IETF Logo Mail Archive

Re: [homenet] Securing HNCP - comments?

Dave Taht <dave.taht@gmail.com> Fri, 27 June 2014 06:51 UTC

Return-Path: <dave.taht@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8CDF1B3171 for <homenet@ietfa.amsl.com>; Thu, 26 Jun 2014 23:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YL0qRuCD2_32 for <homenet@ietfa.amsl.com>; Thu, 26 Jun 2014 23:51:03 -0700 (PDT)
Received: from mail-oa0-x229.google.com (mail-oa0-x229.google.com [IPv6:2607:f8b0:4003:c02::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 975FF1B2AD4 for <homenet@ietf.org>; Thu, 26 Jun 2014 23:51:03 -0700 (PDT)
Received: by mail-oa0-f41.google.com with SMTP id l6so5148100oag.14 for <homenet@ietf.org>; Thu, 26 Jun 2014 23:51:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=xc1I+4lfx7Dz/S7dTQE3xixhrWp5SEAVoAackvC0+NE=; b=PBCOKKJj4nlX/BY3wZMwCruk+WdFyVEr59/kM/Mj9S6q+gpik9Lw1FI2VP050klVrn U20Ck0Eae+qreg5+HW5uV5m/AFo09ccSYTMnE64rNwv8EWgyBQvjRwAW18d3ELDLOgHi uD9ipfo6JCZlLqu0nIZ3n6Htv0jIuAw1LmAmYlyabhJ2fMaDMHW5yJCFmdqK7slDHkFk cXPvFjA5PvAfFuQswa+HeZ3wrFFept02Y8ioLlP9P1sEc5EUAJh+pyYQkMm0oSabfbD4 Lx6ng4DSRrXOhZ9WWYZwG6cCfRDFg3k9Nc4gqMmAxQnxIHM5pd3iO+e1i0rG8Vt598vW jqOw==
MIME-Version: 1.0
X-Received: by 10.182.246.73 with SMTP id xu9mr21230162obc.63.1403851862038; Thu, 26 Jun 2014 23:51:02 -0700 (PDT)
Received: by 10.202.48.200 with HTTP; Thu, 26 Jun 2014 23:51:01 -0700 (PDT)
In-Reply-To: <54D995D5-6DC9-4AF6-98F9-42A6DC351CA5@iki.fi>
References: <54D995D5-6DC9-4AF6-98F9-42A6DC351CA5@iki.fi>
Date: Thu, 26 Jun 2014 23:51:01 -0700
Message-ID: <CAA93jw6SEajcB9Tr-ONYcZE9BYgGVfYx+dE4BL9PXVEZkB6pWw@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: Markus Stenberg <markus.stenberg@iki.fi>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/ReG5C21XVQw2n3qpLzuGPYW5or0
Cc: "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] Securing HNCP - comments?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 06:51:06 -0000

I have been watching this draft evolve now for a while, on
authenticated routing exchanges. Perhaps it would provide some insight
on 3 and 4 below.

http://tools.ietf.org/html/draft-ovsienko-babel-hmac-authentication-09

running code (in quagga, only, at present).

On Thu, Jun 26, 2014 at 11:34 PM, Markus Stenberg
<markus.stenberg@iki.fi> wrote:
> (This could have been a draft too, but I’m starting my vacation soon and I don’t want to post any more of those. Sorry.-Markus)
>
> Current HNCP draft specifies security very vaguely, as it was originally based on just some napkin thoughts last year on ‘it would be nice to have authenticated TLVs’.
>
> However, what are we protecting against, how, and should we go through the trouble at all? For all of these attacks, we have to assume _some_ network level access to a home network.
>
> Let us consider potential attacks and their applicability on a home network:
>
> [1] Pretend to be a client: no, we cannot protect against this, all clients are not currently authenticated and not in foreseeable future either. 802.1x not to even mention MACSec support on wired ports is mostly nonexistent in home routers.
>
> [2] Replace upstream router on the upstream link. We cannot do anything about this, and as your packets already go to e.g. NSA, assumption of privacy is moot so this battle is lost. This attack may be harder to mount due to upstream link being typically wired, hard to reach, etc.

To me an authenticated exchange could add meat to the "I'm home", or
"at work" concepts much like how windows works today. Homeplug
devices, for example, have the concept of "pairing", as does
bluetooth, and a few other technologies.

We're still screwed on rogue routers by things like mac spoofing, but
at a higher level you could periodically be doing a challenge/response
to the gateway router to ensure you are talking to the right thing, or
(as per the above link) prefer authenticated routes.

> [3] Pretend to be upstream router on some other link. We can protect against this with fixed categories of interfaces, but securing HNCP has nothing to do with it as upstream router doesn’t talk HNCP.
>
> [4] Pretend to be an inner router.
>
> What are their implications?
>
> [1]: Any resource in-home _can_ be accessed and there is not much that can be done given access to a non-guest link.

What often happens today is a mac filter list, which is somewhat effective.

> [2,3]: Any traffic on the Internet is public (and what else is new?).

How does this bear on hncp?

>
> [4]: If impersonation is possible, man-in-the-middle and potentially denial of service attacks on home network become possible.

impersonation in a routed environment has some interesting subtleties to it.
Take a world where you have a rogue device participate in the local
routing protocol and announce that it's on 75.75.75.75 (comcast's
dns), or 8.8.8.8, but is really acting as a dns server and sending
upstream requests to a rogue dns server (a-la dnschanger)

(this is partially why I made a big push to put bcp38 on, on, in
cerowrt, by default)

>
> How could [4] be prevented then? In ascending order of complexity..
>
> [S4-1] Manual configuration of categories overriding automated border discovery. Defining either in the actual router product, or via configuration which interfaces to talk HNCP (and RP) on, where potential upstream links may never be, can be or always are.
>
> [S4-2] Punt on security in HNCP, and just use e.g. IPsec with manual keying as currently specified in the draft. Setting up the shared PSK for the set of routers is left to the as manual configuration exercise for the owner of the devices.
>
> [S4-3] HNCP-level PSK shared among all routers. Same bootstrap issues as [S4-2], may be able to get rid of manually keyed IPsec dependency.
>
> [S4-4] Some public key cryptography solution operating with just raw keys (there is a draft in the works on how to do this in HNCP)
>
> [S4-5] Some public key cryptography solution with CA hierarchy (similar to behringer-bootstrap)
>
> The big question is, are the S4-3+ really worth it? And what is the sane way to do it if they are? Can we actually become RFC with just S4-1 and S4-2? In case we go for public key-cryptography: what do we do about routing protocols mostly relying on shared secrets for authentication?
>
> - Markus and Steven
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet



-- 
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article

v2.23.0 | Report a Bug | By Email