IETF Logo Mail Archive

Re: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt

Ray Hunter <v6ops@globis.net> Tue, 26 November 2013 16:22 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95491ADDBF for <ipv6@ietfa.amsl.com>; Tue, 26 Nov 2013 08:22:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IzaiF_8VZd7 for <ipv6@ietfa.amsl.com>; Tue, 26 Nov 2013 08:22:35 -0800 (PST)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id E84F81AC85E for <ipv6@ietf.org>; Tue, 26 Nov 2013 08:22:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 631DE87007B; Tue, 26 Nov 2013 17:22:32 +0100 (CET)
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WHD2spkNreRp; Tue, 26 Nov 2013 17:22:32 +0100 (CET)
Received: from Rays-iMac-2.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 3410B870077; Tue, 26 Nov 2013 17:22:32 +0100 (CET)
Message-ID: <5294CAC7.3060509@globis.net>
Date: Tue, 26 Nov 2013 17:22:31 +0100
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.8 (Macintosh/20130427)
MIME-Version: 1.0
To: Hosnieh Rafiee <ietf@rozanak.com>
Subject: Re: FW: New Version Notification for draft-rafiee-6man-cga-attack-00.txt
References: <20131125140405.14510.36261.idtracker@ietfa.amsl.com> <007701ceea31$05106260$0f312720$@rozanak.com>
In-Reply-To: <007701ceea31$05106260$0f312720$@rozanak.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: marcelo bagnulo braun <marcelo@it.uc3m.es>, Derek Atkins <DAtkins@mocana.com>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 16:22:37 -0000

Hosnieh Rafiee wrote:
> Here you go! Sorry for typos or bad organization since I wrote it so fast. The next versions will be better.
>
> BTW, as I explained in my previous message, you can bombard me with too many emails but please do not expect immediate answer for the next 3 upcoming days since I will have limited internet access.
>
> -----------smile----------
> Hosnieh
>
>
>
> A new version of I-D, draft-rafiee-6man-cga-attack-00.txt
> has been successfully submitted by Hosnieh Rafiee and posted to the IETF repository.
>
> Filename:	 draft-rafiee-6man-cga-attack
> Revision:	 00
> Title:		 Possible Attack on Cryptographically Generated Addresses (CGA)
> Creation date:	 2013-11-25
> Group:		 Individual Submission
> Number of pages: 7
> URL:             http://www.ietf.org/internet-drafts/draft-rafiee-6man-cga-attack-00.txt
> Status:          http://datatracker.ietf.org/doc/draft-rafiee-6man-cga-attack
> Htmlized:        http://tools.ietf.org/html/draft-rafiee-6man-cga-attack-00
>
>
> Abstract:
>    This document describes the new vulnerabilities with the use of
>    Cryptographically Generated Addresses.
>
I have read this draft and RFC3972.

I agree the CGA information will match in the case mentioned, and thus
it is possible to make CGA verification succeed for two different hashes
for two different values of sec (one with lower sec value being easier
to generate than the other).

But didn't we know that already?

Does this have more to do with how/where CGA is applied or misapplied?

Since the 3 bits of the sec level are copied from the IID, won't any
mismatch in the sec value used to create the hash be picked up by a
simple comparison of the received IID with the machines local IID in the
case of DAD?

i.e. if the attacker sets sec=0 (to allow them to perform a simple fast
search to attack machines using sec =1 ) and the target machine has used
sec =1, the CGA check will pass to step 7, but the source IPv6 address
and the local interface address are different, so the machine knows not
to "waive his rights" to it's own address as you put it, even if the
address was still marked as tentative. If DAD had already completed, I
don't see that this would have any effect.

And the other way on, if the attacker sets sec=1 and the target machine
has sec = 0, the CGA will pass, but finding a collision with sec =1
should be a harder problem to solve, and again the addresses will not match.

So I have to say that I do not understand the novelty of the attack,
unless this is an implementation specific issue, rather than a standards
issue.



>
>
>
>                                                                                   
>
>
> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>

-- 
Regards,
RayH

v2.23.0 | Report a Bug | By Email