RE: [Hipsec] some comments for mm-03
"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Fri, 21 April 2006 21:11 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FX2ub-0007kP-07; Fri, 21 Apr 2006 17:11:33 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FX2ua-0007kK-1I for hipsec@lists.ietf.org; Fri, 21 Apr 2006 17:11:32 -0400
Received: from stl-smtpout-01.boeing.com ([130.76.96.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FX2uY-00074P-Ke for hipsec@lists.ietf.org; Fri, 21 Apr 2006 17:11:32 -0400
Received: from blv-av-01.boeing.com ([192.42.227.216]) by stl-smtpout-01.boeing.com (8.9.2.MG.10092003/8.8.5-M2) with ESMTP id QAA19225; Fri, 21 Apr 2006 16:11:25 -0500 (CDT)
Received: from XCH-NWBH-11.nw.nos.boeing.com (localhost [127.0.0.1]) by blv-av-01.boeing.com (8.11.3/8.11.3/MBS-AV-LDAP-01) with ESMTP id k3LLBP502070; Fri, 21 Apr 2006 14:11:25 -0700 (PDT)
Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Apr 2006 14:11:22 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Hipsec] some comments for mm-03
Date: Fri, 21 Apr 2006 14:11:22 -0700
Message-ID: <77F357662F8BFA4CA7074B0410171B6D01A2F09D@XCH-NW-5V1.nw.nos.boeing.com>
In-Reply-To: <Pine.GSO.4.58.0604050339420.965@kekkonen.cs.hut.fi>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Hipsec] some comments for mm-03
Thread-Index: AcZYg2Qn/gn19RH7T7uqVhaLFSzIWwM/jyjg
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: Miika Komu <miika@iki.fi>, hipsec@lists.ietf.org
X-OriginalArrivalTime: 21 Apr 2006 21:11:22.0673 (UTC) FILETIME=[245DEA10:01C66588]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bf422c85703d3d847fb014987125ac48
Cc:
X-BeenThere: hipsec@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hipsec>
List-Post: <mailto:hipsec@lists.ietf.org>
List-Help: <mailto:hipsec-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@lists.ietf.org?subject=subscribe>
Errors-To: hipsec-bounces@lists.ietf.org
Here is the response to the last batch of initial comments: > -----Original Message----- > From: Miika Komu [mailto:miika@iki.fi] > Sent: Wednesday, April 05, 2006 12:34 AM > To: hipsec@lists.ietf.org > Subject: Re: [Hipsec] some comments for mm-03 > > My last comments, from section six: > > > 6. Security Considerations > > > > If no precautionary measures are taken, an attacker could > misuse this > > feature to impersonate a victim's peer from any arbitrary location. > > s/this/the redirection/ OK > > > If an attacker somehow uses a bug in the implementation or > weakness in > > some protocol to redirect a HIP connection, the original owner can > > always reclaim their connection (they can always prove > ownership of the > > private key associated with their public HI). > > How is this possible if the private key is compromised? As pekka suggested, this case is out of scope. > > > MitM attacks are always possible if the attacker is present > during the > > initial HIP base exchange and if the hosts do not authenticate each > > other's identities, but once the base exchange has taken > place even a > > MitM cannot steal an opportunistic HIP connection because it is very > > difficult for an attacker to create an UPDATE packet (or > any HIP packet) > > that will be accepted as a legitimate update. > > This was mostly a readibility comment. I suggest changing the text as > follows: > > MitM attacks are always possible when the attacker is present > during the > initial HIP base exchange and the hosts do not authenticate > each other's > identities. However, once the opportunistic base exchange has > taken place, > even a MitM cannot steal the HIP connection anymore because it is very > difficult for an attacker to create an UPDATE packet (or any > HIP packet) > that will be accepted as a legitimate update. > OK > > 6.2. Denial of Service attacks > > > This threat is mitigated through reachability checks and > credit-based > > authorization. > > This threat is mitigated through reachability checks and credit-based > authorization strategies. I think Christian would object to this additional word because it may suggest that alternate CBA strategies are equivalent, so I will leave it out. > > > As a result, the combination of a reachability check and > credit-based > > authorization makes a HIP redirection-based flooding attack > as effective > > and applicable as a normal, direct flooding attack in which > the attacker > > itself sends the flooding traffic to the victim. > > As a result, the combination of a reachability check and credit-based > authorization degrades a HIP redirection-based flooding attack to the > level of a direct flooding attack in which the attacker > itself sends the > flooding traffic to the victim. s/degrades/lowers otherwise, I'm OK with the change > > > First, when a reachability packet is received, this nonce > packet MUST be > > ignored if the HIT is not one that is currently active. > > First, when a reachability packet is received, the nonce in the packet > MUST be ignored if the HIT is not one that is currently active. > > What does a currently active HIT mean? You probably mean address... No, I think it pertains to the case when multiple HITs are on a host-- I have tried to clarify this. > > > Second, if the attacker is a MitM asnd can capture this nonce packet > > then it can respond to it, in which case it is possible for > an attacker > > to redirect the connection. > > How? I think it would require the ECHO_REQUEST/RESPONSE to be outside the signature, and for another HIP packet to be available to be replayed. I think that is unlikely scenario in this case. But reading this has raised an interesting question in my mind. Currently, there is no requirement for the nonce to be signed. The base spec and this spec do not specify whether ECHO_REQUEST is inside or outside the signature. Should it be one way or the other? I think that the last paragraph in Section 6.2.1 can be safely deleted. > > > 6.2.2. Memory/Computational exhaustion DoS attacks > > Suggest adding some text that central servers may have to deal with > multiple mobile clients that change their location rapidly. This may > burn too many CPU cycles of the server, and in such a case, > the server may > want to e.g. increase its SA lifetimes or increase cookie > difficulty to > slow down acceptance of new connections. How about: " A central server that has to deal with a large number of mobile clients may consider increasing the SA lifetimes to try to slow down the rate of rekeying UPDATEs or increasing the cookie difficulty to slow down the rate of attack-oriented connections." > > > 6.3. Mixed deployment environment > > s/user/host/ in this section? > s/their/its/ in this section > > I did not get the purpose of this section. If you user A uses > IPsec, user > B does not get anything meaninful even though the IPsec data > is redirected > from A to B. > > > ..connection with and then attempts to use a IPv6 change of address > > request to steal the HIP user's connection. > > ..connection with and then attempts to change its IPv6 > address to steal > the HIP user's connection. s/IPv6/IP/; otherwise OK Also, I changed the last case a little bit as follows: " A HIP host attempts to steal a non-HIP host's session. A HIP host could spoof the non-HIP host's IP address during the base exchange or set the non-HIP host's IP address as its preferred address via an UPDATE. Other possibilities exist but a simple solution is to prevent use of HIP address check information to influence non-HIP sessions." > > > 4. .. > > What is a session here? TCP session? upper layer session-- TCP or otherwise > > > -- > Miika Komu miika@iki.fi http://www.iki.fi/miika/ > > _______________________________________________ > Hipsec mailing list > Hipsec@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/hipsec > _______________________________________________ Hipsec mailing list Hipsec@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hipsec
- [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03 Miika Komu
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] some comments for mm-03: CLOSE vs. U… Pekka Nikander
- Re: [Hipsec] some comments for mm-03: including E… Pekka Nikander
- Re: [Hipsec] some comments for mm-03: Section 6 Pekka Nikander
- Re: [Hipsec] some comments for mm-03: CLOSE vs. U… Jan Mikael Melen
- Re: [Hipsec] some comments for mm-03: CLOSE vs. U… Miika Komu
- Re: [Hipsec] some comments for mm-03: including E… Miika Komu
- Re: [Hipsec] some comments for mm-03: Section 6 Miika Komu
- Re: [Hipsec] some comments for mm-03: including E… Pekka Nikander
- Re: [Hipsec] some comments for mm-03: including E… Miika Komu
- RE: [Hipsec] some comments for mm-03: including E… Henderson, Thomas R
- [Hipsec] mm-03 CBA fixes Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- Re: [Hipsec] mm-03 CBA fixes Pekka Nikander
- Re: [Hipsec] mm-03 CBA fixes Christian Vogt
- RE: [Hipsec] some comments for mm-03 Miika Komu
- Re: [Hipsec] mm-03 CBA fixes Pekka Nikander
- Re: [Hipsec] mm-03 CBA fixes Christian Vogt
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03: including E… Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Henderson, Thomas R
- RE: [Hipsec] some comments for mm-03 Miika Komu