Re: Security aspects with S-BFD
Jeffrey Haas <jhaas@pfrc.org> Tue, 12 November 2013 21:00 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D343421F9C69 for <rtg-bfd@ietfa.amsl.com>; Tue, 12 Nov 2013 13:00:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.223
X-Spam-Level:
X-Spam-Status: No, score=-102.223 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oF1K+Fy9l1sf for <rtg-bfd@ietfa.amsl.com>; Tue, 12 Nov 2013 13:00:53 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id CA1BD11E810A for <rtg-bfd@ietf.org>; Tue, 12 Nov 2013 13:00:53 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 82D10C2F0; Tue, 12 Nov 2013 16:00:53 -0500 (EST)
Date: Tue, 12 Nov 2013 16:00:53 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
Subject: Re: Security aspects with S-BFD
Message-ID: <20131112210053.GK15347@pfrc>
References: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20211F91F544D247976D84C5D778A4C32E4FACB1@SG70YWXCHMBA05.zap.alcatel-lucent.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 21:00:58 -0000
Manav, On Thu, Nov 07, 2013 at 04:48:47PM +0000, Bhatia, Manav (Manav) wrote: > 1. The Initiator picks up a crypto sequence number depending upon the authentication mode that its using (meticulous or non meticulous). It sends a packet to the Reflector with this seq num. > > 2. The reflector maintains no session state and hence does not look at the crypto sequence number before accepting the packet. It looks at the Key ID (draft-ietf-bfd-generic-crypto-auth-05) in the incoming packet (or it can do it based on its own database where it maps the neighbor to the key iD) and verifies the authentication data. If everything looks good, it processes the packet. > > 3. When responding the Reflector needs to compute the Authentication data. It uses the same sequence number that it received in the S-BFD packet that it is responding to. It knows the Key ID, and thus the SA. It computes the authentication data and sends the S-BFD packet out. > > 4. The Initiator receives the response from the Reflector. It only accepts the S-BFD packet if it either comes with the same sequence number as it had sent or its within the window that it finds acceptable (described in detail in Sec 3.4 of draft-ietf-bfd-generic-crypto-auth-05) > > Benefits of this scheme. > > 1. Reflectors continue to remain stateless despite using security. It would be good to see some discussion from the S-BFD authors regarding light-weight state for authentication. In other words, just enough to verify crypto sequence numbers. One challenge that immediately comes to mind is that since the sessions are completely stateless, this means the reflector really can't know if the initiator rebooted or not, especially if the initiator is foolish enough to have the same discriminator. > 2. Reflectors are not susceptible to replay attacks as they always respond to S-BFD packets irrespective of the sequence number carried. > > 3. An attacker cannot forge packets from the Reflector since the Initiator will only accept S-BFD packets that come with the sequence number that it had originally used when sending the S-BFD packet. Protecting the Initiator is good. But ... > Drawbacks of this scheme. > > 1. Reflectors are susceptible to DoS attacks since they respond to all incoming S-BFD packets. This gets worse when cryptography is used as the work load drastically increases as security is employed. This continues to be my primary concern about the security for this feature. In the absence of *any* state, it's very difficult to have a low-work filter that protects the Reflector against cryptographic work attacks. Also, as best I understand several of the potential use cases for this feature, every S-BFD node may end up being a Reflector in some of those cases. To take a post-WG session comment to heart, this feature does have several resemblances to simply using IP Ping. This means that several of the security considerations associated with ICMP attacks (rate limiting, etc.) are likely applicable. > Cheers, Manav -- Jeff
- Security aspects with S-BFD Bhatia, Manav (Manav)
- Re: Security aspects with S-BFD Glen Kent
- RE: Security aspects with S-BFD Santosh P K
- Re: Security aspects with S-BFD Jeffrey Haas
- RE: Security aspects with S-BFD Nobo Akiya (nobo)
- Re: Security aspects with S-BFD MALLIK MUDIGONDA (mmudigon)
- RE: Security aspects with S-BFD Nobo Akiya (nobo)
- RE: Security aspects with S-BFD Bhatia, Manav (Manav)
- RE: Security aspects with S-BFD Nobo Akiya (nobo)