IETF Logo Mail Archive

RE: Security aspects with S-BFD

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Sun, 09 March 2014 23:35 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70A291A0286 for <rtg-bfd@ietfa.amsl.com>; Sun, 9 Mar 2014 16:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YoYIq0ASJr7M for <rtg-bfd@ietfa.amsl.com>; Sun, 9 Mar 2014 16:35:30 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by ietfa.amsl.com (Postfix) with ESMTP id 8B3661A0259 for <rtg-bfd@ietf.org>; Sun, 9 Mar 2014 16:35:30 -0700 (PDT)
Received: from us70uusmtp4.zam.alcatel-lucent.com (h135-5-2-66.lucent.com [135.5.2.66]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id s29NZOcL011335 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sun, 9 Mar 2014 18:35:24 -0500 (CDT)
Received: from US70TWXCHHUB03.zam.alcatel-lucent.com (us70twxchhub03.zam.alcatel-lucent.com [135.5.2.35]) by us70uusmtp4.zam.alcatel-lucent.com (GMO) with ESMTP id s29NZNoC005030 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 9 Mar 2014 19:35:24 -0400
Received: from SG70XWXCHHUB01.zap.alcatel-lucent.com (135.253.2.46) by US70TWXCHHUB03.zam.alcatel-lucent.com (135.5.2.35) with Microsoft SMTP Server (TLS) id 14.2.247.3; Sun, 9 Mar 2014 19:35:22 -0400
Received: from SG70YWXCHMBA05.zap.alcatel-lucent.com ([169.254.5.74]) by SG70XWXCHHUB01.zap.alcatel-lucent.com ([135.253.2.46]) with mapi id 14.02.0247.003; Mon, 10 Mar 2014 07:35:19 +0800
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: "Nobo Akiya (nobo)" <nobo@cisco.com>, "MALLIK MUDIGONDA (mmudigon)" <mmudigon@cisco.com>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: RE: Security aspects with S-BFD
Thread-Topic: Security aspects with S-BFD
Thread-Index: Ac7b2ToBrFn7tnaZR4yTSVGAJsb+GxeiW4sAABDK0AAAUoFLIA==
Date: Sun, 09 Mar 2014 23:35:19 +0000
Message-ID: <20211F91F544D247976D84C5D778A4C32E5A7AC9@SG70YWXCHMBA05.zap.alcatel-lucent.com>
References: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com> <CF3FB9DE.1C21C%mmudigon@cisco.com> <CECE764681BE964CBE1DFF78F3CDD3941E089F97@xmb-aln-x01.cisco.com>
In-Reply-To: <CECE764681BE964CBE1DFF78F3CDD3941E089F97@xmb-aln-x01.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.253.19.16]
Content-Type: multipart/alternative; boundary="_000_20211F91F544D247976D84C5D778A4C32E5A7AC9SG70YWXCHMBA05z_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/rtg-bfd/o5FLeRgVfW-ejUX54GU01OzfFEc
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2014 23:35:34 -0000

I agree with Nobo here. I don't think binding BFD with a timing protocol is a good idea.

> I think this is a general topic (i.e. applicable to both BFD and S-BFD) that
> should continue to be discussed, and certainly would like to hear more from BFD and KARP experts.

And pray what is that? What would you like to hear more about?

Cheers, Manav

From: Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org] On Behalf Of Nobo Akiya (nobo)
Sent: Friday, March 07, 2014 9:46 PM
To: MALLIK MUDIGONDA (mmudigon); rtg-bfd@ietf.org
Subject: RE: Security aspects with S-BFD

Good to see this discussion continuing (thank Mallik!).

I'm a bit skeptical of creating a hard dependency from BFD/S-BFD to time synchronization protocol. Meaning, if we do this, malfunctions in the time synchronization protocol or even time drift can take down all BFD/S-BFD sessions, causing instabilities in the network.

I think this is a general topic (i.e. applicable to both BFD and S-BFD) that should continue to be discussed, and certainly would like to hear more from BFD and KARP experts.

To progress S-BFD base draft, my vote would be to go with suggestion by Manav (below) for the time being.

-Nobo

From: Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org] On Behalf Of MALLIK MUDIGONDA (mmudigon)
Sent: Friday, March 07, 2014 7:39 AM
To: rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>
Subject: Re: Security aspects with S-BFD

Hi,

As mentioned in  draft-ietf-karp-bfd-analysis-01<http://tools.ietf.org/html/draft-ietf-karp-bfd-analysis-01> section 6, if we use UTC time for Sequence numbers (assuming Initiator and reflector are time synchronized), then we can mitigate the problem of DOS and Replay attacks at reflectors. Please share your thoughts.

Thanks

Regards
Mallik

From: <Bhatia>, "Manav (Manav)" <manav.bhatia@alcatel-lucent.com<mailto:manav.bhatia@alcatel-lucent.com>>
Date: Thursday 7 November 2013 10:18 PM
To: "rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>" <rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>>
Subject: Security aspects with S-BFD

Hi,

S-BFD describes the reflector sessions which raises interesting security considerations.

Since the reflector sessions are stateless (that's one of the biggest advantages) it's impossible for the reflector to keep track of the sequence number that its heard from its peers. This means, that the reflector is susceptible to both inter-session and intra-session replay attacks. We had a discussion internally amongst the co-authors and had the following proposal that we wanted to vet before the WG members.

Would like to hear the WGs opinion on this.

1. The Initiator picks up a crypto sequence number depending upon the authentication mode that its using (meticulous or non meticulous). It sends a packet to the Reflector with this seq num.

2. The reflector maintains no session state and hence does not look at the crypto sequence number before accepting the packet. It looks at the Key ID (draft-ietf-bfd-generic-crypto-auth-05) in the incoming packet (or it can do it based on its own database where it maps the neighbor to the key iD) and verifies the authentication data. If everything looks good, it processes the packet.

3. When responding the Reflector needs to compute the Authentication data. It uses the same sequence number that it received in the S-BFD packet that it is responding to. It knows the Key ID, and thus the SA. It computes the authentication data and sends the S-BFD packet out.

4. The Initiator receives the response from the Reflector. It only accepts the S-BFD packet if it either comes with the same sequence number as it had sent or its within the window that it finds acceptable (described in detail in Sec 3.4 of draft-ietf-bfd-generic-crypto-auth-05)

Benefits of this scheme.

1. Reflectors continue to remain stateless despite using security.

2. Reflectors are not susceptible to replay attacks as they always respond to S-BFD packets irrespective of the sequence number carried.

3. An attacker cannot forge packets from the Reflector since the Initiator will only accept S-BFD packets that come with the sequence number that it had originally used when sending the S-BFD packet.

Drawbacks of this scheme.

1. Reflectors are susceptible to DoS attacks since they respond to all incoming S-BFD packets. This gets worse when cryptography is used as the work load drastically increases as security is employed.

Cheers, Manav

v2.23.0 | Report a Bug | By Email