cats C. Wang Internet-Draft Y. Fu Intended status: Standards Track China Unicom Expires: 20 October 2024 18 April 2024 Security Considerations for Computing-Aware Traffic Steering draft-wang-cats-security-considerations-00 Abstract Computing-Aware Traffic Steering (CATS) inherits potential security vulnerabilities from the network, computing node as well as workflows of CATS procedures. This document describes various threats and security concerns related to CATS networks and existing approaches to solve these threats. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 20 October 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Wang & Fu Expires 20 October 2024 [Page 1] Internet-Draft CATS Security Considerations April 2024 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. The Computing Resource Security Issues . . . . . . . . . . . 3 4. The Network Infrastructure Security Issues . . . . . . . . . 3 4.1. SRv6 Security Issues . . . . . . . . . . . . . . . . . . 3 4.2. SD-WAN Security Issues . . . . . . . . . . . . . . . . . 4 4.3. The security issues of Deterministic Networking . . . . . 4 5. Orchestration and Management Security Issues . . . . . . . . 4 5.1. Computing Service Announcement Security Issues . . . . . 5 5.2. Security Issues with Metrics Distribution . . . . . . . . 5 6. Security operations of CATS . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . 6 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction The CATS framework is an ingress-based overlay framework for the selection of the suitable service instance(s) from a set of instance candidates. By taking into account both networking and computing metrics, the CATS framework achieve a global of dispatching service demands over the various and available edge computing resources. However, ubiquitous distributed computing resources in CATS also pose challenges to security protection. The operators of CATS may not have complete control over the nodes and therefore guarantee the security and credibility of the computing nodes themselves. Moreover, there are great differences in the security capabilities provided by computing nodes in the network, which greatly improves the breadth and difficulty of security protection. This document describes various threats and security concerns related to CATS networks and existing approaches to solve these threats. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Wang & Fu Expires 20 October 2024 [Page 2] Internet-Draft CATS Security Considerations April 2024 2. Terminology This document makes use of the following terms: *Computing-Aware Traffic Steering (CATS):* A traffic engineering approach [I-D ietf-teas-rfc3272bis] that takes into account the dynamic nature of computing resources and network state to optimize service-specific traffic forwarding towards a given service instance. Various relevant metrics may be used to enforce such computing-aware traffic steering policies. [I-D.ldbc-cats-framework] *CATS Service ID (CS-ID):* An identifier representing a service, which the clients use to access it. *Service:* An offering provided by a service provider and which is delivered using one or more service functions [RFC7665]. *CATS Service Metric Agent (C-SMA):* An agent that is responsible for collecting service capabilities and status, and for reporting them to a CATS Path Selector (C-PS). *Service request:* The request for a specific service instance. 3. The Computing Resource Security Issues The ubiquitous and flexible characterictics of computing resource and the frequent connections to the computing resource will lead to the increasing risks of resource attacks. At the same time, network attack patterns are constantly iterating and upgrading, which will also increases the probability of computing resources being attacked. Therefore security solutions of CATS must support identity authentication and access control against these attacks. Identity authentication is required for clients of CATS. Zero trust is the preferred approach to meet this demand. Besides, security monitoring and auditing of computing resources should be carried out using technologies such as security log management and intrusion detection to monitor the security status of computing resources. 4. The Network Infrastructure Security Issues 4.1. SRv6 Security Issues The SRv6 network poses security risks in both IPv6 and source routing. Attackers can disguise themselves as routing sources to send attack messages, or illegally intercept, tamper with, or impersonate SRv6 messages during message transmission to achieve DoS\/DDoS attacks, malicious message attacks, or other security attacks. Wang & Fu Expires 20 October 2024 [Page 3] Internet-Draft CATS Security Considerations April 2024 The IPsec protocol can be used to encapsulate and encrypt the SRv6 message, and then verify the route source of the IP message to ensure that the message is not tampered with during transmission. Based on the source routing characteristics of SRv6, trusted domains and trusted network boundaries can be set. Messages from the trusted domain should not be forwarded to outside the trusted network. Messages from outside the trusted domain should be ensured as trustworthy and not tampered with. For packets from outside the trusted domain, ACL policies can be deployed as the filter mechanism; On the other hand, HMAC(Hash-based Message Authentication Code) mechanism can be used to verify the SRv6 extension header to verify the identity of the source and prevent packet tampering. 4.2. SD-WAN Security Issues SD-WAN integrates virtual and physical networks, and its integration with SRv6 enables end-to-end network programmability. It utilizes application awareness to achieve differentiated network services, and utilizes IFIT for SLA closed-loop control, thereby achieving reliable network quality assurance. After the emergence of the SD-WAN scheme, business traffic may be transmitted on the public network, making the network environment more complex, leading to illegal access, intrusion, and data leakage network risks. SD-WAN security measures consists of component security and communication security between components, which is out of the scope of the draft. 4.3. The security issues of Deterministic Networking Deterministic networks provide service quality assurance for certain scenarios, but also face new security risks such as latency attacks. Attackers can invade the network resources, computing resources, or forwarding paths of latency sensitive businesses by tampering with packet headers, injecting packets and other means, thereby disrupting the determinacy of network service quality and causing attacks. The security measures of deterministic networks include link redundancy, packet header tampering prevention, node verification, packet encryption, and dynamic performance monitoring ,which can be taken to prevent the intrusion of time sensitive business resources and dynamically ensure network performance. This section is out of the scope of this draft. 5. Orchestration and Management Security Issues Wang & Fu Expires 20 October 2024 [Page 4] Internet-Draft CATS Security Considerations April 2024 5.1. Computing Service Announcement Security Issues A computing service is associated with a unique identifier called a CS-ID. The CS-ID should keep confidentiality of the service, for example, using an IP address as the CS-ID may expose the location of the edge node. The mapping of CS-IDs to network identifiers may be learned through a NRS(Name Resolution Service), such as DNS, so it is important for the NRS to support access control for certain name mapping records, and authentication of the computing service that want to be registered with the NRS must be required so that only authenticated entities can store and update name mapping records. Besides, the NRS should be resilient against denial-of- service attacks and other common attacks. 5.2. Security Issues with Metrics Distribution The C-SMA aggregates both service-related capabilities and then advertises the CS-IDs along with the metrics to be received by all C-PS in the network. The service metrics include computing-related metrics and potentially other service-specific metrics like the number of end-users who access the service instance at any given time, their location, etc. Therefore, verification mechanism is needed for both C-SMA and C-PS to ensure the authenticity and integrity of the infomation they received. The information distributed by the C-SMA and C-NMA may be sensitive. Such information could indeed disclose intel about the network and the location of computing resources hosted in edge sites. Furthermore, such information may be modified by an attacker resulting in disrupted service delivery for the clients, including misdirection of traffic to an attacker's service implementation. The computing resource information changes over time very frequently, especially with the creation and termination of service instances. When such an information is carried in a routing protocol, too many updates may affect network stability. This issue could be exploited by an attacker (e.g. by spawning and deleting service instances very rapidly). CATS solutions must support guards against such misbehaviors. For example, these solutions should support aggregation techniques, dampening mechanisms, and threshold triggered distribution updates. Wang & Fu Expires 20 October 2024 [Page 5] Internet-Draft CATS Security Considerations April 2024 6. Security operations of CATS Computing power trading requires the aggregation of computing information from different nodes, therefore an effective security operation mechanism is needed to ensure the progress of computing power trading. Security operations mainly include computing power monitoring, trading, and auditing. Considering the dispersed deployment of computing nodes, blockchain can be used to monitor and audit distributed computing resources and transactions, besides, smart contracts and multi-party consensus can be used to achieve the auditability and traceability of transactions in CATS. 7. Security Considerations The security considerations of CATS are presented throughout this document. . 8. IANA Considerations This document has no IANA actions. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 9.2. Informative References [I-D.ldbc-cats-framework] Li, C., Du, Z., Boucadair, M., Contreras, L. M., and J. Drake, "A Framework for Computing-Aware Traffic Steering (CATS)", Work in Progress, Internet-Draft, draft-ldbc- cats-framework-06, 8 February 2024, . Wang & Fu Expires 20 October 2024 [Page 6] Internet-Draft CATS Security Considerations April 2024 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, October 2015, . Acknowledgements TBD Authors' Addresses Cuicui Wang China Unicom Beijing China Email: wangcc107@chinaunicom.cn Yu Fu China Unicom Beijing China Email: fuy186@chinaunicom.cn Wang & Fu Expires 20 October 2024 [Page 7]