Re: [OSPF] Working Group last Call on "Security Extension for OSPFv2 when using Manual Key Management" - draft-ietf-ospf-security-extension-manual-keying-07

Acee Lindem <acee.lindem@ericsson.com> Mon, 28 April 2014 15:06 UTC

Return-Path: <acee.lindem@ericsson.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E54DB1A0971 for <ospf@ietfa.amsl.com>; Mon, 28 Apr 2014 08:06:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNhiyHwZt5y6 for <ospf@ietfa.amsl.com>; Mon, 28 Apr 2014 08:06:27 -0700 (PDT)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) by ietfa.amsl.com (Postfix) with ESMTP id F09661A04C5 for <ospf@ietf.org>; Mon, 28 Apr 2014 08:06:26 -0700 (PDT)
X-AuditID: c618062d-f79c96d000001cfc-f3-535e1fe54b20
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 4C.B9.07420.5EF1E535; Mon, 28 Apr 2014 11:31:17 +0200 (CEST)
Received: from EUSAAMB101.ericsson.se ([147.117.188.118]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0174.001; Mon, 28 Apr 2014 11:06:25 -0400
From: Acee Lindem <acee.lindem@ericsson.com>
To: Gabi Nakibly <gnakibly@yahoo.com>
Thread-Topic: [OSPF] Working Group last Call on "Security Extension for OSPFv2 when using Manual Key Management" - draft-ietf-ospf-security-extension-manual-keying-07
Thread-Index: AQHPX4fmHHGQC+tyAEGkxngfSa1O6JsnatUA
Date: Mon, 28 Apr 2014 15:06:24 +0000
Message-ID: <481A10B2-4F1F-478C-A7A9-DFA780005D7A@ericsson.com>
References: <53478C07.1020006@cisco.com> <1398321540.26301.YahooMailNeo@web165005.mail.bf1.yahoo.com>
In-Reply-To: <1398321540.26301.YahooMailNeo@web165005.mail.bf1.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.12]
Content-Type: multipart/alternative; boundary="_000_481A10B24F1F478CA7A9DFA780005D7Aericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeLIzCtJLcpLzFFi42KZXLrHW/epfFywwdE2NYvDB2exWWw9OoXR ouXePXYHZo8pvzeyeixZ8pPJY9asw0wBzFFcNimpOZllqUX6dglcGXs+zGEtWBJT8XWPSgPj Fd8uRk4OCQETiT9/b7JB2GISF+6tB7K5OIQEjjJKzJv4khUkISSwnFGiuVsJxGYT0JF4/ugf M4gtIqAqMXnOKsYuRg4OZgELidZr2SC9wgIrGSW2d6xkB3FEBFYxSnRM2sAK0WAk8erMNiYQ mwWoedLHrWBxXgF7ieut96CWpUssv/KGHcTmFPCUeL3gCZjNCHTd91NrwHqZBcQlbj2ZzwRx tYDEkj3nmSFsUYmXj/+xQthKEnNeX2OGOC5Z4tq5TIhVghInZz5hmcAoOgvJpFkIVbOQVEGU GEi8PzefGcLWlli28DWUrS+x8ctZRgjbWmLp2ouMyGoWMHKsYuQoLU4ty003MtjECIy+YxJs ujsY97y0PMQowMGoxMPLuCwyWIg1say4MvcQozQHi5I4b8GX2GBgGCSWpGanphakFsUXleak Fh9iZOLglGpgFM81dbIwbFzLULZoRvF/ac/pRrOr5XX1f/lzbjo/rdk9I6Hj8svjC+aZhDsm C2RL3cuauWFSynvOLVZvc5d0fPDmOL54rXDcxdUHPF0N/c1PKX1dqbqm+KtYncL2sF8ftYIn FS5fvWjv8XeC5QKr75gbRnCszThi8EnmxvxjEo83Tmyynh4vosRSnJFoqMVcVJwIAC4KzZKf AgAA
Archived-At: http://mailarchive.ietf.org/arch/msg/ospf/-_MS6oRiV6eWBnOYMRywderR2r4
Cc: OSPF List <ospf@ietf.org>
Subject: Re: [OSPF] Working Group last Call on "Security Extension for OSPFv2 when using Manual Key Management" - draft-ietf-ospf-security-extension-manual-keying-07
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 15:06:32 -0000

Hi Gabi,
Thanks much for your review and comment.

On Apr 24, 2014, at 2:39 AM, Gabi Nakibly <gnakibly@yahoo.com<mailto:gnakibly@yahoo.com>> wrote:

Hi,
I think this document is a significant step forward for the security of OSPF. I do have one comment, though. It is concerned with the case in which the same key is configured on different links. If such a situation occurs then an attacker might be able to record an OSPF message on one link and replay it on another. This is particularly relevant for cases where one router uses the same source address in multiple links (e.g. a virtual link and a physical link). So the attacker can record a packet sent by that router on one of the links and replay it over the other as if it was sent by the router itself. This may allow an attacker to cause an adjacency to be brought down.

Note that in section 2 we are recommending one sequence number space for the OSPF router as opposed to one per interface. Hence, this would have to be a replayed packet received from another router with the same source address since the OSPF Router ID in the OSPF header would be protected by the authentication hash. I would consider this to be a misconfiguration.

Moreover, a recorded Hello message may be replayed on arbitrary links (even those that do not share a router using the same source address). If I am not mistaken, RFC2328 does not mandate to discard an Hello message having a source address that is not part of the subnet of the interface on which the message was received.

RFC 2328 does mandate source subnet checking on multi-access networks but not P2P networks. On P2P networks, this could be a problem but would require the attacker to have an active tap on both the P2P interface and another interface using the same key.  Again, this would have to be a replayed packet received from another router due to the OSPF router’s use a single sequence number space. There really isn’t a good solution for this problem on P2P links since the routers don’t share any common identifier for the P2P link. They have an ifIndex but this is a locally unique interface identifier. We can document the problem and recommend use of different keys if the possibility of active taps on P2P interfaces exists.

Thanks,
Acee

Therefore, the recipient of the replayed message would allocate a new neighbor entry, thus giving rise to a DoS attack.

I know that the OSPF standard allows to configure different keys for different links, nonetheless in most of the OSPF deployments I have seen the same key is configured for all links in the AS (or area). I do not know if this is representative of OSPF deployments worldwide, but it might be prudent to analyse the security of the proposed extensions in the context of such cases as well.

Gabi

________________________________
From: Abhay Roy <akr@cisco.com<mailto:akr@cisco.com>>
To: "ospf@ietf.org<mailto:ospf@ietf.org>" <ospf@ietf.org<mailto:ospf@ietf.org>>
Sent: Friday, April 11, 2014 9:30 AM
Subject: [OSPF] Working Group last Call on "Security Extension for OSPFv2 when using Manual Key Management" - draft-ietf-ospf-security-extension-manual-keying-07

All,

We are starting a WG LC on the subject document. Document has been
stable for a while, and Manav was kind enough to present it one last
time in IETF89 (London). LC will end at 9am PST on 25th April 2014.

Please review the document and send any final comments prior to the LC
deadline.

Regards,
-Abhay

_______________________________________________
OSPF mailing list
OSPF@ietf.org<mailto:OSPF@ietf.org>
https://www.ietf.org/mailman/listinfo/ospf


_______________________________________________
OSPF mailing list
OSPF@ietf.org<mailto:OSPF@ietf.org>
https://www.ietf.org/mailman/listinfo/ospf