[Hipsec] About the HICCUPS draft

Miika Komu <mkomu@cs.hut.fi> Mon, 08 March 2010 11:36 UTC

Return-Path: <mkomu@cs.hut.fi>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A435C3A6959 for <hipsec@core3.amsl.com>; Mon, 8 Mar 2010 03:36:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opXITOW+HZsx for <hipsec@core3.amsl.com>; Mon, 8 Mar 2010 03:36:30 -0800 (PST)
Received: from hutcs.cs.hut.fi (hutcs.cs.hut.fi [130.233.192.7]) by core3.amsl.com (Postfix) with ESMTP id B59D43A68A7 for <hipsec@ietf.org>; Mon, 8 Mar 2010 03:36:30 -0800 (PST)
Received: from hutcs.cs.hut.fi ([130.233.192.7] helo=[127.0.0.1]) by hutcs.cs.hut.fi with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.54) id 1NobGC-0006uI-Fj; Mon, 08 Mar 2010 13:36:32 +0200
Message-ID: <4B94E140.2020301@cs.hut.fi>
Date: Mon, 08 Mar 2010 13:36:32 +0200
From: Miika Komu <mkomu@cs.hut.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9pre) Gecko/20100304 Shredder/3.0.4pre
MIME-Version: 1.0
To: hip WG <hipsec@ietf.org>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi>
Subject: [Hipsec] About the HICCUPS draft
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 11:36:31 -0000

----- Forwarded message from Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi> -----
     Date: Thu, 04 Mar 2010 14:29:31 +0200
     From: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi>
Reply-To: Dmitrij Lagutin <Dmitrij.Lagutin@hiit.fi>
  Subject: About the HICCUPS draft
       To: hipsec@ietf.org

Dear all,


I have been working at Helsinki Institute for Information Technology (HIIT)
with the technology called Packet Level Authentication (PLA). PLA aims to
provide availability and hop-by-hop authentication on the network layer 
through
cryptographic signatures. The main idea is to give intermediate nodes 
means to
detect modified, duplicated and delayed packets, these packets can be then
dropped immediately before they even reach the destination.

Miika Komu and others suggested me combining principles of PLA with HIP 
since
they mostly complement each other. The HICCUPS draft seems to be a good 
place
for that. Some of my ideas are listed below.

- Could the possibility of more extensive hop-by-hop verification be 
included in
the security considerations chapter (7.) of the draft?

- A timestamp added to HICCUPS parameters would allow detection of 
significantly
delayed packets. A global time synchronization mechanism would not be 
absolutely
necessary.

- A separate sequence number added to every HICCUPS packet would allow 
detection
of duplicated packets (which can be used in replay attacks). In contrast to
SEQ_DATA packet, this sequence number would not be ACKed.


Best regards,
Dmitrij Lagutin
Researcher, Helsinki Institute for Information Technology

----- End forwarded message -----