Hi Linda,
Thank you for your concern about this proposal. I think your questions are very
meaningful, and here is my response. First of all, I think the three questions
are all aobut if we trust the rmote environment in where deploys NSF. If we
don't trust the environment, the threats may happen. So this document tries to
figure out a general way to mitigate that kinds of threats and enhance the
security of the NSF itself.
1,These threats are applicable to any netowrk functions deployed in remote
environment that the manager cannot make sure if it is trustworthy. But in this
document we only focus on the NSF.
2,Consider a secuiry company provides NSF in which contains lots of policy
rules such as DDoS prevention, traffic filtering, etc. If the platform who
carrys the NSF is malicious, it could steal this security asset for other
purpose. The core asset of security knowledge is from the security controller,
which provided by the security company.
3,The attackers in platfom could also disturb the action of NSF, and
feedback the fake notification or event to security controller. That is what I
mean spoofing attack. If the paltform is trusted, or has been remote attested,
at least we can say the NSF is well deployed and its feedback is trustworthy.
(In fact, about trust, there have more topics about static trust and runtime
trust. Remote attestation could provide static trust like booting state of
platform, installation of software, or file changing in system. Other techs
like "confidential computing" could provide an isolated CPU and memory area
that users can trust it during running time. This tech is still in developing
stage, there is no standard yet. But I do think in the future
security-sensitive scenarios will use it. )
Hope my answer could solve your problem.
BR
Penglin
From: Linda Dunbar
Date: 2021-12-03 11:56
To: yangpeng...@chinamobile.com; i2nsf@ietf.org
Subject: Re: [I2nsf] topic about draft-yang-i2nsf-trust-enhanced-i2nsf
PengLin,
Thank you very much for posting the draft in I2NSF WG.
A few questions to your proposal:
Are the three threats in Section 3.2 specific to Network Security Functions? Or
applicable to any network functions?
The Second Threat is the leak of policy rules and core asset of security
knowledge. Where do the “policy rules” leaked to? The “core asset of
security knowledge” is from network operators? Or is it to the Network Security
Functions?
The “third threat on potential spoofing attack to the NSF architecture”. Are
the spoofing attack also applicable to any network functions? Is “spoofing
attack” addressed by RAT?
Thank you
Linda Dunbar
From: I2nsf <i2nsf-boun...@ietf.org> On Behalf Of yangpeng...@chinamobile.com
Sent: Wednesday, December 1, 2021 9:46 PM
To: i2nsf@ietf.org
Subject: [I2nsf] topic about draft-yang-i2nsf-trust-enhanced-i2nsf
Hi everyone,
This is Penglin Yang from China Mobile Research Institute. Recently, we
composed a document named trust enhanced I2NSF and submitted to the I2NSF
group.
(https://datatracker.ietf.org/doc/draft-yang-i2nsf-trust-enhanced-i2nsf/) The
motivation of this document is trying to use remote attestation technology to
augment the security and to enhance the trustworthiness of NSF. In this
document we illustrated the architecture of trsuted enhanced I2NSF and the
relevant interfaces.
We sincerely welcome everyone to comment on this document. And if you are
interested, we can work together to promote this idea to a better version.
BR
Penglin Yang
CMCC
_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf
