Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
mohamed.boucadair@orange.com Mon, 02 November 2020 08:47 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD8E3A0980 for <madinas@ietfa.amsl.com>; Mon, 2 Nov 2020 00:47:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4xQIps27-IM for <madinas@ietfa.amsl.com>; Mon, 2 Nov 2020 00:46:58 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95B613A03C9 for <madinas@ietf.org>; Mon, 2 Nov 2020 00:46:58 -0800 (PST)
Received: from opfedar03.francetelecom.fr (unknown [xx.xx.xx.5]) by opfedar25.francetelecom.fr (ESMTP service) with ESMTP id 4CPmk92lX1z8sql; Mon, 2 Nov 2020 09:46:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1604306817; bh=DStglKgwCt7z9B+OCru70IeMObWRO8gn1Yf3jxX1rdw=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=A/i2LIZEsq2pyEbDv8ZpqHRNmYkDcKg6e3henOk7HWbB2D9OnwizR9FcttDfl7B5+ +M4sigcmTYn8P4DH/VAqjrEvhX50B5EduIJJicnQPGda+KymRsQM08kqDgXBf7zVJX aiqACcvKAjFTj4Dszmzf16MHoeQYdIyfpXsZMHEtrewmv15dJgUJ5+5eYaDKdwEwfJ PSK8vL8vUNv5Pm8lDDqxKxX14oCL+ivoYcVyZtBmvQq7w1T4zRX8C3dAfLbg7NT9AQ attqNcRVFFXGRxMvKeNJ3953gNF0efke4FDDw6q2zubvmsF/xZlWFbBwH2QDaTqgyf HItEA7KXpSxvQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.104]) by opfedar03.francetelecom.fr (ESMTP service) with ESMTP id 4CPmk920W6zCqkS; Mon, 2 Nov 2020 09:46:57 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Carsten Bormann <cabo@tzi.org>
CC: "madinas@ietf.org" <madinas@ietf.org>
Thread-Topic: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
Thread-Index: AQHWsPLM8Ap1/RcMskKWP2j+3niIO6m0hBPQ
Date: Mon, 02 Nov 2020 08:46:56 +0000
Message-ID: <7966_1604306817_5F9FC781_7966_260_1_787AE7BB302AE849A7480A190F8B93303156D404@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <160407478723.4708.16590139659517606146@ietfa.amsl.com> <CAHLBt83DN3OxhXbkFKPBh7KbPFvKJKjgdf5UfoGVSsTJh6+H=Q@mail.gmail.com> <E37B8383-CAD6-4D57-BDB4-E7170F3EAE63@tzi.org> <25128_1604304647_5F9FBF07_25128_465_1_787AE7BB302AE849A7480A190F8B93303156D35C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <AB8EF82B-87C7-41A4-9844-163603DBA750@tzi.org>
In-Reply-To: <AB8EF82B-87C7-41A4-9844-163603DBA750@tzi.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/-wa7PVhRm8orhEfUpvtkikIBBOs>
Subject: Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 08:47:00 -0000
Re-, Please see inline. Cheers, Med > -----Message d'origine----- > De : Carsten Bormann [mailto:cabo@tzi.org] > Envoyé : lundi 2 novembre 2020 09:33 > À : BOUCADAIR Mohamed TGI/OLN <mohamed.boucadair@orange.com> > Cc : madinas@ietf.org > Objet : Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: > madinas -- MAC Address Device Identification for Network and > Application Services > > Hi Med, > > > On 2020-11-02, at 09:10, <mohamed.boucadair@orange.com> > <mohamed.boucadair@orange.com> wrote: > > > > Hi Carsten, > > > > The DDoS attack in the slides is ** from ** a compromised device > in a home network. > > > > Instead of deploying filters at the ISP side, which may impact the > overall services offered to the home (collateral damage), the > filtering is done at the CPE: the CPE should identify and then > isolate the compromise device. > > > > The identification can be based on the MAC @, but as mentioned in > the slides changing the MAC@ can bypass the filtering. > > I think I understand all that. > > > Randomization will further exacerbate this. > > This is the part where I’m not sure that the impact is significant. [Med] This will depend on how frequent the change will occur (or will be told to occur). > Once these countermeasures are widely deployed, attackers will do > counter-countermeasures. It is easy to change a MAC address on a > compromised device. Also, I don’t think MAC address randomization > is effective enough to thwart the countermeasure (too slow time > frames), so attackers will have every incentive to do their own MAC > address changing. [Med] Agree. This is the message in the last slide. > > Instead, I think we need to work on effectively jailing IoT devices > in the home without trying to cop out by using the MAC address as a > selector. [Med] That’s a good target. Interim targets may be, for example, to locally coordinate MAC changes if a device want to continue be granted connectivity access. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Madinas] New Non-WG Mailing List: madinas -- MAC… IETF Secretariat
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… Carsten Bormann
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… mohamed.boucadair
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… Carsten Bormann
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… mohamed.boucadair
- Re: [Madinas] [dhcwg] [Int-area] BoF and Non-WG M… Michael Richardson
- Re: [Madinas] [dhcwg] [Int-area] BoF and Non-WG M… mohamed.boucadair
- [Madinas] identities for legitimate devices Michael Richardson
- Re: [Madinas] identities for legitimate devices mohamed.boucadair