Re: Security aspects with S-BFD
"MALLIK MUDIGONDA (mmudigon)" <mmudigon@cisco.com> Fri, 07 March 2014 12:39 UTC
Return-Path: <mmudigon@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9898D1A01E0 for <rtg-bfd@ietfa.amsl.com>; Fri, 7 Mar 2014 04:39:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.047
X-Spam-Level:
X-Spam-Status: No, score=-10.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vXM9GOHWESpZ for <rtg-bfd@ietfa.amsl.com>; Fri, 7 Mar 2014 04:39:29 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) by ietfa.amsl.com (Postfix) with ESMTP id B2C091A01C9 for <rtg-bfd@ietf.org>; Fri, 7 Mar 2014 04:39:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9359; q=dns/txt; s=iport; t=1394195965; x=1395405565; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=JcrYO4huTZC+jHJasuZLqfbaittDayB6//D6z9OnQS0=; b=d0dznZGVZzqw5OEPZIBio4dwp95MuaCl/RvjCUDMbHeMdc5ttffx0I3g PDDZp8IA0GejKA2I+AQkU/uuWDEiyhOIiT2eWU7LEHVTkn16uSErSnoxM 4N2RV/wF5a0pMIZ1LAhnf1gT/8/MOdS0dEc6DywWLcpQdgE2dQpVGX7Gf o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkcFAGa9GVOtJXG9/2dsb2JhbABagkJEO1e4SohcgRMWdIIlAQIEZxISAQgRAwECKCYTFAkIAQEEDgWHeQ3PWxeNeFIRB4Q4BI5xiVKBMpB5gy2CKw
X-IronPort-AV: E=Sophos; i="4.97,607,1389744000"; d="scan'208,217"; a="25684454"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by alln-iport-4.cisco.com with ESMTP; 07 Mar 2014 12:39:25 +0000
Received: from xhc-rcd-x03.cisco.com (xhc-rcd-x03.cisco.com [173.37.183.77]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id s27CdPcD028811 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 7 Mar 2014 12:39:25 GMT
Received: from xmb-rcd-x05.cisco.com ([169.254.15.100]) by xhc-rcd-x03.cisco.com ([173.37.183.77]) with mapi id 14.03.0123.003; Fri, 7 Mar 2014 06:39:24 -0600
From: "MALLIK MUDIGONDA (mmudigon)" <mmudigon@cisco.com>
To: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: Re: Security aspects with S-BFD
Thread-Topic: Security aspects with S-BFD
Thread-Index: Ac7b2ToBrFn7tnaZR4yTSVGAJsb+GxeiW4sA
Date: Fri, 07 Mar 2014 12:39:24 +0000
Message-ID: <CF3FB9DE.1C21C%mmudigon@cisco.com>
In-Reply-To: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.143.25.134]
Content-Type: multipart/alternative; boundary="_000_CF3FB9DE1C21Cmmudigonciscocom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/rtg-bfd/M7RhHfO3-eEkGUSh9xprA5UUW_g
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 12:39:33 -0000
Hi, As mentioned in draft-ietf-karp-bfd-analysis-01<http://tools.ietf.org/html/draft-ietf-karp-bfd-analysis-01> section 6, if we use UTC time for Sequence numbers (assuming Initiator and reflector are time synchronized), then we can mitigate the problem of DOS and Replay attacks at reflectors. Please share your thoughts. Thanks Regards Mallik From: <Bhatia>, "Manav (Manav)" <manav.bhatia@alcatel-lucent.com<mailto:manav.bhatia@alcatel-lucent.com>> Date: Thursday 7 November 2013 10:18 PM To: "rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>" <rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>> Subject: Security aspects with S-BFD Hi, S-BFD describes the reflector sessions which raises interesting security considerations. Since the reflector sessions are stateless (that's one of the biggest advantages) it's impossible for the reflector to keep track of the sequence number that its heard from its peers. This means, that the reflector is susceptible to both inter-session and intra-session replay attacks. We had a discussion internally amongst the co-authors and had the following proposal that we wanted to vet before the WG members. Would like to hear the WGs opinion on this. 1. The Initiator picks up a crypto sequence number depending upon the authentication mode that its using (meticulous or non meticulous). It sends a packet to the Reflector with this seq num. 2. The reflector maintains no session state and hence does not look at the crypto sequence number before accepting the packet. It looks at the Key ID (draft-ietf-bfd-generic-crypto-auth-05) in the incoming packet (or it can do it based on its own database where it maps the neighbor to the key iD) and verifies the authentication data. If everything looks good, it processes the packet. 3. When responding the Reflector needs to compute the Authentication data. It uses the same sequence number that it received in the S-BFD packet that it is responding to. It knows the Key ID, and thus the SA. It computes the authentication data and sends the S-BFD packet out. 4. The Initiator receives the response from the Reflector. It only accepts the S-BFD packet if it either comes with the same sequence number as it had sent or its within the window that it finds acceptable (described in detail in Sec 3.4 of draft-ietf-bfd-generic-crypto-auth-05) Benefits of this scheme. 1. Reflectors continue to remain stateless despite using security. 2. Reflectors are not susceptible to replay attacks as they always respond to S-BFD packets irrespective of the sequence number carried. 3. An attacker cannot forge packets from the Reflector since the Initiator will only accept S-BFD packets that come with the sequence number that it had originally used when sending the S-BFD packet. Drawbacks of this scheme. 1. Reflectors are susceptible to DoS attacks since they respond to all incoming S-BFD packets. This gets worse when cryptography is used as the work load drastically increases as security is employed. Cheers, Manav
- Security aspects with S-BFD Bhatia, Manav (Manav)
- Re: Security aspects with S-BFD Glen Kent
- RE: Security aspects with S-BFD Santosh P K
- Re: Security aspects with S-BFD Jeffrey Haas
- RE: Security aspects with S-BFD Nobo Akiya (nobo)
- Re: Security aspects with S-BFD MALLIK MUDIGONDA (mmudigon)
- RE: Security aspects with S-BFD Nobo Akiya (nobo)
- RE: Security aspects with S-BFD Bhatia, Manav (Manav)
- RE: Security aspects with S-BFD Nobo Akiya (nobo)