Re: [saag] time to authenticate dhcp?

I think that this particular conversation has gone from problem to solution to quickly. Or rather we skipped straight from an attack to a patch to defeat that one attack.

I think Steve was right to ask the question whether we should think about DHCP security. But we should do that by thinking about the security properties we rely on from DHCP and might want to rely on in future.

In particular I think that we could do to think in terms of a secure handshake for a client connecting to a WiFi node. Should we be putting the security in the DHCP layer or somewhere else? Should a DHCP handshake in Panera be equivalent to a DCHP handshake on a home network?

What assets are involved here? What are the intrinsic risks that affect those assets? Lets start thinking about the security of the systems that a user is engaged in, not just ad hoc patches to fix one attack.

-----Original Message-----
From: saag-bounces@ietf.org on behalf of Michael Richardson
Sent: Mon 12/8/2008 8:27 PM
To: Steven M. Bellovin
Cc: saag@ietf.org
Subject: Re: [saag] time to authenticate dhcp?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Steven" == Steven M Bellovin <smb@cs.columbia.edu> writes:
    Steven> But how, in a public setting?  How can "Steve" (to use the
    Steven> name from the article) *realistically* tell his laptop the
    Steven> proper public key to expect?

  He can't until he is online to look it up.  Naming it is easy.

  Once online, he can confirm it.  What key?  Why a DHCPKEY(tbd) or
perhaps a DNSKEY in the in-addr.arpa for the DHCP server's IP. 
  See www.wavesec.org.

  Also see
     http://www.sandelman.ca/SSW/ietf/dhc/draft-richardson-dhc-auth-sig0-00.txt

  which never got enough enthusiam to bother going forward (nor enough
cycles from the freeswan team)

  Note that given a trusted anchor for in-addr.arpa (whether signed .,
or DLV for in-addr.arpa, or whatever), you can confirm key.  If your
local DNS cache is not empty, you may already be able to authenticate
it.
  If the machine doing a MITM on your DHCP server is doing such a good
job of emulating the rest of the Internet that things check out, then I
would suggest that you really are on the Internet :-)

  Note that of course, this completely fails when your DHCP server is
192.168.1.1.   Is there some way to use the outer IP of the router in
the cafe?  

  But, if you postulate IPv6, you might as well postulate SEND as well.

  As far as I can tell, this "DNSChanger", "DHCPChanger" attack is
completely untouched by using 802.1x/WPA/WPA2 "security", because the
layer3 is not bound (as in channel bound) to the layer2 security.

- -- 
]      Y avait une poule jammer dans le muffler!!!!!!!!!        |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBST3Ji4CLcPvd0N1lAQJn/Af/RuJWzBQfJYml9d9wHVs2ur3caJ9K1ISJ
ps+zHKKYfFkw0KDDk+a3Km62xNlF7Lf7fPoZ+u4t20u6GobuJeR3NGZTOGYbjHsK
UDduBVi/I9vEXZBd9k/tunqw89c4lGqQN7XbORq+vbLLUWmcdsnYwaMAFPI3jhZp
ma7hYnX+7Vfg+5zNYtMqkhhFXfF6pbeQeu9HtpHcdEex/lTWlnCUpE3Qjb4BLlG8
ymPNA9cgpwFlWUgi7oZ6KHZ2K1Nro0tuIqLtllstR/e1RQHz6owOsHOLYVjql40i
kkcwU4/tgjW8I3hBxckvPzc+29ipsB8UN7NO3qJu1YYKEF4h+qDvrQ==
=fPHj
-----END PGP SIGNATURE-----
_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag