[babel] Fwd: [Babel-users] HOWTO: MAC security for Babel
Juliusz Chroboczek <jch@irif.fr> Tue, 08 June 2021 12:14 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0450D3A2EBF for <babel@ietfa.amsl.com>; Tue, 8 Jun 2021 05:14:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1uqblVCIBHwJ for <babel@ietfa.amsl.com>; Tue, 8 Jun 2021 05:14:28 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0B613A2EC4 for <babel@ietf.org>; Tue, 8 Jun 2021 05:14:27 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 158CENDA003763 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <babel@ietf.org>; Tue, 8 Jun 2021 14:14:23 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 158CELt0012442 for <babel@ietf.org>; Tue, 8 Jun 2021 14:14:23 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 262C5DC171 for <babel@ietf.org>; Tue, 8 Jun 2021 14:14:21 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id pv0gAedeO_Hw for <babel@ietf.org>; Tue, 8 Jun 2021 14:14:18 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id CBCB6DC166 for <babel@ietf.org>; Tue, 8 Jun 2021 14:14:12 +0200 (CEST)
Date: Tue, 08 Jun 2021 14:14:12 +0200
Message-ID: <87eedcsgdn.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: babel@ietf.org
References: <87fsxssgem.wl-jch@irif.fr>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/28.0 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: message/rfc822
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Tue, 08 Jun 2021 14:14:23 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Tue, 08 Jun 2021 14:14:23 +0200 (CEST)
X-Miltered: at korolev with ID 60BF5F1F.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 60BF5F1D.003 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 60BF5F1F.002 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 60BF5F1D.003 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 60BF5F1F.002 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 60BF5F1D.003 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/AcQWdG3hwGO0ropYJeM9hfzBIsE>
Subject: [babel] Fwd: [Babel-users] HOWTO: MAC security for Babel
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 12:14:33 -0000
--- Begin Message ---Dear all, A quick tutorial on protecting your Babel network with cryptographic signatures using the Babel-MAC protocol extension. 0. What does MAC security do? ============================= It protects your Babel infrastructure by preventing an attacker from impersonating a Babel router by either spoofing Babel packets or replaying old Babel packets. It does not encrypt your Babel traffic: Babel packets are signed, not encrypted. This means that tcpdump and wireshark can still be used for debugging. It is cheap: you should not see a significant increase in CPU load due to MAC protection, and the per-packet overhead is moderate (51 bytes for SHA-256, 35 bytes for Blake2s-128). It also does not significantly slow down neighbour acquisition: the initial cryptographic handshake is just one packet exchange. It does not protect your non-Babel traffic: for example, it doesn't prevent an attacker from sending data packets from a spoofed IP address; you still need to rely on higher-level (HTTPS, SSH, etc.) or lower-layer (WPA3, OpenVPN, Wireguard) mechanisms for that. However, since Babel-MAC will prevent an attacker from spoofing their location in the network (which router they're using to access the network), it will make it easier to find the attacker and kindly explain to them that there's a bug somewhere. (In no case do we condone the use of physical violence.) MAC security is implemented in babeld master since 2021-05-31 and BIRD master since 2021-06-06. 1. Generate a key ================= Babel-MAC is vulnerable to brute-force attacks, so you should use a strong key. The best way is to generate a random key: dd if=/dev/random bs=32 count=1 | xxd -ps -c32 The security of Babel-MAC relies on this key only being shared with people authorised to announce Babel routes. 2. Install the key on your routers ================================== Babeld ------ On each router running babeld, add the following to the configuration file: key id k1 type hmac-sha256 value fe3c... default key k1 replacing fec3... with your secret key. This will enable MAC protection on all interfaces (you will still need to enable the interfaces, either from the config file or from the command line). Alternatively, you may enable MAC protection on just some interfaces: key id k1 type hmac-sha256 value fe3c... interface eth0 interface wlan0 key k1 Note that babeld supports using multiple configuration files (specify the '-c' option multiple times), but will not reload the files automatically (you'll need to restart babeld whenever you change the keys). BIRD ---- On each router running Bird, add "authentication mac" and "key" options to your interface definitions: protocol babel { interface "eth0" { authentication mac; key fe3c... { algorithm hmac sha256; }; }; } 3. Restart your network ======================= Restart all of your Babel routers. Your routers should associate as previously. If you run tcpdump, you should now see that all Babel packets carry a PC and a MAC: $ sudo tcpdump -n -i wlan0 udp [...] babel 2 (86) hello router-id update/prefix nh update pc | mac 4. Optional: Incremental deployment =================================== If you need to keep your network running, you may deploy MAC protection incrementally by temporarily running your routers in a mode in which they sign packets but don't verify signatures. In a first step, install your keys but tell your routers to accept unsigned packets. In babeld, say accept-bad-signatures true and in Bird authentication mac permissive; After you're satisfied that all routers have the key installed, you may incrementally start restarting your routers with the permissive option switched off. 5. Unimplemented: key rotation ============================== The protocol supports a mode of operation where two keys are used on each interface, and packets are signed by both. This is intended to support key rotation: the new key is added to all routers, then, once this is done, the old key is removed. The current code in babeld doesn't support key rotation, since we haven't been able to find a user interface that's simple and powerful enough to handle all cases (Antonin's code did have support, but the user interface was confusing). The current plan is to gain more experience with MAC protection before we design a user interface for key rotation. 6. Acknowledgments ================== The first MAC algorithm for Babel was designed and implemented by Denis Ovsienko. The current algorithm was designed and initially implemented by Clara Dô, Weronika Kołodziejak, and myself. The code was then extensively massaged by Antonin Décimo. The Bird implementation is due to Toke Høiland-Jørgensen. Also thanks to Étienne Marais and to Julien Muchembled (the latter employed by Nexedi, who are good guys). -- Juliusz _______________________________________________ Babel-users mailing list Babel-users@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users--- End Message ---
- [babel] Fwd: [Babel-users] HOWTO: MAC security fo… Juliusz Chroboczek