IETF Logo Mail Archive

Optimizing Authentication - periodic re-authentication

Jeffrey Haas <jhaas@pfrc.org> Sun, 28 January 2024 20:21 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC5FC14F602; Sun, 28 Jan 2024 12:21:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ee21ZmnkmIqS; Sun, 28 Jan 2024 12:21:02 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 03416C14F5F9; Sun, 28 Jan 2024 12:21:01 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 961F21E28C; Sun, 28 Jan 2024 15:21:00 -0500 (EST)
Date: Sun, 28 Jan 2024 15:21:00 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: draft-ietf-bfd-optimizing-authentication@ietf.org, rtg-bfd@ietf.org
Subject: Optimizing Authentication - periodic re-authentication
Message-ID: <20240128202100.GA11839@pfrc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/KcRGw7Lrb-B1EDjkba5COeXUq5s>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jan 2024 20:21:07 -0000

Optimizing Auth Authors and Working Group,

The text on github is coming along, thanks.  Much of the work has been
toward resolving procedural discussions vs. the secure sequence numbers
draft.  While doing my latest review, it occurred to me that the periodic
reauthentication procedure is perhaps flawed.

When running in the optimized mode, authentication may be disabled, the new
NULL auth type, or Meticulous Keyed ISAAC.  For disabled or NULL, the intent
of periodic re-authentication was to address active attacks on the Up
portion of the session.[1]

The procedures have a BFD implementation periodically sending out
authenticated control packets.  However, there's no way in the current
procedures to synchronize that the receiver of those packets should expect
authentication.

Thus, it's possible for an active attacker to simply drop the strong
authentication packets and simply continue to inject either the
unathenticated packets, or the next expected sequence numbers in the NULL
auth mode.

There's at least two possible ways to address this:
1. We simply don't worry about periodic re-auth for no-auth or NULL-auth.
We thus don't protect against this attack.  If you care about this attack,
use Meticulous Keyed ISAAC and the attack goes away.
2. We test periodic strong authentication by using a Poll sequence.  If we
don't receive a Fin within the Detect Interval with strong auth, compromise
should be expected.


-- Jeff

[1] Yes... the only attack we have in this mode is "keep the session Up when
it might otherwise not be".  I expect the usual hilarity when we get to
security area review.

v2.23.0 | Report a Bug | By Email