Re: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?

Alexandru Petrescu <alexandru.petrescu@gmail.com> Thu, 14 March 2013 21:46 UTC

Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: mip4@ietfa.amsl.com
Delivered-To: mip4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9AC81F0D11 for <mip4@ietfa.amsl.com>; Thu, 14 Mar 2013 14:46:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.021
X-Spam-Level:
X-Spam-Status: No, score=-10.021 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pqs5k0qP4bAA for <mip4@ietfa.amsl.com>; Thu, 14 Mar 2013 14:46:24 -0700 (PDT)
Received: from sainfoin-out.extra.cea.fr (sainfoin-out.extra.cea.fr [132.167.192.145]) by ietfa.amsl.com (Postfix) with ESMTP id BB1111F0D09 for <mip4@ietf.org>; Thu, 14 Mar 2013 14:46:23 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id r2ELkM4F029924 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <mip4@ietf.org>; Thu, 14 Mar 2013 22:46:22 +0100
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (8.14.4/8.14.4) with ESMTP id r2ELkMqi007628 for <mip4@ietf.org>; Thu, 14 Mar 2013 22:46:22 +0100 (envelope-from alexandru.petrescu@gmail.com)
Received: from [127.0.0.1] ([132.166.86.10]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id r2ELkKJ3021734 for <mip4@ietf.org>; Thu, 14 Mar 2013 22:46:22 +0100
Message-ID: <5142450E.7010803@gmail.com>
Date: Thu, 14 Mar 2013 22:45:50 +0100
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: mip4@ietf.org
References: <514206FE.7050807@gmail.com> <3359F724933DFD458579D24EAC769098857A51DC@Redwood.usa.awardsolutions.com> <51421CB9.1080100@gmail.com> <CD85F32117029D4F9AEF48BDEF5536AB10215B92@xmb-aln-x03.cisco.com> <514223C4.8010905@gmail.com> <CD85F32117029D4F9AEF48BDEF5536AB10215BCB@xmb-aln-x03.cisco.com> <514226A9.9020700@gmail.com> <CD85F32117029D4F9AEF48BDEF5536AB10215C28@xmb-aln-x03.cisco.com> <51422787.5060509@gmail.com> <CD85F32117029D4F9AEF48BDEF5536AB10215C72@xmb-aln-x03.cisco.com> <51422BCB.30409@gmail.com> <CD85F32117029D4F9AEF48BDEF5536AB10215CA7@xmb-aln-x03.cisco.com> <51422D07.9070901@gmail.com> <CD85F32117029D4F9AEF48BDEF5536AB10215CD2@xmb-aln-x03.cisco.com> <3359F724933DFD458579D24EAC769098857A53E5@Redwood.usa.awardsolutions.com>
In-Reply-To: <3359F724933DFD458579D24EAC769098857A53E5@Redwood.usa.awardsolutions.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mip4>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 21:46:25 -0000

I think yes, it may be possible to come up with something that may be 
more secure, and without reliance on timestamps.

I have to read the sequence below better.

I know that in AH of IPsec for Mobile IPv6, the registration works ok 
(BU/BAck) without need of timestamps.  IIRC.

Alex

Le 14/03/2013 21:17, Ahmad Muhanna a écrit :
> I guess Alex has a valid concern.
> In order to avoid this Hacking scenario that Alex mentioned, I suggest the following, especially the MR implementation as Alex mentioned is open and possible for modification.
>
> When the MR sends any RRQ, the MR MUST use a good random number generator and include that in the low 32 bits of the RRQ ID.
> What does this mean?
> When the HA sends RRP with code 133, it always include the same random number that was sent in the RRQ. i.e., The HA will insert its timestamp in the higher order 32 bits of the RRP ID. It also copies the lower 32 bits from the RRQ into the lower 32 bits in the RRP.
>
> How this defeat replay attack:
> When MR receives the RRP, as usual, it compares the lower 32 bits of the RRP ID field to the one that was used in the RRQ and they have to be equal. This means that this RRP with code 133 can be available ONLY once. Assuming a strong random number generator at the MR.
>
> Best Regards,
> Ahmad
>
>
> -----Original Message-----
> From: mip4-bounces@ietf.org [mailto:mip4-bounces@ietf.org] On Behalf Of Kent Leung (kleung)
> Sent: Thursday, March 14, 2013 3:07 PM
> To: Alexandru Petrescu
> Cc: mip4@ietf.org
> Subject: Re: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?
>
> The Authenticator value is different for RRQ vs RRP. The extension carries different value based on the message. The way to calculate the value requires the shared key between MR and HA. So it's not easy for an attacker to know the key.
>
> Kent
>
> -----Original Message-----
> From: Alexandru Petrescu [mailto:alexandru.petrescu@gmail.com]
> Sent: Thursday, March 14, 2013 1:03 PM
> To: Kent Leung (kleung)
> Cc: mip4@ietf.org
> Subject: Re: [Mip4] Does MIP support RegReq authentication without having to do timekeeping?
>
> Le 14/03/2013 20:59, Kent Leung (kleung) a écrit :
>> The RRP1 cannot be faked since the MN-HA Auth Ext protects the
>> message.
>
> I strongly doubt that.  Were it so, then the same extension could protect the first RRQ1 as well.
>
> I believe it is possible for an attacker HA to intercept the initial RRQ1(time=1970), and the RRP1(time=2013) and fake a RREP towards the MR.
>    No?
>
> Alex
>
>>
>> Kent
>>
>> -----Original Message----- From: Alexandru Petrescu
>> [mailto:alexandru.petrescu@gmail.com] Sent: Thursday, March 14, 2013
>> 12:58 PM To: Kent Leung (kleung) Cc: mip4@ietf.org Subject: Re:
>> [Mip4] Does MIP support RegReq authentication without having to do
>> timekeeping?
>>
>> Le 14/03/2013 20:47, Kent Leung (kleung) a écrit :
>>> Hmm, I'm not clear with your response.
>>>
>>> Let's assume the following scenario.
>>>
>>> 1. MR sends initial RRQ1 (time=a) to HA 2. HA sends RRP1 (time=b)
>>> with code 133
>>
>> Ok.  Do you think MR receiving this RRP1 will be able to safele verify
>> it is legitimate?  Or is it possible than an attacker HA fakes this
>> RRP1 message?
>>
>>> 3. MR sends RRQ2 (time=b+) 4. HA sends RRP2(time=b+) => registration
>>> successful 5. After MR recovers from failure, MR sends RRQ3(time=c)
>>> 6. HA sends RRP3(time=d) with code 133 7. MR sends RRQ4(time=d+) 8.
>>> HA sends RRP4(time=d+) => reregistration successful
>>
>> These latter steps 3-8 make sense.
>>
>> Alex
>>
>>>
>>> We would need to confirm if #6 happens properly for a specific
>>> vendor. :) But I would expect #7 should happen if code 133 is
>>> received.
>>>
>>> Kent
>>>
>>> -----Original Message----- From: mip4-bounces@ietf.org
>>> [mailto:mip4-bounces@ietf.org] On Behalf Of Alexandru Petrescu
>>> Sent: Thursday, March 14, 2013 12:40 PM To: mip4@ietf.org Subject:
>>> Re: [Mip4] Does MIP support RegReq authentication without having to
>>> do timekeeping?
>>>
>>> Le 14/03/2013 20:38, Kent Leung (kleung) a écrit :
>>>>
>>>> It needs to have the time, even if it does second registration.
>>>> It's not a problem it takes longer (we can send easily two
>>>> messages). But the second message will also be refused by the HA
>>>> because it still has the wrong time.
>>>>
>>>> KL> Why is the timestamp in the 2nd RRQ wrong?
>>>
>>> Because the computer has lost its time, because it was turned off
>>> long time (vehicle in garage for several weeks in winter time).
>>> It now has year 1970.
>>>
>>> Alex
>>>
>>>>
>>>> Kent
>>>>
>>>>
>>>
>>>
>>> -- Mip4 mailing list: Mip4@ietf.org Web interface:
>>> https://www.ietf.org/mailman/listinfo/mip4 Charter page:
>>> http://www.ietf.org/html.charters/mip4-charter.html Supplemental
>>> site: http://www.mip4.org/
>>>
>>>
>>
>>
>>
>>
>
>
> --
> Mip4 mailing list: Mip4@ietf.org
>      Web interface: https://www.ietf.org/mailman/listinfo/mip4
>       Charter page: http://www.ietf.org/html.charters/mip4-charter.html
> Supplemental site: http://www.mip4.org/
>