IETF Logo Mail Archive

RE: Security aspects with S-BFD

"Nobo Akiya (nobo)" <nobo@cisco.com> Tue, 12 November 2013 21:41 UTC

Return-Path: <nobo@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92E7521F9F7F for <rtg-bfd@ietfa.amsl.com>; Tue, 12 Nov 2013 13:41:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.566
X-Spam-Level:
X-Spam-Status: No, score=-10.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysQkb64J7y+z for <rtg-bfd@ietfa.amsl.com>; Tue, 12 Nov 2013 13:41:40 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 9122221E808A for <rtg-bfd@ietf.org>; Tue, 12 Nov 2013 13:41:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4563; q=dns/txt; s=iport; t=1384292500; x=1385502100; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=jey/2TMkiRkTvULjPr1T7pEb51tYqamoG58lM594TzA=; b=aIFtNKRuHpkcsAY9s33lDSZ4OIYNlaiJMwvKFRZfvWp6Vo7Vq4HjZfH9 eXWW7Xbdd8UNZ3a7POQ79SZP9VX6G9xSFdmWVEkJx09Lm5Qwbrzdnk0XO X4g8SOgUKzHQ8pUxmln4ixM8vzSmjSUqnfQAZrpwRvZI7rKY2smgt5wmW 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhAFAIifglKtJV2Z/2dsb2JhbABagmYhgQu/HYEqFnSCJQEBAQQ6LRIMBAIBCA4DBAEBAQoUCQcyFAkIAQEEDgUIE4dmAb9CjhWBGTEHBoMagREDqhmDJoIq
X-IronPort-AV: E=Sophos;i="4.93,687,1378857600"; d="scan'208";a="283732338"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-1.cisco.com with ESMTP; 12 Nov 2013 21:41:40 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id rACLfdEv010390 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 12 Nov 2013 21:41:39 GMT
Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.03.0123.003; Tue, 12 Nov 2013 15:41:39 -0600
From: "Nobo Akiya (nobo)" <nobo@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
Subject: RE: Security aspects with S-BFD
Thread-Topic: Security aspects with S-BFD
Thread-Index: Ac7b2ToBrFn7tnaZR4yTSVGAJsb+GwEQ1aaAAAvVdqA=
Date: Tue, 12 Nov 2013 21:41:39 +0000
Message-ID: <CECE764681BE964CBE1DFF78F3CDD3941DEE295E@xmb-aln-x01.cisco.com>
References: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com> <20131112210053.GK15347@pfrc>
In-Reply-To: <20131112210053.GK15347@pfrc>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [161.44.213.104]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 21:41:46 -0000

Hi Jeff, Manav, Santosh, Glen, et al,

An interesting aspect was brought up during internal discussions. Leaving aside DoS aspect, S-BFD itself provides slight increase in security, as single hi-jacked packet (w/ down state) can no longer taken down a session. i.e. at initiator, it's getting the response packets that keeps session up. Although flip-flop of received states can raise alarm in initiator implementations, it doesn't translate to automatic down.

Regarding the DoS [to reflector session] aspect, IMO, what you described appear to provide reasonable security to progress the solution, i.e. authentication itself and in combination with ACL filters. For further security [w/ real sequencing], yes I agree that small table maintenance by reflector session will be required, but opens up list of issues to consider in implementations (not necessary in protocols). Perhaps this portion can be described in base appendix.

-Nobo

> -----Original Message-----
> From: rtg-bfd-bounces@ietf.org [mailto:rtg-bfd-bounces@ietf.org] On
> Behalf Of Jeffrey Haas
> Sent: Tuesday, November 12, 2013 4:01 PM
> To: Bhatia, Manav (Manav)
> Cc: rtg-bfd@ietf.org
> Subject: Re: Security aspects with S-BFD
> 
> Manav,
> 
> On Thu, Nov 07, 2013 at 04:48:47PM +0000, Bhatia, Manav (Manav) wrote:
> > 1. The Initiator picks up a crypto sequence number depending upon the
> authentication mode that its using (meticulous or non meticulous). It sends
> a packet to the Reflector with this seq num.
> >
> > 2. The reflector maintains no session state and hence does not look at the
> crypto sequence number before accepting the packet. It looks at the Key ID
> (draft-ietf-bfd-generic-crypto-auth-05) in the incoming packet (or it can do
> it based on its own database where it maps the neighbor to the key iD) and
> verifies the authentication data. If everything looks good, it processes the
> packet.
> >
> > 3. When responding the Reflector needs to compute the Authentication
> data. It uses the same sequence number that it received in the S-BFD packet
> that it is responding to. It knows the Key ID, and thus the SA. It computes
> the authentication data and sends the S-BFD packet out.
> >
> > 4. The Initiator receives the response from the Reflector. It only
> > accepts the S-BFD packet if it either comes with the same sequence
> > number as it had sent or its within the window that it finds
> > acceptable (described in detail in Sec 3.4 of
> > draft-ietf-bfd-generic-crypto-auth-05)
> >
> > Benefits of this scheme.
> >
> > 1. Reflectors continue to remain stateless despite using security.
> 
> It would be good to see some discussion from the S-BFD authors regarding
> light-weight state for authentication.  In other words, just enough to verify
> crypto sequence numbers.
> 
> One challenge that immediately comes to mind is that since the sessions
> are completely stateless, this means the reflector really can't know if the
> initiator rebooted or not, especially if the initiator is foolish enough to have
> the same discriminator.
> 
> > 2. Reflectors are not susceptible to replay attacks as they always respond
> to S-BFD packets irrespective of the sequence number carried.
> >
> > 3. An attacker cannot forge packets from the Reflector since the Initiator
> will only accept S-BFD packets that come with the sequence number that it
> had originally used when sending the S-BFD packet.
> 
> Protecting the Initiator is good.  But ...
> 
> > Drawbacks of this scheme.
> >
> > 1. Reflectors are susceptible to DoS attacks since they respond to all
> incoming S-BFD packets. This gets worse when cryptography is used as the
> work load drastically increases as security is employed.
> 
> This continues to be my primary concern about the security for this feature.
> In the absence of *any* state, it's very difficult to have a low-work filter that
> protects the Reflector against cryptographic work attacks.
> 
> Also, as best I understand several of the potential use cases for this feature,
> every S-BFD node may end up being a Reflector in some of those cases.
> 
> To take a post-WG session comment to heart, this feature does have several
> resemblances to simply using IP Ping.  This means that several of the
> security considerations associated with ICMP attacks (rate limiting, etc.) are
> likely applicable.
> 
> > Cheers, Manav
> 
> -- Jeff

v2.23.0 | Report a Bug | By Email