IETF Logo Mail Archive

RE: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt

"Hosnieh Rafiee" <ietf@rozanak.com> Fri, 29 November 2013 07:31 UTC

Return-Path: <ietf@rozanak.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B60F1AE140 for <ipv6@ietfa.amsl.com>; Thu, 28 Nov 2013 23:31:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x1rp-URwC2rh for <ipv6@ietfa.amsl.com>; Thu, 28 Nov 2013 23:31:43 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by ietfa.amsl.com (Postfix) with ESMTP id 963451AE13A for <ipv6@ietf.org>; Thu, 28 Nov 2013 23:31:43 -0800 (PST)
Received: from kopoli (g231248182.adsl.alicedsl.de [92.231.248.182]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0MfFh4-1Vxnmc0pdS-00P6Wr; Fri, 29 Nov 2013 02:31:41 -0500
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'George Michaelson' <ggm@algebras.org>
References: <005701ceec99$f54ae240$dfe0a6c0$@rozanak.com> <CAKr6gn1VvUiY426X9Y-x4xpQdbBT2Qp6A77jhhO_D6QCbe71XA@mail.gmail.com>
In-Reply-To: <CAKr6gn1VvUiY426X9Y-x4xpQdbBT2Qp6A77jhhO_D6QCbe71XA@mail.gmail.com>
Subject: RE: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt
Date: Fri, 29 Nov 2013 08:31:32 +0100
Message-ID: <000101ceecd5$0b6dfdb0$2249f910$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIHA3I6hcVt78STKY72lRqNwqmUygHK0Cyqmb1L5uA=
Content-Language: en-us
X-Provags-ID: V02:K0:Ke0GmtAe6gkOC/Tmq1r+lbnDNE7U9y+i/THMfZepMxB I7kUsYICfKMud3wIx69R86YwU4/GlfYZUraUikQY3xfSw/XwCD ejqxWno0Z/VVPeM3LOsLKLrYxp4lfMoQvfj/BvwRbT02ixV4LQ 05o+oI9Ew6sV2va6rLw2nFjtoZawmowkAtwtzFsAbjWdQFsaPM oYPCfrvcb0fN79mM34yLguDuOnUBrgXHfnmjHlzGGQ8Rg6WbHw kLjexejcbmhD7yXWgCL5iZt7BVHZj21KITIjQ8i/B9pdKyY69+ L5t0gFF2CM7pVt5no0tPVDBHznNJAKRFzbE950BRBQKkKJHF8c 39SOognGSe3JMYv5CBzI=
Cc: 'marcelo bagnulo braun' <marcelo@it.uc3m.es>, 'Ray Hunter' <v6ops@globis.net>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Nov 2013 07:31:44 -0000

>forgive neophyte questions: the attacker, using this hash-collision
mechanism, has effectively gained the right to subvert *one* CGA identified
host, right?

Yes, true.

>and, they still have to achieve path injection, spoofed source, TCP/IP
sequencing &c, in order to exploit this attack, against this one host.
right?

Yes, This is actually what I am trying to say and all of this is because of
the combination of NDP with CGA and forgetting some steps in verifications.

>and, the cost of that one host, and its location, is not of the attackers
chosing: they don't know in advance, that they can gain entry to any
specific CGA, so they cannot direct the attack against a known CGA endpoint:
they opportunisitically can attack *SOME* CGA, by virtue of the hash
collision: its not clear if its a high- or a low- value endpoint.

That is true. You are the attacker, join network and eavesdrop and now want
to forge the identity of the nodes. CGA claimed to make it harder but it is
not as hard as we thought before.

Smile,
Hosnieh

v2.23.0 | Report a Bug | By Email