior and should be treated as such. The same as ONU (for example) transmitting out of its transmission slot that was allocated by the OLT. Do we need to build a whole protocol around misbehaving devices?

Regards

Marek

On 3/7/23 15:22, Glen Kramer wrote:

Thank you Steve!

 

Based on this contribution and the discussion we had at the last meeting, I updated my slides. I removed slides that are not relevant anymore and tried to make the remaining slides look more like a proposal. There are still many questions that the WG need to resolve. They are summarized on the last 4 slides.

 

Let’s discuss the attached slides on the reflector first. Then we can have another call a week or two from now.

I moved this email from the WG reflector to TF4 reflector. All, please respond with your suggestions and concerns.

 

Glen

 

 

 

From: Steve Goeringer <s.goeringer@xxxxxxxxxxxxx>
Sent: Wednesday, March 1, 2023 8:18 AM
To: STDS-1904-WG@xxxxxxxxxxxxxxxxx
Subject: [1904-ANWG] Slides used for discussion last night

 

Let me know if you have questions. Thanks for inviting me contribute to the discussion.

 

Steve Goeringer

Distinguished Technologist

Director, Emerging Security Technologies

CableLabs® 


To unsubscribe from the STDS-1904-WG list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-1904-WG&A=1


To unsubscribe from the STDS-1904-4-TF list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-1904-4-TF&A=1


To unsubscribe from the STDS-1904-4-TF list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-1904-4-TF&A=1


To unsubscribe from the STDS-1904-4-TF list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-1904-4-TF&A=1