IETF Logo Mail Archive

Re: [manet] draft-ietf-manet-smf-sec-threads-01

"Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com> Thu, 19 March 2015 14:52 UTC

Return-Path: <chris.dearlove@baesystems.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B35EE1A039C for <manet@ietfa.amsl.com>; Thu, 19 Mar 2015 07:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSUhYwqKnVrF for <manet@ietfa.amsl.com>; Thu, 19 Mar 2015 07:52:25 -0700 (PDT)
Received: from ukmta3.baesystems.com (ukmta3.baesystems.com [20.133.40.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F26A31A005F for <manet@ietf.org>; Thu, 19 Mar 2015 07:52:24 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.11,430,1422921600"; d="scan'208,217";a="451991985"
Received: from unknown (HELO baemasodc005.greenlnk.net) ([10.108.52.29]) by Baemasodc001ir.sharelnk.net with ESMTP; 19 Mar 2015 14:52:23 +0000
X-IronPort-AV: E=Sophos; i="5.11,430,1422921600"; d="scan'208,217"; a="95390219"
Received: from glkxh0005v.greenlnk.net ([10.109.2.36]) by baemasodc005.greenlnk.net with ESMTP; 19 Mar 2015 14:52:23 +0000
Received: from GLKXM0002V.GREENLNK.net ([169.254.5.215]) by GLKXH0005V.GREENLNK.net ([10.109.2.36]) with mapi id 14.03.0224.002; Thu, 19 Mar 2015 14:52:23 +0000
From: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
To: Jiazi YI <ietf@jiaziyi.com>
Thread-Topic: draft-ietf-manet-smf-sec-threads-01
Thread-Index: AdBiPuv+Uu/FJELqQuaa9zydQEpR2AAA4b6AAAKxCIAAAbXh4A==
Date: Thu, 19 Mar 2015 14:52:22 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30D40E6FF90@GLKXM0002V.GREENLNK.net>
References: <B31EEDDDB8ED7E4A93FDF12A4EECD30D40E6FEFC@GLKXM0002V.GREENLNK.net> <CAN1bDFz1rR0AjQRY+yv7cX9SSE1Hu-KuXhBdBNa9YpJkgY1jeg@mail.gmail.com> <CAN1bDFw5TeK3-5vMAhQDXGn_uPsEwH4NyJq2Cum3+Xg46UK7Dg@mail.gmail.com>
In-Reply-To: <CAN1bDFw5TeK3-5vMAhQDXGn_uPsEwH4NyJq2Cum3+Xg46UK7Dg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: multipart/alternative; boundary="_000_B31EEDDDB8ED7E4A93FDF12A4EECD30D40E6FF90GLKXM0002VGREEN_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/s02SHboDiVgX692Y7j78NRVLHsM>
Cc: "manet@ietf.org" <manet@ietf.org>, "Thomas Heide Clausen (thomas@thomasclausen.org)" <thomas@thomasclausen.org>
Subject: Re: [manet] draft-ietf-manet-smf-sec-threads-01
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 14:52:29 -0000

Even if deciding to limit to NHDP where the issue is between it and an (unknown) alternative, it might be worth indicating which threats are NHDP specific, and which are not. For example the hash attacking is not NHDP specific. (Depending on which is most common, which could be called out as an exception, possibly by section.)

--
Christopher Dearlove
Senior Principal Engineer, Information Assurance Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194 |  Fax: +44 1245 242124
chris.dearlove@baesystems.com<mailto:chris.dearlove@baesystems.com> | http://www.baesystems.com

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687

From: yi.jiazi@gmail.com [mailto:yi.jiazi@gmail.com] On Behalf Of Jiazi YI
Sent: 19 March 2015 14:02
To: Dearlove, Christopher (UK)
Cc: manet@ietf.org; Thomas Heide Clausen (thomas@thomasclausen.org); Ulrich Herberg (ulrich@herberg.name)
Subject: Re: draft-ietf-manet-smf-sec-threads-01


*** WARNING ***
This message originates from outside our organisation, either from an external partner or the internet.
Consider carefully whether you should click on any links, open any attachments or reply.
For information regarding Red Flags that you can look out for in emails you receive, click here<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Red%20Flags.pdf>.
If you feel the email is suspicious, please follow this process<http://intranet.ent.baesystems.com/howwework/security/spotlights/Documents/Dealing%20With%20Suspicious%20Emails.pdf>.
Dear all,

One of Chris' comments is:

- Section 3, para 1, last sentence. Some of the threats discussed in this document assume RFC 6130, but some don't. And limiting across the board to when using RFC 6130 is, I think, too limiting.

The sentence mentioned is:

This document assumes that NHDP is used.

The co-authors have discussed about this issue before. One of the reasons we had this assumptions is that, to the best of our knowledge, NHDP is the only layer-3 protocol currently used for SMF.
There are probably some L2 neighbour detection mechanisms, but NHDP is still required to get 2-hop neighbour information.

As our knowledge is limited, we would therefore, ask the WG if there are other mechanisms that used as a replacement of NHDP in SMF.
It is appreciated if related information can be provided, so that we can consider it in this SMF security-threats draft.

regards

Jiazi



On Thu, Mar 19, 2015 at 1:44 PM, Jiazi YI <yi@lix.polytechnique.fr<mailto:yi@lix.polytechnique.fr>> wrote:
Thanks very much, Chris.

We have identified some of the errors in the draft, but haven't had chance to make a new submission yet -- will do as soon as the submission system is available next Monday, merging your comments.

regards

Jiazi

On Thu, Mar 19, 2015 at 1:20 PM, Dearlove, Christopher (UK) <chris.dearlove@baesystems.com<mailto:chris.dearlove@baesystems.com>> wrote:
I have read draft-ietf-manet-smf-sec-threads-01 and found a higher level of typographic and other nits than I might have expected from a document that's passed WGLC. My review comments below will cover what I have to say, I think another draft is called for.

Wearing my just agreed Document Shepherd hat on this, I haven't yet consulted the mailing list history to see what comments have been made on it, but if anyone has reviewed it and commented or not commented, please let me (via the list) know.

- There are quite a few uses of which that I'm sure the RFC editor (who is hot on this) will want to turn into uses of that. I'm not going to discuss those (and the related whether they should have a comma before) here.
- Section 1 line 1, of -> to
- Section 1 para 4 vecors -> vectors
- Section 1 para 5 and elsewhere. I think most references to RFC 7183 should be to RFC 7182. As a reminder, RFC 7182 is the generic framework, RFC 7183 is its specific application to OLSRv2 and NHDP.
- Section 2, it's usual to quote from RFC 2119 if referencing it. But I'm not sure an informational document should be using RFC 2119 language. There is, I think, terminology from RFC 6130 used - MANET router is defined there (unless also repeated in RFC 6621, I've not checked).
- Section2, definition of compromised SMF router, the words "present in the network@ are redundant, as attacker includes that.
- Section 3, line 2 orde -> order
- Section 3, para 1, last sentence. Some of the threats discussed in this document assume RFC 6130, but some don't. And limiting across the board to when using RFC 6130 is, I think, too limiting.
- Section 3, first bullet draing ->draining
- Section 3, last para forforwarding -> for forwarding
- Section 3, last para certain part -> certain parts
- Section 3, last para. Need a reference for MPR-CDS.
- Section 4.1 para 1, penultimate line received packet -> received packets
- Section 4.1 para 1, penultimate line determine the coming packet -> determine whether the incoming packet
- Section 4.1.1 first para IP source IP -> source [IP] address
- Section 4.1.1 could discuss timestamps and whether they would be effective. (Not very I think, but should be discussed.]
- Section 4.1.1 the first two paragraphs are discussing different things. Both are important, but they need clearly separating. One is future prediction of sequence numbers (which a timestamp would limit the future horizon). The other is what one might call fast misforwarding with malice. The latter is immune to timestamps, and even to using randomised sequence numbers.
- Section 4.1.2 I'm not sure what the benefits of modifying sequence numbers are over just creating a new packet. Greater verisimilitude?
- Section 4.2 para 2, the probability of collision is critical here, but I guess that is SMF's job, not that here.
- Section 4.2.1 last paragraph, the jitter bypassing is another way (other than a wormhole) to achieve this. This shows that there is a fuzzy boundary between what's in 4.1.1 and 4.2.1.
- Section 4.2.2 (which I like the pointing out of the dangers of selective use of HAV) there's a countermeasure by always using HAV on all packets if it's felt it's likely to be useful on some.
- Section 5.2.2 para 2, 2x of a -> than a
- Section 5.4 para 2, I think this is a weak argument. I think the conclusion is true, but just "A has weakness, B has weakness, this is A and B, therefore has weakness" needs at least a step of "and the combination does nothing to address the weakness".
- Section 6, para 3 is assuming that you are using a single key (or small numbers of keys). I think all the examples in RFC 7182 (which is main issue) are small numbers of keys, and that in RFC 7183 (sic) definitely is. But the3 RFC 7182 framework permits other options, we are trying to get one (IBS) standardised. Should timestamps be mentioned here?
- Section 6 final para are we talking about RFC 5444 hop limit (never TTL, even for IPv4)? If so, as I think, this implicitly assumes use of RFC 7182 applied to messages. Applied to packets (hop by hop) the hop limit is protected. As IP packets only travel one hop, their TTL is not critical.
- Section 7 could be a bit stronger and say the whole document is security considerations.
- Section 8 doesn't have the usual "RFC Editor may remove" text.
- References. I'm not sure why the specific normative/informative split. Why is 5614 normative when 6130 is informative? What is a normative reference in a document such as this? As previously noted, 7182 should definitely be here, 7183, maybe, maybe not.

--
Christopher Dearlove
Senior Principal Engineer, Information Assurance Group
Communications, Networks and Image Analysis Capability
BAE Systems Advanced Technology Centre
West Hanningfield Road, Great Baddow, Chelmsford, CM2 8HN, UK
Tel: +44 1245 242194<tel:%2B44%201245%20242194> |  Fax: +44 1245 242124<tel:%2B44%201245%20242124>
chris.dearlove@baesystems.com<mailto:chris.dearlove@baesystems.com> | http://www.baesystems.com

BAE Systems (Operations) Limited
Registered Office: Warwick House, PO Box 87, Farnborough Aerospace Centre, Farnborough, Hants, GU14 6YU, UK
Registered in England & Wales No: 1996687


********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

v2.23.0 | Report a Bug | By Email