Re: Attacking BFD with NULL auth
Jeffrey Haas <jhaas@pfrc.org> Wed, 07 February 2024 17:30 UTC
Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82A2BC14F699 for <rtg-bfd@ietfa.amsl.com>; Wed, 7 Feb 2024 09:30:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxhjm2RJ1FAK for <rtg-bfd@ietfa.amsl.com>; Wed, 7 Feb 2024 09:30:00 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 4D3FFC14F601 for <rtg-bfd@ietf.org>; Wed, 7 Feb 2024 09:30:00 -0800 (PST)
Received: from smtpclient.apple (172-125-100-52.lightspeed.livnmi.sbcglobal.net [172.125.100.52]) by slice.pfrc.org (Postfix) with ESMTPSA id 634051E039; Wed, 7 Feb 2024 12:29:59 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_EE3DB9CB-30CD-4BE8-B46F-BF4F71BE0E39"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
Subject: Re: Attacking BFD with NULL auth
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: <1060883557.3646248.1707326519734@mail.yahoo.com>
Date: Wed, 07 Feb 2024 12:29:58 -0500
Cc: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
Message-Id: <6E4A650D-49BB-4164-83CA-1D02ABA3E6BD@pfrc.org>
References: <336054A1-4729-446B-BE73-832650B75BED@pfrc.org> <189423773.3335904.1707238309952@mail.yahoo.com> <955C0C79-FCB3-4FFA-AFA9-C43697E08927@pfrc.org> <1060883557.3646248.1707326519734@mail.yahoo.com>
To: Reshad Rahman <reshad@yahoo.com>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/xWbQGm9Rv1Xu3_T180MrFDthdiE>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 17:30:02 -0000
Reshad, > On Feb 7, 2024, at 12:21 PM, Reshad Rahman <reshad@yahoo.com> wrote: > >> ISAAC works for active attacks but I don't understand why no-auth still works, no-auth is weaker than NULL auth: you don't need to be an active attacker to knock over a session with no-auth? > > With no-auth, the only thing you can say is "the session is still up". In the optimized case we're guarding against parameter changes so that's all we get to do. > <RR> What I don't understand is no-auth still works in the statement below: if NULL auth is impractical, so should no-auth. What I am missing? > "1. NULL auth and using the sequence numbers becomes impractical to use for optimizing authentication procedures. ISAAC and no-auth still work. " > No authentication doesn't have sequence numbers. This means that sequence number operations for incrementing are paused at last exchanged sequence number in the strong authentication. No authentication also thus means you can't attack the system by sending packets with a sequence number. The system will be expecting authentication types of either the strong auth (protected vs. blind injection by computing the digest over the entire PDU), or the expected no-auth. If you send packets with an unexpected auth type, they'll be dropped. With ISAAC, blind injection can't work unless the injector has access to the shared secret, BFD discriminator values, initial sequence number for the ISAAC sequence base, and seed. Discriminator and seed can be discovered by intercepting the ISAAC authenticated PDUs. The initial sequence value has to be observed, or inferred by being able to compute the ISAAC table that will have the outputs. The shared secret is thus the core protecting item. Thus, with ISAAC, you can't push the sequence numbers ahead without being able to satisfy ISAAC authentication, even if it's not a digest vs. the entire BFD PDU. With NULL auth, you just need to be able to convince the implementation to accept the PDU with a higher sequence number. This can be done with blind injection once you know enough of the BFD session state like discriminators. The random discriminator makes this very low likelihood and pushes the attack case to someone that is PITM. -- Jeff
- Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth John Scudder
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Reshad Rahman