IETF Logo Mail Archive

Re: Security aspects with S-BFD

Glen Kent <glen.kent@gmail.com> Fri, 08 November 2013 17:23 UTC

Return-Path: <glen.kent@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ACC221E8138 for <rtg-bfd@ietfa.amsl.com>; Fri, 8 Nov 2013 09:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 98ky-ecPJGjs for <rtg-bfd@ietfa.amsl.com>; Fri, 8 Nov 2013 09:23:53 -0800 (PST)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 7B42F11E80DC for <rtg-bfd@ietf.org>; Fri, 8 Nov 2013 09:23:53 -0800 (PST)
Received: by mail-ob0-f178.google.com with SMTP id va2so1782760obc.9 for <rtg-bfd@ietf.org>; Fri, 08 Nov 2013 09:23:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7vePI1oFtWMYXia1RbwTjImEHfzkIq/es5n79/TB3yU=; b=D04tVB3hRJsx6Tr/uUeLuHCvkYnAW3r80ZsDxot0HKc56ubvqg45/2aNKA5NVVkpo7 kiLymySUiQWMq+xahfYgn0RQzmiuT8/lAWfNA+VkVNrCMtosSSrxhKPqxfCT8/zzpB3V oZDTNihWbwfOFAeGaIFkRsyiX8PmotZlXDwytJZ61b8Hw3bEw2z29NWcyNmDrT9tXhrk 52UG8ZHwukPr/Laj+yaiSBV1lwgpPkPZk2tk7Kddpl0PSEogljm9kfQBpINCxHYPPAww CytB5Ah+ZG6yGjk33d4aLHMDmRV4/PqQWz6wHknwFrmYbyTIgEGDPnBr2jvnJT4X91of yr/A==
MIME-Version: 1.0
X-Received: by 10.182.18.102 with SMTP id v6mr889240obd.71.1383931432929; Fri, 08 Nov 2013 09:23:52 -0800 (PST)
Received: by 10.182.23.36 with HTTP; Fri, 8 Nov 2013 09:23:52 -0800 (PST)
In-Reply-To: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com>
References: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com>
Date: Fri, 08 Nov 2013 22:53:52 +0530
Message-ID: <CAPLq3UMV4es_NMZdeB=QEEWyJ0bBQq86hpos-hFbkOtGn_C6-g@mail.gmail.com>
Subject: Re: Security aspects with S-BFD
From: Glen Kent <glen.kent@gmail.com>
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
Content-Type: multipart/alternative; boundary="001a11c339e6740d3c04eaada547"
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 17:23:54 -0000

This is akin to saying that sequence numbers will not be used for
authenticating S-BFD packets, right? If thats how it is, then cant we
simply set this to 0, and ignore it on receipt.

Glen

On Thu, Nov 7, 2013 at 10:18 PM, Bhatia, Manav (Manav) <
manav.bhatia@alcatel-lucent.com> wrote:

> Hi,
>
> S-BFD describes the reflector sessions which raises interesting security
> considerations.
>
> Since the reflector sessions are stateless (that's one of the biggest
> advantages) it's impossible for the reflector to keep track of the sequence
> number that its heard from its peers. This means, that the reflector is
> susceptible to both inter-session and intra-session replay attacks. We had
> a discussion internally amongst the co-authors and had the following
> proposal that we wanted to vet before the WG members.
>
> Would like to hear the WGs opinion on this.
>
> 1. The Initiator picks up a crypto sequence number depending upon the
> authentication mode that its using (meticulous or non meticulous). It sends
> a packet to the Reflector with this seq num.
>
> 2. The reflector maintains no session state and hence does not look at the
> crypto sequence number before accepting the packet. It looks at the Key ID
> (draft-ietf-bfd-generic-crypto-auth-05) in the incoming packet (or it can
> do it based on its own database where it maps the neighbor to the key iD)
> and verifies the authentication data. If everything looks good, it
> processes the packet.
>
> 3. When responding the Reflector needs to compute the Authentication data.
> It uses the same sequence number that it received in the S-BFD packet that
> it is responding to. It knows the Key ID, and thus the SA. It computes the
> authentication data and sends the S-BFD packet out.
>
> 4. The Initiator receives the response from the Reflector. It only accepts
> the S-BFD packet if it either comes with the same sequence number as it had
> sent or its within the window that it finds acceptable (described in detail
> in Sec 3.4 of draft-ietf-bfd-generic-crypto-auth-05)
>
> Benefits of this scheme.
>
> 1. Reflectors continue to remain stateless despite using security.
>
> 2. Reflectors are not susceptible to replay attacks as they always respond
> to S-BFD packets irrespective of the sequence number carried.
>
> 3. An attacker cannot forge packets from the Reflector since the Initiator
> will only accept S-BFD packets that come with the sequence number that it
> had originally used when sending the S-BFD packet.
>
> Drawbacks of this scheme.
>
> 1. Reflectors are susceptible to DoS attacks since they respond to all
> incoming S-BFD packets. This gets worse when cryptography is used as the
> work load drastically increases as security is employed.
>
> Cheers, Manav
>
>
>

v2.23.0 | Report a Bug | By Email