[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: additional attack for multi6 threat draft?

To: mbagnulo@ing.uc3m.es
Subject: Re: additional attack for multi6 threat draft?
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Sun, 07 Dec 2003 08:27:45 +0900
Cc: multi6@ops.ietf.org
In-reply-to: <LIEEJBCNFDJHFFKJJDPAIEALDHAA.mbagnulo@ing.uc3m.es>
References: <LIEEJBCNFDJHFFKJJDPAIEALDHAA.mbagnulo@ing.uc3m.es>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

marcelo;

for a short period of time that attack can be successful)
MITM can do almost anything, of course.

Well, this is not striclty related with MiTM attack, but with redirection
for future usage, let me try to explain.

X on the same shared link as A is a specific form of MITM.

If ip addresses are used as identifiers (as in the case of mip), return
routability can be used to verify the identity.
the problem in this case, is that the attacker can play as a MITM for a
*limited* period of time and manage to beat the verification mechanism as
long as the acquired authorization information is valid.

Yes, it is a MITM.

As a MITM, an attacker can, for example, contaminate DNS cache for
persistent effect.

This implies that return routability cannot be used to protect from this
attacks, since this allows transient MITM to achieve the same effect of
permanent MITM, which IMHO is bad.

It is merely that RR can not be a protection against MITM.

That is a generic statement.

So, the proposed attack is not really related with MITM, but is more generic

The attack is a specific, not generic, form of MITM attack.

However, transient MITM can manage to launch this attack when some specific
solution (such as return routability) are used (during the lifetime of the
verification information in the attacked node)

DoS is so easy.

DoS by MITM is totally destructive that almost no security
mechanism works.

If you don't assume PKI, MITM will invalidate both cookies and
public key cryptographic technologies including but not limited
to DH.

If you assume PKI, compromised CAs are virtually MITM that there
is no real added security. ISPs are as realiable as CAs that there
is no point on relying on PKI instead of RR. It should also be noted
that, lacking cook protection, DoS effect of computationally
expensive public key cryptography is fatal.

In either case, attack by transient MITM at the time of initial
cryptographic computation (with DH or PKI) will be effective
for the lifetime.

The only meaningful protection is by having common secret in advance
and althenticate all the packets, though the approach does not scale.

So far, nothing is mult6 specific.

Masataka Ohta

Follow-Ups:
- RE: additional attack for multi6 threat draft?
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

References:
- RE: additional attack for multi6 threat draft?
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: Re: Terminology [Re: Some Comments on ID/Loc Separation Proposals]
Next by Date: RE: additional attack for multi6 threat draft?
Previous by thread: RE: additional attack for multi6 threat draft?
Next by thread: RE: additional attack for multi6 threat draft?
Index(es):
- Date
- Thread