Internet-Draft | CATS Security Considerations | October 2024 |
Wang & Fu | Expires 24 April 2025 | [Page] |
Computing-Aware Traffic Steering (CATS) inherits potential security vulnerabilities from the network, computing nodes as well as workflows of CATS procedures. This document describes various threats and security concerns related to CATS and existing approaches to solve these threats.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 24 April 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The CATS framework is an ingress-based overlay framework for the selection of the suitable service instance(s) from a set of instance candidates. By taking into account both networking and computing metrics, the CATS framework achieve a global of dispatching service demands over the various and available edge computing resources. However, ubiquitous distributed computing resources in CATS also pose challenges to security protection. The operators of CATS may not have complete control over the nodes and therefore guarantee the security and credibility of the computing nodes themselves. Moreover, there are great differences in the security capabilities provided by computing nodes in the network, which greatly improves the breadth and difficulty of security protection.¶
This document describes various threats and security concerns related to CATS networks and existing approaches to solve these threats.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document makes use of the following terms:¶
Computing-Aware Traffic Steering (CATS): A traffic engineering approach [I-D ietf-teas-rfc3272bis] that takes into account the dynamic nature of computing resources and network state to optimize service-specific traffic forwarding towards a given service instance. Various relevant metrics may be used to enforce such computing-aware traffic steering policies. [I-D.ldbc-cats-framework]¶
CATS Service ID (CS-ID): An identifier representing a service, which the clients use to access it.¶
Service: An offering provided by a service provider and which is delivered using one or more service functions [RFC7665].¶
CATS Service Metric Agent (C-SMA): An agent that is responsible for collecting service capabilities and status, and for reporting them to a CATS Path Selector (C-PS).¶
Service request: The request for a specific service instance.¶
The ubiquitous and flexible characterictics of computing resource and the frequent connections to the computing resource will lead to the increasing risks of resource attacks. At the same time, network attack patterns are constantly iterating and upgrading, which will also increases the probability of computing resources being attacked. Therefore security solutions of CATS must support identity authentication and access control against these attacks. Identity authentication is required for clients of CATS. Zero trust is the preferred approach to meet this demand. Besides, security monitoring and auditing of computing resources should be carried out using technologies such as security log management and intrusion detection to monitor the security status of computing resources.¶
The operation of a C-PS could be damaged through a variety of denial-of-service attacks. Such attacks can cause the C-PS to become congested with the result that traffic forwarding are too slowly . In extreme cases, it may be that service requests are not satisfied. C-PS could be the target of the following attacks [RFC5440]:¶
interception of C-PS service requests or responses;¶
impersonation of C-PS;¶
falsification of computing service information, policy information, or C-PS capabilities; and¶
denial-of-service attacks on C-PS communication mechanisms.¶
Additionally, snooping of C-PS requests and responses may give an attacker information about the operation of the network. Simply by viewing the C-PS messages someone can know where traffic is being routed, thereby making the network susceptible to targeted attacks. It is expected that C-PS solutions will address these issues in detail using authentication and security techniques.¶
A computing service is associated with a unique identifier called a CS-ID. The CS-ID should keep confidentiality of the service, for example, using an IP address as the CS-ID may expose the location of the edge node. The mapping of CS-IDs to network identifiers may be learned through a NRS(Name Resolution Service), such as DNS, so it is important for the NRS to support access control for certain name mapping records, and authentication of the computing service that want to be registered with the NRS must be required so that only authenticated entities can store and update name mapping records. Besides, the NRS should be resilient against denial-of- service attacks and other common attacks.¶
The C-SMA aggregates both service-related capabilities and then advertises the CS-IDs along with the metrics to be received by all C-PS in the network. The service metrics include computing-related metrics and potentially other service-specific metrics like the number of end-users who access the service instance at any given time, their location, etc. Therefore, verification mechanism is needed for both C-SMA and C-PS to ensure the authenticity and integrity of the infomation they received.¶
The information distributed by the C-SMA and C-NMA may be sensitive. Such information could indeed disclose intel about the network and the location of computing resources hosted in edge sites. Furthermore, such information may be modified by an attacker resulting in disrupted service delivery for the clients, including misdirection of traffic to an attacker's service implementation.¶
The computing resource information changes over time very frequently, especially with the creation and termination of service instances. When such an information is carried in a routing protocol, too many updates may affect network stability. This issue could be exploited by an attacker (e.g. by spawning and deleting service instances very rapidly). CATS solutions must support guards against such misbehaviors. For example, these solutions should support aggregation techniques, dampening mechanisms, and threshold triggered distribution updates.¶
The security considerations of CATS are presented throughout this document. .¶
This document has no IANA actions.¶