IETF Logo Mail Archive

Re: [nemo] comments on new threats

Thierry Ernst <ernst@sfc.wide.ad.jp> Thu, 06 November 2003 09:24 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA00366 for <nemo-archive@lists.ietf.org>; Thu, 6 Nov 2003 04:24:57 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AHgNY-0007wI-78; Thu, 06 Nov 2003 04:24:36 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AHfjn-0005fL-1a for nemo@optimus.ietf.org; Thu, 06 Nov 2003 03:43:31 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29097 for <nemo@ietf.org>; Thu, 6 Nov 2003 03:43:19 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AHfjk-0004zT-00 for nemo@ietf.org; Thu, 06 Nov 2003 03:43:28 -0500
Received: from shonan.sfc.wide.ad.jp ([203.178.142.130]) by ietf-mx with esmtp (Exim 4.12) id 1AHfjj-0004zD-00 for nemo@ietf.org; Thu, 06 Nov 2003 03:43:27 -0500
Received: from galibier.nautilus6.org (unknown [203.178.138.3]) by shonan.sfc.wide.ad.jp (Postfix) with ESMTP id 79FA95D0E5; Thu, 6 Nov 2003 17:42:57 +0900 (JST)
Date: Thu, 06 Nov 2003 17:37:21 +0900
From: Thierry Ernst <ernst@sfc.wide.ad.jp>
To: Souhwan Jung <souhwanj@ssu.ac.kr>
Cc: nemo@ietf.org
Subject: Re: [nemo] comments on new threats
Message-Id: <20031106173721.4ebb7f69.ernst@sfc.wide.ad.jp>
In-Reply-To: <009501c3a41a$519af2c0$2302a8c0@SOUHWANSENSQ>
References: <009501c3a41a$519af2c0$2302a8c0@SOUHWANSENSQ>
Organization: Keio University
X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: nemo-admin@ietf.org
Errors-To: nemo-admin@ietf.org
X-BeenThere: nemo@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nemo>, <mailto:nemo-request@ietf.org?subject=unsubscribe>
List-Id: NEMO Working Group <nemo.ietf.org>
List-Post: <mailto:nemo@ietf.org>
List-Help: <mailto:nemo-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nemo>, <mailto:nemo-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit

Dear Souhwan,


> The new threat analysis draft is available at the following location.
> 
> http://www.ietf.org/internet-drafts/draft-jung-nemo-threat-analysis-01.txt
> 
> Some new threats specific to NEMO basic support protocol were included at the draft. Any comments on them will be greatly appreciated.

Here are some comments to your draft.


General Comments:
~~~~~~~~~~~~~~~~~

- I think it would be useful to explain what is new in the -01 version of
your draft, so that people who already read version -00 can rapidly
check what is important.

- Does your new version catch the conversion we had on security at IETF Wien
?

- I think the nested case and the multihoming cases require a
more-in-depth analysis. It could an interesting future contribution of
your work.

- could you make the disctinction between potential threat, the ones
peculiar to NEMO Basic Support, the one that generally apply to the
concept of network mobility (taken in general, with no specific protocol
in mind (i.e. without NEMO Basic Support, MIPv6, etc)



1. Motivations
~~~~~~~~~~~~~~
   It would be useful to say there that the protocol to manage the
mobility of the mobile network, i.e. network mobility support, is NEMO
Basic Support, itself based on Mobile IPv6. Then you can say it
introduces a new entity, the MR.

   You don't state explicitly if your draft address vulnerabilities
specific to NEMO Basic Support, or network mobility in general, as a
concept. When you speak about the general concept, you should also deal
with the authorization for the sending node to fill up the BU with
information that can be proven (e.g. the prefix actually belongs to the
MR). 

Section 2
~~~~~~~~~

You use the acronym "FA". You could get rid of it, there are no FA in
NEMO. You probably mean the access router the MR is connected to, so
would better replace FA with AR.

Section 3.1
~~~~~~~~~~~

Same remark, no FA. In addition, if you meant AR, you should clarify
which signaling is under threat.  RAs ? Is there any issue peculiar to
NEMO right here ? 

Section 4.1
~~~~~~~~~~~~
   MR-HA spoofing
          MR-HA is the permanent address assigned statically or 
          dynamically to the MR by HA. MR-HA should be used for 
          identification of MR while it is in the visited domain. 
          The compromised MR can register to FA with a spoofed MR-HA, 
          and try to collect data destinated to the victim address.

  -> MR-HA does not registered with the AR. MR's egress iface gets a CoA
     on AR's link, that's all.


4.3 Traffic Analysis
~~~~~~~~~~~~~~~~~~~~

Between MR and HA: Here, you are assuming the attacker is somewhere
between the MR and HA.

Between MR and MNN: you are assuming some sort of Route Optimization
which doesn't yet exist. Of course this is a problem RO will have to
face, but I would suggest to emphasize your assumptions. If that is the
case you should clarify that section 3 is a conceptual analysis and that
it does focus on NEMO Basic Support.

5.Threats specific to the NEMO basic support protocol
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please give a ref to the appropriate draft.


5.3 Attack to Location Privacy by Traffic Analysis
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Where do you assume the attacker is located in order to monitor both
path 2 and 3 ? 

Besides this, packets on path 2 (MR<->HA) will have all have same
<src/dst>; i.e. one packet may actually be sent by MNN1, and the next
one by MNN2, so how can you conclude on path <HA,CN> based on packet
interleaving ?

6.4
~~~
I'm curious how this could be done. But if such a solution exists, it
would give the HA the right to check what are the MNNs behind the MR, so
it turns to be  a privacy concern.

6.5 
~~~
The important point is what are the potential threats. Privacy is one of
them, so any solution should make sure that MNNs can keep their location
at least as secrete has if there were located in a fixed network.


Reference
~~~~~~~~~
- you missed to list NEMO Basic Support.

- on the other hand, you cite 2 expired drafts: this is missleading for
  new reader. I think you should remove.


 [3]   Wakikawa, R., et al, "Basic Network Mobility Support", Internet
         Draft: draft-wakikawa-nemo-basic-00.txt, Work In Progress,
         February 2003.
 [6]   Kniveton, T. J., et al, "Mobile Router Tunneling Protocol",
         Internet Draft: draft-kniveton-mobrtr-03.txt, Work In Progress,
         November 2002.

Thierry.

v2.23.0 | Report a Bug | By Email