[Qirg] security in network operations
Rodney Van Meter <rdv@sfc.wide.ad.jp> Wed, 20 November 2019 08:35 UTC
Return-Path: <rdv@sfc.wide.ad.jp>
X-Original-To: qirg@ietfa.amsl.com
Delivered-To: qirg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA68F12004F for <qirg@ietfa.amsl.com>; Wed, 20 Nov 2019 00:35:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sfc.wide.ad.jp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PD08OBlTsPbL for <qirg@ietfa.amsl.com>; Wed, 20 Nov 2019 00:35:08 -0800 (PST)
Received: from mail1.sfc.wide.ad.jp (mail1.sfc.wide.ad.jp [IPv6:2001:200:0:8803:203:178:142:133]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EC9412084D for <qirg@irtf.org>; Wed, 20 Nov 2019 00:35:07 -0800 (PST)
Received: from dhcp-9daa.meeting.ietf.org (dhcp-9daa.meeting.ietf.org [31.133.157.170]) (Authenticated sender: rdv) by mail1.sfc.wide.ad.jp (Postfix) with ESMTPSA id C1B147490; Wed, 20 Nov 2019 17:35:05 +0900 (JST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sfc.wide.ad.jp; s=mail1; t=1574238906; bh=UGQNJr9V4zgi2LfKUqni0xcNXH8SXcKHs4KSe1Y6i5U=; h=From:Subject:Date:Cc:To:From; b=O8+c2h8CmhuR8w/JwS4GSSaXqYvIo0LRNUupDPSUws0n9gUFjjE9y4htHNUAgkdVN w8ZTqh2ndZY2fPFNDQTe6rbdErKyOxnB2LCBdyl/8lWhdLAed8PUlQ2nipQvYJRj++ BAVXsoMjWOi3AzaDJIf8E9rAbPI4BAjJKo+cvFE70TZDLjU/n2K3RW0ImJbglJOQrD xa4wgyYAa4ixG15SkI90d/0wLk9cTS9NFcAzrK1w+d+CVVfI9oEDizZEJ3Br/O2lOV wFHxtSRFeNvBqPats65trqcjM091fR0d604ib/fAreY8tlvS/fdiVMTe7j1sJFAZwQ AXFseWgksPOhg==
From: Rodney Van Meter <rdv@sfc.wide.ad.jp>
Content-Type: multipart/alternative; boundary="Apple-Mail=_32F895B3-AEBF-494B-8AEC-5E4C20F34E7E"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Message-Id: <00269089-C9CF-4772-A11F-1A4AD0786017@sfc.wide.ad.jp>
Date: Wed, 20 Nov 2019 17:35:03 +0900
Cc: Rodney Van Meter <rdv@sfc.wide.ad.jp>
To: qirg@irtf.org
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/qirg/xPZZTe5idXJcX4o8w2c4n0HR0_c>
Subject: [Qirg] security in network operations
X-BeenThere: qirg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Quantum Internet \(proposed\) RG" <qirg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/qirg>, <mailto:qirg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/qirg/>
List-Post: <mailto:qirg@irtf.org>
List-Help: <mailto:qirg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/qirg>, <mailto:qirg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 08:35:12 -0000
The bad news is that the simplest protocols for monitoring the quality of network links can be manipulated by a single hijacked to repeater to cause network management protocols to declare a set of links DOWN and create an artificial partition of the network. So controlling a single repeater gives you power that exceeds what you could achieve by hijacking a single Internet router, ignoring hacks to the routing protocols such as BGP hijacking. (A quantum repeater would be vulnerable to exactly the same set of routing problems, but we’re looking for the delta in capabilities here.) The good news is that application of a cryptographically secure choice of which entangled states to dedicate to link or connection monitoring and which to use for customer traffic, like the eavesdropper detection in QKD, is good enough to mitigate the problem. https://iopscience.iop.org/article/10.1088/2058-9565/aac11f/meta <https://iopscience.iop.org/article/10.1088/2058-9565/aac11f/meta> We also earlier created a taxonomy of possible attack points. https://www.ndss-symposium.org/ndss2015/ndss-2015-sent-programme/classification-quantum-repeater-attacks/ <https://www.ndss-symposium.org/ndss2015/ndss-2015-sent-programme/classification-quantum-repeater-attacks/> As far as I’m aware, those are the only two things looking at security of the network operation itself, as opposed to integration of security into applications. —Rod Rodney Van Meter Professor, Faculty of Environment and Information Studies Keio University, Japan rdv@sfc.wide.ad.jp
- [Qirg] security in network operations Rodney Van Meter