Re: [nemo] comments on new threats
Thierry Ernst <ernst@sfc.wide.ad.jp> Thu, 06 November 2003 09:24 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA00366 for <nemo-archive@lists.ietf.org>; Thu, 6 Nov 2003 04:24:57 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AHgNY-0007wI-78; Thu, 06 Nov 2003 04:24:36 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AHfjn-0005fL-1a for nemo@optimus.ietf.org; Thu, 06 Nov 2003 03:43:31 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29097 for <nemo@ietf.org>; Thu, 6 Nov 2003 03:43:19 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AHfjk-0004zT-00 for nemo@ietf.org; Thu, 06 Nov 2003 03:43:28 -0500
Received: from shonan.sfc.wide.ad.jp ([203.178.142.130]) by ietf-mx with esmtp (Exim 4.12) id 1AHfjj-0004zD-00 for nemo@ietf.org; Thu, 06 Nov 2003 03:43:27 -0500
Received: from galibier.nautilus6.org (unknown [203.178.138.3]) by shonan.sfc.wide.ad.jp (Postfix) with ESMTP id 79FA95D0E5; Thu, 6 Nov 2003 17:42:57 +0900 (JST)
Date: Thu, 06 Nov 2003 17:37:21 +0900
From: Thierry Ernst <ernst@sfc.wide.ad.jp>
To: Souhwan Jung <souhwanj@ssu.ac.kr>
Cc: nemo@ietf.org
Subject: Re: [nemo] comments on new threats
Message-Id: <20031106173721.4ebb7f69.ernst@sfc.wide.ad.jp>
In-Reply-To: <009501c3a41a$519af2c0$2302a8c0@SOUHWANSENSQ>
References: <009501c3a41a$519af2c0$2302a8c0@SOUHWANSENSQ>
Organization: Keio University
X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: nemo-admin@ietf.org
Errors-To: nemo-admin@ietf.org
X-BeenThere: nemo@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nemo>, <mailto:nemo-request@ietf.org?subject=unsubscribe>
List-Id: NEMO Working Group <nemo.ietf.org>
List-Post: <mailto:nemo@ietf.org>
List-Help: <mailto:nemo-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nemo>, <mailto:nemo-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Dear Souhwan, > The new threat analysis draft is available at the following location. > > http://www.ietf.org/internet-drafts/draft-jung-nemo-threat-analysis-01.txt > > Some new threats specific to NEMO basic support protocol were included at the draft. Any comments on them will be greatly appreciated. Here are some comments to your draft. General Comments: ~~~~~~~~~~~~~~~~~ - I think it would be useful to explain what is new in the -01 version of your draft, so that people who already read version -00 can rapidly check what is important. - Does your new version catch the conversion we had on security at IETF Wien ? - I think the nested case and the multihoming cases require a more-in-depth analysis. It could an interesting future contribution of your work. - could you make the disctinction between potential threat, the ones peculiar to NEMO Basic Support, the one that generally apply to the concept of network mobility (taken in general, with no specific protocol in mind (i.e. without NEMO Basic Support, MIPv6, etc) 1. Motivations ~~~~~~~~~~~~~~ It would be useful to say there that the protocol to manage the mobility of the mobile network, i.e. network mobility support, is NEMO Basic Support, itself based on Mobile IPv6. Then you can say it introduces a new entity, the MR. You don't state explicitly if your draft address vulnerabilities specific to NEMO Basic Support, or network mobility in general, as a concept. When you speak about the general concept, you should also deal with the authorization for the sending node to fill up the BU with information that can be proven (e.g. the prefix actually belongs to the MR). Section 2 ~~~~~~~~~ You use the acronym "FA". You could get rid of it, there are no FA in NEMO. You probably mean the access router the MR is connected to, so would better replace FA with AR. Section 3.1 ~~~~~~~~~~~ Same remark, no FA. In addition, if you meant AR, you should clarify which signaling is under threat. RAs ? Is there any issue peculiar to NEMO right here ? Section 4.1 ~~~~~~~~~~~~ MR-HA spoofing MR-HA is the permanent address assigned statically or dynamically to the MR by HA. MR-HA should be used for identification of MR while it is in the visited domain. The compromised MR can register to FA with a spoofed MR-HA, and try to collect data destinated to the victim address. -> MR-HA does not registered with the AR. MR's egress iface gets a CoA on AR's link, that's all. 4.3 Traffic Analysis ~~~~~~~~~~~~~~~~~~~~ Between MR and HA: Here, you are assuming the attacker is somewhere between the MR and HA. Between MR and MNN: you are assuming some sort of Route Optimization which doesn't yet exist. Of course this is a problem RO will have to face, but I would suggest to emphasize your assumptions. If that is the case you should clarify that section 3 is a conceptual analysis and that it does focus on NEMO Basic Support. 5.Threats specific to the NEMO basic support protocol ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please give a ref to the appropriate draft. 5.3 Attack to Location Privacy by Traffic Analysis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Where do you assume the attacker is located in order to monitor both path 2 and 3 ? Besides this, packets on path 2 (MR<->HA) will have all have same <src/dst>; i.e. one packet may actually be sent by MNN1, and the next one by MNN2, so how can you conclude on path <HA,CN> based on packet interleaving ? 6.4 ~~~ I'm curious how this could be done. But if such a solution exists, it would give the HA the right to check what are the MNNs behind the MR, so it turns to be a privacy concern. 6.5 ~~~ The important point is what are the potential threats. Privacy is one of them, so any solution should make sure that MNNs can keep their location at least as secrete has if there were located in a fixed network. Reference ~~~~~~~~~ - you missed to list NEMO Basic Support. - on the other hand, you cite 2 expired drafts: this is missleading for new reader. I think you should remove. [3] Wakikawa, R., et al, "Basic Network Mobility Support", Internet Draft: draft-wakikawa-nemo-basic-00.txt, Work In Progress, February 2003. [6] Kniveton, T. J., et al, "Mobile Router Tunneling Protocol", Internet Draft: draft-kniveton-mobrtr-03.txt, Work In Progress, November 2002. Thierry.
- [nemo] comments on new threats Souhwan Jung
- Re: [nemo] comments on new threats Thierry Ernst