Re: Attacking BFD with NULL auth
Reshad Rahman <reshad@yahoo.com> Sat, 10 February 2024 14:36 UTC
Return-Path: <reshad@yahoo.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF114C14F5E6 for <rtg-bfd@ietfa.amsl.com>; Sat, 10 Feb 2024 06:36:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jk32OXOqFQ6j for <rtg-bfd@ietfa.amsl.com>; Sat, 10 Feb 2024 06:36:14 -0800 (PST)
Received: from sonic301-2.consmr.mail.bf2.yahoo.com (sonic301-2.consmr.mail.bf2.yahoo.com [74.6.129.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB351C14F5E3 for <rtg-bfd@ietf.org>; Sat, 10 Feb 2024 06:36:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1707575773; bh=kckFHwu8xLtfWTTjwETBxYVpAdu6s7+v/wKFMJuv6ts=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=GeMZFKQPGZg8yS1b+L9eozIazBM0NEHbCoreTfPp7oT46fLB4Y3YXxz6gl2Zh+sPBt4DQlEnsjjPwNRP8jy9qFX5CJ5AxwGqpSN06T8T7Ro1b+IWf4yFEMEMmUtSfA0nMano/R9ATFwd/YYC8mMGA50x5ThmlXsb063/PZFLZ9WW+aUlyMDJH9331/EP/X/IQAlpTsvI5V+L82gRi3dd9KHq5GDep12+uU1Yv1l+Ul0+EHPnzgh17OUvXIMwPBTfy1nPNn5Wb8w6XHPR7qfCO7WM2IOgyvgUEGdIca24/KjJJ13hf02vDABqnqT3lJn+EmXY+u0OkI1gw9sPwuoJPw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1707575773; bh=/yLBGE5x/jANH04f91BamZqm/RE+Bd4qe3/IUGtb/8x=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=LqP5GOah5XJMfuO9TcWHv+HrwZXpxFMmzHf3hlFPV/wAEiXRLi3fvwE4inrPYZTP5ZHoFHla7RpV1gp9KLnHzIXpBH+GjlevTF/3LIXn/yxXvqPYNim/WhwieR7EhDcA5LXwGYqtBqf6jcXtwJ+lCgg6NVJLA0ZNHqTgSOofswR5G1KilpuxuAugemEcQKPG1DWjG5kHLc8CIjxbejEMX1bMO/lhGVJkiYEsvSI8yQQrBhsHWJG34NkQRROQTz1Hnvd1P9JEFMCrCtq5zYlUkJdV61yr8JKK5NmRooKVmQnyqCFErcBYMrPrC5Cs1PZDbpbkrTJZQgFyBY+FTNFKzQ==
X-YMail-OSG: Nwc8t14VM1nv6uxPCEYQXEVLDke4A.75OwEKDHNb0p613Bv4lXw0ESCkiETijHW MfOeRNAUauDMwqHigvdIBZ6pKXLJYj_ReinDy00eqIYYguhr4Ho3LFt76pdQkAlqfuRFA3j5iAEs 5eT96vhwuZAQ3D3OQVg5Dz3k3IWGQ95NgysIJ2rQsLMvtoYgZkiA_JuX.zfz9OloydYhxt5kHtaW XsstwXTdb2uAIVHyyWFwzDrkUr7p_rB57oNFq4xxGHhZ5DDQ4NIGCNkfJczC_nGDwg5kH6OJ2tyi ePaGnwJA1fpjYl6BMYVmv7B2P4KX5QiHQ6U6dbNNBQNjmhBAvSVNi3ACovq4u1Paw9GNhD30fmpy TuoqaEJbJy0NcIZaJ_HZP5Le5.EVrxK2RzdqKZxLJYdXrOTDANAoOInQvldG.AcfP5tF77l7vWXU JTUw1ye2J2YszrM_lagR5cUTdYxWVpUNwu9dt2jXwAWqm9pHw1k3XaEaY.jrcMsDfHtFAG.GbSrA zthOCFwUTSZsLfQHp93CqpBcHgS18g1UQR3OZuxHABtle_zg2kciIUo8kNlMdVsgjNGa57.zGfh. _SkEkIK0juwMPMqiZHeT4roBjSRmYEixr5gfxri4_J7PGdNxnGOtiOO9IKH41.ViSpLtKgNUrida 8oxfaKyEpdhCSYI1vuA4_Qzt_I9M1ufYOUg2nq_ovenPN2tgLyFC71NndpNiPaWTOGSKikuUspNb jxINNsXnWLu6WgGYS719aHRTWdZYW6a5jetX3whOsEvqgDAw7qVd4rAsgezo1ahLMFQMin3c9ngi sKv3AyDo1i5bYIH6WjPFUZdTITLxLWcrlINUU9vuqQV3phHPNeJG65MylkSb365dJs7_SgsdZq8B 5yUtNfCsu2MGzdc3nUSl50ekVEtonpYygnk5Y3rZsTw2snpQm7.B4_qJraiThlCdou0muj.RhMJL MaPwNO2Lh8uGRqluy7hDZ.VFrAcPO_CL_LAurIHBeDWnxAfGGYJtnkLUCdO2hxbbxn0jGdmy2Vzb ENLAvQNBZtj7r_1Eoi48B6bR5sFTk5R2IsMGVZWl.d8UK5C5FU.uxrQnUA0EN6NwkcUnDmlq6mNU SMhXS2F9ohT_1RQ0UxxTL9yCTEF1e8wjT4ElA7ucIa1fgW2NbvK7YGskvzN2P.mhDgm0c9JU7xhG EG93GT1_PeDbXldqvRW5uUbJKRw.3rFt963ghGkLevs1MzvKY.iAvL3yRbBLuURuesDDtpPDzjrd aOjZFQcwIilDt546c1TjbbuVr_jqRf32BeBI8nHa7ykPqXekzf0UVDW3W5TRz0rXcPWkDiOgwKfg U2YPKaKdheRJUFhv41LfPV8aTSgn80dDvVJMraFK0mOW3ES8YSVYov29uw0T_ivubCMQJprDxCIi SQpR1EBQ1ihx9eB_ja8JaEA2XOIUiudyl3R1ZmCFoioXeLksekRHq_3IWNG41ta5vIc3LYoy2.fB UI_tbQo09owDbLhiGUIf2wgNWM0fwtlAmcLirVfW5pLN7tMnryhfPu1o_qPZ2J5al8zsjPWH3AeY gSKfBXVLkYyEIWuCzp5S_Tb4VXp86hMm.2cY4YnSIouute7axQxbMmRvgv0V_hUPAK4m7eDxbIYX qD3Ghat6t6zOIyTr1s6fXHtd36EZNYMgK8qbRpX6Gk6UBmOr211TEx6wGYLqLilnaCjbHAPbvlat DFsfVdXFpTBxxAzWiJG7B_2ufPZW7t2qsOw1osg.ZOxxgrgyvgF9Uq_ywDP0cZqwhTrNLQ_.jFK2 HkXtUs5mSH_4JM9CQRc0Mku7KKdN3sOjSCPKcscn7HOQPZYY52t0nrFV092_HZVRxcgFwq3VzWNi _LFfmg__nseYqUbZ6Ytvpqi5FWaDAS_bhTFopubouKACJwPDNpIEI8NILjgk2c9EWXPp.8GIhOFd 7gCvkY3MpTdcNF87vZPDosAW1bb_BNGbAkD5ahaI0ajH0oCYbZMj.u2rVbEcq.0tgIWlcjWRhDPY ScAFG8Bm_YXvJNcTtKEeqc1wP6IgDJYN8IbtsMQRqZkuJbWpXnmlqiSba0kGM8l63ovKhKK.H6oh QZAp1_rmlqUFSlOeqntxsTKr_3eQGrAs_Uj7udon8GYXTpuvj9AQxnZd5qwsYwCQd00JeoNY5DEc egKrob65lZWfej9EfPbladiGb9Hekkw0rI9TKWrFcSesLiaB6kUYoF.7fOQKrC.5MMxbJVrKuJhy V61GDkvhbAa0zxK13jo3tIVOPRPFi.qmHevVbGjL3cyp.pq5YkF9p18X8FaC7HcQYmj3pWHs2xLD 2wr6peMiz.XCRUtQiZKRUWS1WFcr9V9uqyvqAOw3yvWiu7Rbc_xcSzQ--
X-Sonic-MF: <reshad@yahoo.com>
X-Sonic-ID: dd2da451-ec3b-4cc8-b471-d2e8d9533757
Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Sat, 10 Feb 2024 14:36:13 +0000
Date: Sat, 10 Feb 2024 14:36:10 +0000
From: Reshad Rahman <reshad@yahoo.com>
Reply-To: Reshad Rahman <reshad@yahoo.com>
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
Message-ID: <695979314.412042.1707575770269@mail.yahoo.com>
In-Reply-To: <538545949.3733255.1707345433229@mail.yahoo.com>
References: <336054A1-4729-446B-BE73-832650B75BED@pfrc.org> <189423773.3335904.1707238309952@mail.yahoo.com> <955C0C79-FCB3-4FFA-AFA9-C43697E08927@pfrc.org> <1060883557.3646248.1707326519734@mail.yahoo.com> <6E4A650D-49BB-4164-83CA-1D02ABA3E6BD@pfrc.org> <1364271043.3638553.1707328102005@mail.yahoo.com> <FCF00A96-9383-4CD3-90A9-DC90F6706CFF@pfrc.org> <538545949.3733255.1707345433229@mail.yahoo.com>
Subject: Re: Attacking BFD with NULL auth
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_412041_745884427.1707575770267"
X-Mailer: WebService/1.1.22077 YMailNorrin
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/zYlVqLEoxVgKral4qHyouedibpE>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Feb 2024 14:36:16 -0000
Jeff, authors,
If NULL auth cannot be used for opt auth, does it belong in the bfd-stability doc instead? I don't recall if this was brought up.
So looking at the current text in -14:
Once the session has reached the Up state, the session can choose the
Auth Type to be one of:
* No authentication, i.e., Authentication Present (A-bit) is zero.
Having no authentication provides computational relief to the
system. However, a malicious user can blindly inject traffic that
will be accepted by the BFD session.
The paragraph above needs to be updated as per Jeff below.
* NULL Auth Type (Section 3) as defined in this document. This type
prevents blind injection, but is vulnerable to active attacks,
where the attacker is aware of the sequence number, and
potentially becomes the PITM. However, periodic check with
stronger authentication can thwart that attack as described below.
The paragraph above needs to be removed and we need to mention somewhere why NULL auth cannot be used for opt-auth.
* Meticulous Keyed ISAAC authentication as described in Secure BFD Sequence Numbers [I-D.ietf-bfd-secure-sequence-numbers]. This authentication type prevents the attack when the Up packets do not change, because only the paired devices know the shared secret, key, and sequence number to select the ISAAC result.
Regards,Reshad.
On Wednesday, February 7, 2024, 05:37:20 PM EST, Reshad Rahman <reshad=40yahoo.com@dmarc.ietf.org> wrote:
"Thus, if we're in no-auth, injecting anything other than "I'm still up!" gets ignored. You can keep the session up, but you can't change parameters or take the session down. State changes require strong auth anyway."
Ah right, I forgot about that. I think the text you're referring might be in section 1 now, at least part of it.
Regards,Reshad.
On Wednesday, February 7, 2024, 12:59:13 PM EST, Jeffrey Haas <jhaas@pfrc.org> wrote:
On Feb 7, 2024, at 12:48 PM, Reshad Rahman <reshad@yahoo.com> wrote:
Jeff,
"No authentication also thus means you can't attack the system by sending a sequence number".
I agree. But you don't need a seq number with no auth, you just attack by sending a packet to take the session down. That's why I still view NULL auth as (slightly) better than no auth.
I think I see the problem. At some point in the github merges, we lost text that effectively asserts that in the Up state, you cannot change the BFD control packet contents excluding the auth section without flipping to the strong auth mode.
Basically:If state is Up: If authentication is Optimized mode: Validate authentication, if any, and discard on fail. Validate control packet contents have not changed. We are still Up and haven't been convinced to change BFD parameters.
Thus, if we're in no-auth, injecting anything other than "I'm still up!" gets ignored. You can keep the session up, but you can't change parameters or take the session down. State changes require strong auth anyway. The clarification is we don't let other parameters get tweaked because portions of the 5880 state machinery didn't require either a state change or a poll sequence to happen.
I'll open a github issue to track this point.
I see also that we have some zombie text:"Implementations supporting this feature will send BFD packets with authentications that always carry a meticulously increasing sequence number. This meticulously increasing sequence number prevents replay attacks"
Since we're deciding to support no-auth, this sentence is wrong. I'll pen a second issue.
-- Jeff
- Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth John Scudder
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Jeffrey Haas
- Re: Attacking BFD with NULL auth Reshad Rahman
- Re: Attacking BFD with NULL auth Reshad Rahman