RE: Security aspects with S-BFD
"Nobo Akiya (nobo)" <nobo@cisco.com> Fri, 07 March 2014 16:16 UTC
Return-Path: <nobo@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4C01A02AE for <rtg-bfd@ietfa.amsl.com>; Fri, 7 Mar 2014 08:16:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.047
X-Spam-Level:
X-Spam-Status: No, score=-10.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJflK9liLi6R for <rtg-bfd@ietfa.amsl.com>; Fri, 7 Mar 2014 08:16:05 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) by ietfa.amsl.com (Postfix) with ESMTP id 63A1F1A029F for <rtg-bfd@ietf.org>; Fri, 7 Mar 2014 08:16:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20870; q=dns/txt; s=iport; t=1394208960; x=1395418560; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=Hem2WXR2hIxweX2ww7M8231IFfLyqbUYAKcsvkbKYig=; b=aRdBmnukcK+phLdmQFjPnoxgsykdEg3x3GNHxsbhxCUBcN8y2RkcoIz2 UR59vlkD8RMPMkCel67Fo36P1c0WhkESUksY74RGAM/a78dmSzq14kifY V5SAHMneeD1FKoVkpLRVi/Kr8Xw3AnthwZeJMIDAGETwMhZKhN3Uxte/S A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkkFAMrvGVOtJXG//2dsb2JhbABagkIjITtXuEmIXIESFnSCJQEBAQQtOgQeAgEIEQMBAQELFgcHMhQJCAEBBAESCIdxAQzPfxeNeDINExcBgySBFASZdZB5gy2CKw
X-IronPort-AV: E=Sophos; i="4.97,608,1389744000"; d="scan'208,217"; a="25724639"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by alln-iport-6.cisco.com with ESMTP; 07 Mar 2014 16:15:59 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id s27GFxfc018097 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <rtg-bfd@ietf.org>; Fri, 7 Mar 2014 16:15:59 GMT
Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.03.0123.003; Fri, 7 Mar 2014 10:15:59 -0600
From: "Nobo Akiya (nobo)" <nobo@cisco.com>
To: "MALLIK MUDIGONDA (mmudigon)" <mmudigon@cisco.com>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: RE: Security aspects with S-BFD
Thread-Topic: Security aspects with S-BFD
Thread-Index: Ac7b2ToBrFn7tnaZR4yTSVGAJsb+GxeiW4sAABDK0AA=
Date: Fri, 07 Mar 2014 16:15:58 +0000
Message-ID: <CECE764681BE964CBE1DFF78F3CDD3941E089F97@xmb-aln-x01.cisco.com>
References: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com> <CF3FB9DE.1C21C%mmudigon@cisco.com>
In-Reply-To: <CF3FB9DE.1C21C%mmudigon@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [161.44.212.61]
Content-Type: multipart/alternative; boundary="_000_CECE764681BE964CBE1DFF78F3CDD3941E089F97xmbalnx01ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/rtg-bfd/Xnb49g4FpovkTvlLPDoYjU04RQY
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 16:16:08 -0000
Good to see this discussion continuing (thank Mallik!). I'm a bit skeptical of creating a hard dependency from BFD/S-BFD to time synchronization protocol. Meaning, if we do this, malfunctions in the time synchronization protocol or even time drift can take down all BFD/S-BFD sessions, causing instabilities in the network. I think this is a general topic (i.e. applicable to both BFD and S-BFD) that should continue to be discussed, and certainly would like to hear more from BFD and KARP experts. To progress S-BFD base draft, my vote would be to go with suggestion by Manav (below) for the time being. -Nobo From: Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org] On Behalf Of MALLIK MUDIGONDA (mmudigon) Sent: Friday, March 07, 2014 7:39 AM To: rtg-bfd@ietf.org Subject: Re: Security aspects with S-BFD Hi, As mentioned in draft-ietf-karp-bfd-analysis-01<http://tools.ietf.org/html/draft-ietf-karp-bfd-analysis-01> section 6, if we use UTC time for Sequence numbers (assuming Initiator and reflector are time synchronized), then we can mitigate the problem of DOS and Replay attacks at reflectors. Please share your thoughts. Thanks Regards Mallik From: <Bhatia>, "Manav (Manav)" <manav.bhatia@alcatel-lucent.com<mailto:manav.bhatia@alcatel-lucent.com>> Date: Thursday 7 November 2013 10:18 PM To: "rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>" <rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>> Subject: Security aspects with S-BFD Hi, S-BFD describes the reflector sessions which raises interesting security considerations. Since the reflector sessions are stateless (that's one of the biggest advantages) it's impossible for the reflector to keep track of the sequence number that its heard from its peers. This means, that the reflector is susceptible to both inter-session and intra-session replay attacks. We had a discussion internally amongst the co-authors and had the following proposal that we wanted to vet before the WG members. Would like to hear the WGs opinion on this. 1. The Initiator picks up a crypto sequence number depending upon the authentication mode that its using (meticulous or non meticulous). It sends a packet to the Reflector with this seq num. 2. The reflector maintains no session state and hence does not look at the crypto sequence number before accepting the packet. It looks at the Key ID (draft-ietf-bfd-generic-crypto-auth-05) in the incoming packet (or it can do it based on its own database where it maps the neighbor to the key iD) and verifies the authentication data. If everything looks good, it processes the packet. 3. When responding the Reflector needs to compute the Authentication data. It uses the same sequence number that it received in the S-BFD packet that it is responding to. It knows the Key ID, and thus the SA. It computes the authentication data and sends the S-BFD packet out. 4. The Initiator receives the response from the Reflector. It only accepts the S-BFD packet if it either comes with the same sequence number as it had sent or its within the window that it finds acceptable (described in detail in Sec 3.4 of draft-ietf-bfd-generic-crypto-auth-05) Benefits of this scheme. 1. Reflectors continue to remain stateless despite using security. 2. Reflectors are not susceptible to replay attacks as they always respond to S-BFD packets irrespective of the sequence number carried. 3. An attacker cannot forge packets from the Reflector since the Initiator will only accept S-BFD packets that come with the sequence number that it had originally used when sending the S-BFD packet. Drawbacks of this scheme. 1. Reflectors are susceptible to DoS attacks since they respond to all incoming S-BFD packets. This gets worse when cryptography is used as the work load drastically increases as security is employed. Cheers, Manav
- Security aspects with S-BFD Bhatia, Manav (Manav)
- Re: Security aspects with S-BFD Glen Kent
- RE: Security aspects with S-BFD Santosh P K
- Re: Security aspects with S-BFD Jeffrey Haas
- RE: Security aspects with S-BFD Nobo Akiya (nobo)
- Re: Security aspects with S-BFD MALLIK MUDIGONDA (mmudigon)
- RE: Security aspects with S-BFD Nobo Akiya (nobo)
- RE: Security aspects with S-BFD Bhatia, Manav (Manav)
- RE: Security aspects with S-BFD Nobo Akiya (nobo)