Re: [v6ops] [EXTERNAL] Re: Improving ND security

["Templin (US), Fred L" <Fred.L.Templin@boeing.com>]

Thanks for your opinion, Ed, but it does not apply for the OMNI use case because
the keys only need to be known to a fixed (and finite) set of Servers which can
keep in sync via a shared filesystem. Again, if anyone can speak to the security
of RFC4380 in relation to SEND/CGA *within this context* I would be interested.

Fred

From: Vasilenko Eduard [mailto:vasilenko.eduard@huawei.com]
Sent: Monday, August 03, 2020 8:38 AM
To: Templin (US), Fred L <Fred.L.Templin@boeing.com>; Pascal Thubert (pthubert) <pthubert@cisco.com>
Cc: v6ops list <v6ops@ietf.org>; 6man <ipv6@ietf.org>
Subject: Re: Improving ND security

IMHO: Forget about Authentication – it would not fly.
Any Authentication would need to possess a key against every neighbor.

The same RFC that you mentioned: “The receiver deems the authentication successful if the two values match.”
PKI is the best place for key materials (and much more). But only strict security requirements could push people to PKI complexity.

Compromise is needed between:

1.       Distributed database of SLAAC (6lo and SAVI are centralized)

2.       No complexity of key management (Authentication is out)

3.       Security that is possible in such circumstances (no “man-in-the-middle”, low pressure from DoS)
Full fix of all security problems are not possible.
If one would change (1) or (2) then it would be not SLAAC anymore.

Ed/
From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Templin (US), Fred L
Sent: 3 августа 2020 г. 17:23
To: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
Cc: v6ops list <v6ops@ietf.org<mailto:v6ops@ietf.org>>; 6man <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: [v6ops] [EXTERNAL] Re: Improving ND security

Here’s another think about SEND. RFC3971 SEND says that it works in conjunction with
Cryptographically Generated addresses (CGA) per RFC3972. But, CGAs are cumbersome
to work with as the source and destination addresses of IPv6 packets, and SEND hints
that it can be used without CGA but does not tell how to do so.

But then, RFC4380 offers a “poor-man’s” alternative to SEND/CGA. It places a message
authentication code in the encapsulation headers of IPv6 ND messages so that the
messages can pass a rudimentary authentication check. So someone with security
experience please help me out here – is RFC4380 authentication an acceptably
secure  replacement for SEND/CGA that might be easier to work with and less
cumbersome?

Thanks - Fred

From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Templin (US), Fred L
Sent: Friday, July 31, 2020 3:13 PM
To: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
Cc: 6man <ipv6@ietf.org<mailto:ipv6@ietf.org>>; v6ops list <v6ops@ietf.org<mailto:v6ops@ietf.org>>
Subject: RE: [EXTERNAL] Re: Improving ND security

Hi Pascal, see below:

A major attack vector is an external attacker sending packets to the 2^64 or so possible addresses in the subnet.
[>] Subnet?? As in, an on-link IPv6 prefix? The large NBMA link that I want to use SEND
on will not have any of those – link-local only.

The attack causes a denial of service at the router that MUST store one packet for one second and multicast a NS lookup, which multiplies the effect.
[>] Again, we are talking about different kinds of links; there will not be any sort of
multicast explosion on the NBMA link based on a router receiving a SEND-protected
IPv6 ND message.

The attack is easy to perform from the outside and send offers no protection.
[>] For the OMNI NBMA link, the process is based on a Client sending a SEND-protected
RS message to exactly one router. The router authenticates the RS before processing it
further, which may include returning a unicasted RA. No NCEs are created until the RS
has been authenticated, and no multicast storms are initiated.

The only clear protection is to know in advance all the addresses present in the network and drop the rest. GRAND offers a way to preset the ND cache which is better than nothing but it offers no guarantee that the router has the full set of addresses I. Cache. In fact the concept of a cache is dated from the days memory was scarce and expensive. This concept is not needed And rather harmful in modern networks.
[>] The OMNI routers are not going to require any kind of ND cache presets; they
simply establish NCEs upon receipt *and* authentication of good RS messages.

Thanks - Fred

Regards,

Pascal

Le 31 juil. 2020 à 19:49, Templin (US), Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> a écrit :

Hi Ted,

By “NM” I think you mean “Mobile Node?” That’s not really one of the use cases we’re talking about here. Or am I missing something?
[>]
Or, just call it a (mobile) “Stub-Network” – I think we are talking about the same
thing here.

In any case, you’re presuming some kind of trust establishment for non-router nodes, right? SEND only talks about trust establishment for routers. And, let’s be frank, doesn’t actually give us enough operational guidance that we would expect what _is_ said to be generally practicable.
[>]
OK, the specs I have been working dip their toes into the SEND pool but maybe they
should be updated to dive in completely? With an adoption call in progress, I don’t
know if it would be a good idea to make changes right now but be assured that it
will be added to the TODO list – would that be acceptable for now?

Thanks - Fred