[Mobopts] CBA vs. draft-zhao-mip6-rr-ext-01.txt

[Christian Vogt <chvogt@tm.uka.de>]

Hi Fan,

in a previous email, you suggested that the hash-chain mechanism
described in [1] could be an alternative for Credit-Based Authorization.
 I don't agree with that perception.

[1] draft-zhao-mip6-rr-ext-01.txt

In [1], a MN can prove through a chain of hashes that it has
successfully gone through the past i correspondent registrations, where
i is an integer value between 0 and N, and N is initially selected by
the MN.

Like the similar strategy described in [2], your approach can be used to
extend the lifetime of the MN's binding at the CN.

[2] draft-arkko-mipv6-binding-lifetime-extension-00.txt

But a hash chain does not provide any evidence to the CN that a new
care-of address, chosen by the MN, is correct.  An attacker could easily
re-register with the same CN several times, using valid care-of
addresses, in order to increase the length of its hash chain.  If the CN
took this as an indication that the MN's next care-of address can be
trusted, it would be wrong.

The point is that an attacker (alias the MN) does not have to send a
single data packet until its hash chain is long.  But when its hash
chain is long enough to make the CN trustful, the attacker could
register a false care-of address and initate a redirection-based
flooding attack.

Such an attack can have significant amplification given that the
attacker did not send data packets prior to the attack.

Credit-Based Authorization does not have this vulnerability because it
limits the data volume a CN can send to a MN's unverified care-of
address to the data volume that the CN has recently received from that MN.

Take care,
- Christian

-- 
Christian Vogt, Institute of Telematics, University of Karlsruhe
www.tm.uka.de/~chvogt/pubkey/


_______________________________________________
Mobopts mailing list
Mobopts@irtf.org
https://www1.ietf.org/mailman/listinfo/mobopts