[mif-arch-dt] Proposed Security Considerations text for arch draft
Suresh Krishnan <suresh.krishnan@ericsson.com> Mon, 21 October 2013 14:34 UTC
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: mif-arch-dt@ietfa.amsl.com
Delivered-To: mif-arch-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4450711E8400 for <mif-arch-dt@ietfa.amsl.com>; Mon, 21 Oct 2013 07:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.421
X-Spam-Level:
X-Spam-Status: No, score=-102.421 tagged_above=-999 required=5 tests=[AWL=0.178, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0NuBoarf185p for <mif-arch-dt@ietfa.amsl.com>; Mon, 21 Oct 2013 07:34:41 -0700 (PDT)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by ietfa.amsl.com (Postfix) with ESMTP id D58EB11E8591 for <mif-arch-dt@ietf.org>; Mon, 21 Oct 2013 07:34:20 -0700 (PDT)
X-AuditID: c618062d-b7fda8e0000024c6-36-52653b6cd35e
Received: from EUSAAHC008.ericsson.se (Unknown_Domain [147.117.188.96]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 8B.98.09414.C6B35625; Mon, 21 Oct 2013 16:34:20 +0200 (CEST)
Received: from [142.133.113.185] (147.117.188.134) by smtps-am.internal.ericsson.com (147.117.188.96) with Microsoft SMTP Server (TLS) id 14.2.328.9; Mon, 21 Oct 2013 10:34:19 -0400
Message-ID: <52653AC5.6040907@ericsson.com>
Date: Mon, 21 Oct 2013 10:31:33 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Dmitry Anipko <Dmitry.Anipko@microsoft.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [147.117.188.134]
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmplluLIzCtJLcpLzFFi42KZXLonQTfHOjXIoPWhksXBFc1MFq0nO1gd mDyWLPnJ5NG64y97AFMUl01Kak5mWWqRvl0CV0bL6gWsBZ0CFQd7zrE3MM7n7WLk5JAQMJFo nHWICcIWk7hwbz1bFyMXh5DAUUaJ9pU/WEASQgI7GSXu73IDsXkFtCWuv1nFCGKzCKhKLHu9 GMxmAxq0YednsEGiAmES989BDOUVEJQ4OfMJ2BwRAX2J7lXz2EFsZgFDie3XX7OC2MICthLv Py1hgThCUmLbomNQNXoSU662MELY8hLb385hhrhHU2Lrmu+sEPXKEv/erWCZwCg4C8m6WUja ZyFpX8DIvIqRo7Q4tSw33chgEyMwKI9JsOnuYNzz0vIQozQHi5I475e3zkFCAumJJanZqakF qUXxRaU5qcWHGJk4OKUaGFu0KxZLcP61YT/26Xw745yZN1sDRNtldfSONl1wyXrAFDn1sfB7 pjMaie1Hv3FIVW9XbdpU+KOF9b6koh7DpHPX5yaEmW7kmKAbo80xL19aW5hrycyw34Y/2rbc YPmv9c32XP2es6cmpO5ikO7lWx4/9aJoX/LlDvmKOHMVv+b5yZcs7uuwKrEUZyQaajEXFScC ADuT0TwYAgAA
Cc: "mif-arch-dt@ietf.org" <mif-arch-dt@ietf.org>
Subject: [mif-arch-dt] Proposed Security Considerations text for arch draft
X-BeenThere: mif-arch-dt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: MIF Architecture Design Team mailing list <mif-arch-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif-arch-dt>, <mailto:mif-arch-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif-arch-dt>
List-Post: <mailto:mif-arch-dt@ietf.org>
List-Help: <mailto:mif-arch-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif-arch-dt>, <mailto:mif-arch-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 14:34:54 -0000
9. Security Considerations There are at least three different form of attacks [ARCH-DT:feel free to add more] that can be performed using configuration sources that use multiple provisioning domains. * Tampering with configuration information provided An attacker may attempt to modify the information provided inside the PVD container option. These attacks can easily be prevented by using the message integrity features provided by the underlying protocol used to carry the configuration information. e.g. SEND [RFC3971] would detect any form of tampering with the RA contents and the DHCPv6 AUTH option [RFC3315] that would detect any form of tampering with the DHCPv6 message contents. This attack can also be performed by a compromised configuration source by modifying information inside a specific , in which case the mitigations proposed in the next subsection may be helpful. * Rogue configuration source A compromised configuration source such as a router or a DHCPv6 server may advertise information about PvDs that it is not authorized to advertise. e.g. A coffee shop may advertise configuration information purporting to be from an enterprise and may try to attract enterprise related traffic. The only real way to avoid this is that the PvD related configuration container contains embedded authentication and authorization information from the owner of the PvD. Then, this attack can be detected by the client by verifying the authentication and authorization information provided inside the PVD container option after verifying its trust towards the PvD owner (e.g. a certificate with a well-known/common trust anchor). * Replay attacks A compromised configuration source or an on-link attacker may try to capture advertised configuration information and replay it on a different link or at a future point in time. This can be avoided by including some replay protection mechanism such as a timestamp or a nonce inside the PvD container to ensure freshness of the provided information.
- [mif-arch-dt] Proposed Security Considerations teā¦ Suresh Krishnan
- Re: [mif-arch-dt] Proposed Security Considerationā¦ Dmitry Anipko