[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?



On 4 nov 2003, at 14:28, Erik Nordmark wrote:

No, this is no good at all. In multihoming, when a line goes down it
may not come back up again. Ever.

Yes, but a weak verification can be converted to a strong verification
at any time by invoking the strong verification mechanism (be it DNS
or CBID-based).

Why not go for the strong stuff immediately?


This is susceptible to a "man listening at the sidelines" attack.

You mean somebody which is on the path and can see the content of packets, but
is unable to prevent packets from being deliverd on the correct path?

Yes.


That's a relatively common capability.

Do you have examples where seeing the content of packets is possible or
significanty easier than also being able to supressing the delivery of
packets or modifying the packets?

Wireless networks are a good example. Many switches provide monitoring capabilities and fibers are not that hard to sniff. So someone with physical access can look at the traffic with relative ease. However, in order to block selected packets the attacker needs to redirect traffic or install equipment in the middle. I suppose that's doable on wireless lans but not so much when tapping into existing monitoring capabilities.


However, we can do better than
this with by adding some hashing and gradual release of previously
secret information. This is only susceptible to actual man in the
middle attacks, but then so is everything else, as a MITM can always
blackhole traffic if nothing else.

Good point.
One can do a limited length hash chain and reveal it in reverse
reverse order as an improvement. If the chains are short enough (length 10?)
the cost of creating them might not be that significant; just run MD5 (or SHA1)
10 times. Should the chain run out, then one can fallback to the stronger
verification.

Or use the last step to authenticate a new one.