Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
jouni korhonen <jouni.nospam@gmail.com> Tue, 30 August 2011 13:06 UTC
Return-Path: <jouni.nospam@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630F221F8AF2; Tue, 30 Aug 2011 06:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbBNcSIrHqHt; Tue, 30 Aug 2011 06:06:28 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1063321F8AD6; Tue, 30 Aug 2011 06:06:27 -0700 (PDT)
Received: by bkar4 with SMTP id r4so6073469bka.31 for <multiple recipients>; Tue, 30 Aug 2011 06:07:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=dwyPfAuiu1BUjhAln176uONmDz1jxgf87tMhTErYwUM=; b=qaBTG2e0prxTzcJ7+wIRxRkoz0LTrpVkpBvBhE4ejyVuqFTBWz4wDHGPNsC8MKR6pu b20nzycMIH0SLdJWeEWCGy5nxCbvZW7/MebOcUwxRSkhhUWzG0z4z4QBiVfFS8kryC5c GhsSiKB/mSQ9mj1yclIDrYGKTFij5CGifTh7s=
Received: by 10.204.128.67 with SMTP id j3mr84387bks.71.1314709674344; Tue, 30 Aug 2011 06:07:54 -0700 (PDT)
Received: from a88-112-142-200.elisa-laajakaista.fi (a88-112-142-200.elisa-laajakaista.fi [88.112.142.200]) by mx.google.com with ESMTPS id n11sm18385bkd.14.2011.08.30.06.07.51 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 30 Aug 2011 06:07:52 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <4E5CCEF5.1020303@cs.tcd.ie>
Date: Tue, 30 Aug 2011 16:07:49 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <9CCF3C81-D31A-40F6-80E8-3567E4E7E88E@gmail.com>
References: <CA7AE8B2.C2F68%mundy@sparta.com> <6425C318-F3AB-4321-A238-2828F43580E0@gmail.com> <4E5CCEF5.1020303@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1084)
Cc: secdir@ietf.org, draft-ietf-v6ops-3gpp-eps.all@tools.ietf.org, iesg@ietf.org, Russ Mundy <mundy@sparta.com>
Subject: Re: [secdir] secdir Review of draft-ietf-v6ops-3gpp-eps
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Aug 2011 13:06:29 -0000
Stephen, Thanks for picking up the nits. And yes, I would push out a new version with the additional security consideration text below, *if* folks think it is worth having it there. And for prohibiting the use of IMSI/MSISDN (or any "3GPP identity") as the IID, the reference would be Section 5.3.1.2.2 of [TS.23401]. - Jouni On Aug 30, 2011, at 2:52 PM, Stephen Farrell wrote: > > Hi Jouni, > > Just checking - do you intend to push out a new version with this > included before the telechat next week? > > A few nits below as well. > > Ta, > Stephen. > > On 08/25/2011 11:50 AM, jouni korhonen wrote: >> Russ, >> >> Thanks for the review. You are echoing the same thing as the most in IESG. I crafted a bit of text that could be put into the security considerations section. I don't know if this would be enough. >> >> - JOuni >> >> ---- >> >> >> In 3GPP access the UE and the network always perform a mutual >> authentication during the network attachment [TS.33102][TS.33401]. >> Furthermore, each time a PDP Context/PDN Connection gets created, >> a new connection, a modification of an existing connection and >> an assignment of an IPv6 prefix or an IP address can be authorized >> against the PCC infrastructure [TS.23203] and/or PDN's AAA server. >> >> The wireless part of the 3GPP link between the UE and the (e)NodeB >> as well as the signaling messages between the UE and the MME/SGSN >> can be protected depending on the regional regulation an operator >> deployment policy. User plane traffic can be confidentially > > s/confidentially/confidentiality/ would be better. > > If you can add references as to how that can be achieved that > would also be good. > > The same points apply for the control plane I guess. > >> protected. The control plane is always at least integrity and >> replay protected, and may also be confidentially protected. The >> protection within the transmission part of the network depends >> on the operator deployment policy. >> >> Due the nature of 3GPP point-to-point link model, the UE and the >> first hop router (PGW/GGSN or SGW) are the only nodes on the link, >> which mitigates most of the known on-link attacks. For off-link IPv6 >> attacks the 3GPP EPS is as vulnerable as any IPv6 system. There has > > s/has/have/ > >> also been concerns that UE IP stack might use permanent subscriber > > s/UE IP stack/the UE IP stack/ > >> identities, such as IMSI and MSISDN, as the source for IPv6 address >> Interface Identifier. This would be a privacy threat and allow >> tracking of subscribers, and therefore use of IMSI and MSISDN as the >> Interface Identifier is prohibited. However, there is no standardized >> method to block such misbehaving UEs. > > Prohibited by whom? Maybe add a reference? > >> >> >> >> >> [TS.33102] >> 3GPP, "3G Security; Security architecture", >> 3GPP TS 33.102 10.0.0, December 2010. >> >> >> [TS.33401] >> 3GPP, "3GPP System Architecture Evolution (SAE); >> Security architecture", 3GPP TS 33.401 10.1.1, >> June 2011. >> >> On Aug 25, 2011, at 12:43 AM, Russ Mundy wrote: >> >>> >>> I have reviewed this document as part of the security directorate's ongoing >>> effort to review all IETF documents being processed by the IESG. These >>> comments were written primarily for the benefit of the security area >>> directors. Document editors and WG chairs should treat these comments just >>> like any other last call comments. >>> >>> While I do agree with the factual correctness of the Security Considerations >>> section (the document does not _introduce_ any security related concerns), >>> the support for IPv6 in 3GPP networks described in document certainly does >>> have a number of security concerns. Some obvious examples, use of DHCP >>> based address management and access control/authorization of the PDN >>> Connection (shown in Figure 8). Although these and other security issues >>> are likely addressed in various other documents, it would be useful to make >>> a definitive statement to that effect in the Security Considerations >>> section. It would be even more useful if some more specific references were >>> to be included in parts of the document that clearly deal with security >>> issues such as address management and access control and authorization. >>> >>> >>> Russ Mundy >>> >>> >>> >>> >>> >>> >> >>
- [secdir] secdir Review of draft-ietf-v6ops-3gpp-e… Russ Mundy
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Stephen Farrell
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Stephen Farrell
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… jouni korhonen
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Ronald Bonica
- Re: [secdir] secdir Review of draft-ietf-v6ops-3g… Russ Mundy