Hi Linda, Thank you for your concern about this proposal. I think your questions are very meaningful, and here is my response. First of all, I think the three questions are all aobut if we trust the rmote environment in where deploys NSF. If we don't trust the environment, the threats may happen. So this document tries to figure out a general way to mitigate that kinds of threats and enhance the security of the NSF itself.
1,These threats are applicable to any netowrk functions deployed in remote environment that the manager cannot make sure if it is trustworthy. But in this document we only focus on the NSF. 2,Consider a secuiry company provides NSF in which contains lots of policy rules such as DDoS prevention, traffic filtering, etc. If the platform who carrys the NSF is malicious, it could steal this security asset for other purpose. The core asset of security knowledge is from the security controller, which provided by the security company. 3,The attackers in platfom could also disturb the action of NSF, and feedback the fake notification or event to security controller. That is what I mean spoofing attack. If the paltform is trusted, or has been remote attested, at least we can say the NSF is well deployed and its feedback is trustworthy. (In fact, about trust, there have more topics about static trust and runtime trust. Remote attestation could provide static trust like booting state of platform, installation of software, or file changing in system. Other techs like "confidential computing" could provide an isolated CPU and memory area that users can trust it during running time. This tech is still in developing stage, there is no standard yet. But I do think in the future security-sensitive scenarios will use it. ) Hope my answer could solve your problem. BR Penglin From: Linda Dunbar Date: 2021-12-03 11:56 To: yangpeng...@chinamobile.com; i2nsf@ietf.org Subject: Re: [I2nsf] topic about draft-yang-i2nsf-trust-enhanced-i2nsf PengLin, Thank you very much for posting the draft in I2NSF WG. A few questions to your proposal: Are the three threats in Section 3.2 specific to Network Security Functions? Or applicable to any network functions? The Second Threat is the leak of policy rules and core asset of security knowledge. Where do the “policy rules” leaked to? The “core asset of security knowledge” is from network operators? Or is it to the Network Security Functions? The “third threat on potential spoofing attack to the NSF architecture”. Are the spoofing attack also applicable to any network functions? Is “spoofing attack” addressed by RAT? Thank you Linda Dunbar From: I2nsf <i2nsf-boun...@ietf.org> On Behalf Of yangpeng...@chinamobile.com Sent: Wednesday, December 1, 2021 9:46 PM To: i2nsf@ietf.org Subject: [I2nsf] topic about draft-yang-i2nsf-trust-enhanced-i2nsf Hi everyone, This is Penglin Yang from China Mobile Research Institute. Recently, we composed a document named trust enhanced I2NSF and submitted to the I2NSF group. (https://datatracker.ietf.org/doc/draft-yang-i2nsf-trust-enhanced-i2nsf/) The motivation of this document is trying to use remote attestation technology to augment the security and to enhance the trustworthiness of NSF. In this document we illustrated the architecture of trsuted enhanced I2NSF and the relevant interfaces. We sincerely welcome everyone to comment on this document. And if you are interested, we can work together to promote this idea to a better version. BR Penglin Yang CMCC
_______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf