IETF Logo Mail Archive

Re: [Mip4] WGLC Comments: draft-ietf-mip4-mobike-connectivity-01.txt

Vijay Devarapalli <vijay.devarapalli@azairenet.com> Fri, 15 December 2006 07:40 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gv7gg-00081b-H7; Fri, 15 Dec 2006 02:40:58 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gv7gf-00081S-MU for mip4@ietf.org; Fri, 15 Dec 2006 02:40:57 -0500
Received: from mail2.azairenet.com ([66.92.223.6]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gv7ge-0005SC-Bz for mip4@ietf.org; Fri, 15 Dec 2006 02:40:57 -0500
Received: from [127.0.0.1] ([66.92.223.6]) by mail2.azairenet.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Dec 2006 23:40:55 -0800
Message-ID: <45825186.1060908@azairenet.com>
Date: Thu, 14 Dec 2006 23:40:54 -0800
From: Vijay Devarapalli <vijay.devarapalli@azairenet.com>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: Sami Vaarala <sami.vaarala@iki.fi>
Subject: Re: [Mip4] WGLC Comments: draft-ietf-mip4-mobike-connectivity-01.txt
References: <C24CB51D5AA800449982D9BCB903251335E9FB@NAEX13.na.qualcomm.com> <4581E938.6080400@levkowetz.com> <4581EBE9.6010607@azairenet.com> <45823A04.4020800@iki.fi> <458245F4.7030905@azairenet.com> <45824C9B.7070905@iki.fi>
In-Reply-To: <45824C9B.7070905@iki.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 15 Dec 2006 07:40:55.0602 (UTC) FILETIME=[5AB03920:01C7201C]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d
Cc: "Narayanan, Vidya" <vidyan@qualcomm.com>, Mobile IPv4 Mailing List <mip4@ietf.org>, Henrik Levkowetz <henrik@levkowetz.com>
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Errors-To: mip4-bounces@ietf.org

Sami Vaarala wrote:
> Vijay Devarapalli wrote:
>> Sami Vaarala wrote:
>>> Vijay Devarapalli wrote:
>>>> Henrik Levkowetz wrote:
>>>>
>>>>>> Also, I think it is worth mentioning that enterprise IP addresses 
>>>>>> may be
>>>>>> visible on untrusted networks, due to transmission of the RRQ, while
>>>>>> bypassing the VPN - the i-HA IP address will be available in the 
>>>>>> clear. 
>>>>>
>>>>> New topic here.  The observation seems to be correct.  I'll leave 
>>>>> it up to
>>>>> the authors whether they want to comment further on this.
>>>>
>>>> We could add the following text in the Security
>>>> Considerations section.
>>>>
>>>>    When the mobile node sends a registration request to the i-HA 
>>>> from an
>>>>    untrusted network that does not go through the IPsec tunnel, it may
>>>>    be leaking the i-HA's address and its own home address to the
>>>>    untrusted network.  This may be a concern in some deployments.
>>>
>>> I can live with that, though I think the potential concern is a bit 
>>> wider.
>>> How about this:
>>>
>>>     When the mobile node sends a registration request to the i-HA 
>>> from an
>>>     untrusted network that does not go through the IPsec tunnel, the 
>>> request
>>>     leaks some information possibly useful for an attacker.  In 
>>> particular,
>>>     the request reveals the i-HA address (and other address 
>>> information),
>>>     the user's NAI (if present), and may provide data which allows an
>>>     off-line brute-force attack on the MN-HA authentication key.
>>>
>>> I guess an underlying assumption here has been that the i-MIP setup 
>>> is not
>>> considered to be confidential.  Some users may be uncomfortable with 
>>> their
>>> username (NAI) being revealed.
>>
>> None of these registration requests from the untrusted
>> network including the registration request from the
>> mobile node make to the i-HA. They are all dropped at
>> the Enterprise firewall.
> 
> When the MN visits an untrusted network and attempts to send an RRQ to
> the i-HA, the RRQ is visible potentially to anyone, including any
> attackers.  The RRQ has an authenticator (which may be, for instance,
> HMAC-based).  Given the full RRQ packet, a brute force attack on the
> HMAC key can be launched; this is an off-line attack because all you
> need is the RRQ and you can begin churning away on possible HMAC keys,
> the MN-HA authentication data will give you the correct answer for
> comparison.  This attack doesn't involve the i-HA in any way, all you
> need is the RRQ packet.

RFC 3344 is susceptible to this attack.

Vijay

> 
>> BTW, this text needs to be added to
>> draft-ietf-mip4-vpn-problem-solution too.
> 
> Yup, already added.
> 
> BR,
> 
> -Sami


-- 
Mip4 mailing list: Mip4@ietf.org
    Web interface: https://www1.ietf.org/mailman/listinfo/mip4
     Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/

v2.23.0 | Report a Bug | By Email