Re: SNMPv2 security
"Sath. Nelakonda" <sath@lachman.com> Tue, 01 February 1994 18:07 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa08983; 1 Feb 94 13:07 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa08979; 1 Feb 94 13:07 EST
Received: from [192.94.214.100] by CNRI.Reston.VA.US id aa12766; 1 Feb 94 13:07 EST
Received: by relay.tis.com; id AA15558; Tue, 1 Feb 94 12:34:58 EST
Received: from magellan.tis.com(192.33.112.124) by relay via smap (V1.0mjr) id sma015541; Tue Feb 1 12:33:56 1994
Received: from magellan.tis.com by magellan.TIS.COM id aa00459; 1 Feb 94 12:31 EST
Received: from sol.tis.com by magellan.TIS.COM id aa00455; 1 Feb 94 12:25 EST
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA03115; Tue, 1 Feb 94 12:25:19 EST
Received: by relay.tis.com; id AA15421; Tue, 1 Feb 94 12:25:53 EST
Received: from laidbak.i88.isc.com(128.212.64.5) by relay via smap (V1.0mjr) id sma015412; Tue Feb 1 12:25:26 1994
Received: from ra.i88.isc.com by laidbak.i88.isc.com with SMTP (5.65/isc-mail-gw/2/23/93) id AA25613; Tue, 1 Feb 94 11:25:09 -0600
Received: from laither.i88.isc.com by ra.i88.isc.com (4.1/SMI-4.1) id AA03309; Tue, 1 Feb 94 11:25:06 CST
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "Sath. Nelakonda" <sath@lachman.com>
Message-Id: <9402011725.AA03309@ra.i88.isc.com>
Subject: Re: SNMPv2 security
To: Julie Tarr <tarr@itd.nrl.navy.mil>
Date: Tue, 01 Feb 1994 11:24:00 -0600
Cc: snmp@psi.com, snmpv2@magellan.tis.com
Reply-To: sath@lachman.com
In-Reply-To: <9402011622.AA00610@itd.nrl.navy.mil> from "Julie Tarr" at Feb 1, 94 11:22:24 am
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Length: 1863
> In order for the cryptanalysis to have the data to crack the keys, he must > already selectively capture traffic going to/from that agent. The XOR scheme > does not make his job significantly harder. It gives him unlimited time > in which to crack the code. > > Also note that, as someone else in this discussion group has already pointed out, > the XORed key change message is vulnerable to replay attack. If an attacker replays > a key change message within the window of oppportunity provided by the message lifetime, > then the replayed message will change the keys back to the old key. That is, > the manager sends to the agent (Kold XOR Knew) . The agent calculates > Kold XOR (Kold XOR Knew) to produce Knew and changes its key to Knew. If the > agent receives a replay of this key change message, it will calculate > Knew XOR (Kold XOR Knew) to produce Kold and change the key back to Kold. The > agent will send a confirmation of this change back to the manager, so the manager > will be aware that an attacker has tampered with the system. However, how is Not necessarily. It may very well be a duplicate response. But then that doesn't make the life of the manager any simpler. Everytime it receives a duplicate response, it has to "worry". It is always a good idea to set _another_ object (similar to snmpSetSerialNo) in the same PDU as partyAuthPrivate so that if the response is lost or a duplicate one is received, it can check this other object's value (with a get) and it can also prevent a replay described above. > the manager going to reset the key? If it tries to send another XOR key change > message, the attacker can simply repeat this procedure. > > Note that this replay attack is relatively simply to perform, it only requires > good timing. > > Julie > Sathyender. sath@lachman.com
- Re: SNMPv2 security Frank Kastenholz
- Re[2]: SNMPv2 security cyoung
- Re: SNMPv2 security Frank Kastenholz
- Re: SNMPv2 security Frank Kastenholz
- Re: SNMPv2 security uri
- Re: SNMPv2 security uri
- Re: SNMPv2 security Frank Kastenholz
- Re: SNMPv2 security Julie Tarr
- Re: SNMPv2 security Keith McCloghrie
- Re: SNMPv2 security Julie Tarr
- Re: SNMPv2 security Sath. Nelakonda
- Re: SNMPv2 security michael (m.) sam chee