[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: additional attack for multi6 threat draft?

To: mbagnulo@ing.uc3m.es
Subject: Re: additional attack for multi6 threat draft?
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Mon, 08 Dec 2003 17:20:00 +0900
Cc: multi6@ops.ietf.org
In-reply-to: <LIEEJBCNFDJHFFKJJDPAEECADHAA.mbagnulo@ing.uc3m.es>
References: <LIEEJBCNFDJHFFKJJDPAEECADHAA.mbagnulo@ing.uc3m.es>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

marcelo;

long as the acquired authorization information is valid.
Yes, it is a MITM.

in THIS case, is MiTM for a limited period of time.

In this case and in other cases, yes.

but in other cases, you may not even need to be a MiTM
For instance if you don't do any type of verification of the identity.

An invalid example.

On the Internet, RR based verification is MUST, which has nothing
to do with M6, which is why I said you need security threat draft
on the plain Internet today.

OTOH, i really don't see how a MiTM can steal an identity when you are using
SIM, for instance. I mean, the identity is the hash of the public key, so
the only way to fake the identity would be to be capable of generating the
private key... so i don't see how the MiTM could ever do this?


I assume you know well about marrige theory or birthday attack. So,
if you are serious on security, hash should be 128 bit long of MD5,
at least, though some people insist that MD5 is insecure and it
should be 160 bit long of SHA.

So, let's assume that the hash is 128 bit long.

Note that the hashed value is psuedo random.

The direct conclusion is that no one can memorize or type a psuedo
random 32 hexadicimal value.

That is, no human being identify hosts by 128 bit or longer hash
value.

So, what are you saying "the only way to fake the identity"?

Can't you just say "DNS"?

Note also that, on the public Internet, please don't assume that
you locally have all the hash values of public keys of hosts
you want to communicate. Or, you can assume that you locally
have all the public or shared keys of all the hosts. With the
shared keys, just use IPsec or something like that.

As a MITM, an attacker can, for example, contaminate DNS cache for
persistent effect.

Well, there is a little difference here...

As i mention, in the case that i am considering is the attacker the ones
that decides when the state is generated in the victim, so the attacker can
choose the moment that it is easier for him to do this.
In the DNS case, the attacker has to wait for the DNS query and intercept
it. So the attacker doesn't select the moment of the attack, it has to wait
the right moment


An attacker can control when state is generated in a victim, if
the attacker initiate communication with the victim and if the
state is not already cached.

In the DNS case, state is generated in a victim as a result of
DNS query. The DNS is queried when communication is initiated.

In the DNS case, an attacker can control when state is generated
in a victim, if the attacker initiate communication with the
victim and if the state is not already cached. The attacker does
select the moment of the attack.

Masataka Ohta

Follow-Ups:
- RE: additional attack for multi6 threat draft?
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

References:
- RE: additional attack for multi6 threat draft?
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: Re: Terminology [Re: Some Comments on ID/Loc Separation Proposals]
Next by Date: Re: Terminology [Re: Some Comments on ID/Loc Separation Proposals]
Previous by thread: RE: additional attack for multi6 threat draft?
Next by thread: RE: additional attack for multi6 threat draft?
Index(es):
- Date
- Thread