[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue 7: Message Authenticator

To: radiusext@ops.ietf.org
Subject: Re: Issue 7: Message Authenticator
From: Bernard Aboba <aboba@internaut.com>
Date: Sat, 11 Dec 2004 14:33:21 -0800 (PST)

Avi Lior said:

"Based on the comments received on this issue.
-It is important to have some sort of authenticator.
-Message Authenticator(80) is not busted - HMAC-MD5
-Digest Authentication is based on MD5 anyway.

I propose that we make Message-Authenticator(80) mandatory to protect the
Access-Requests."

I think you're making the case that improving the security beyond
MD5/Message-Authenticator is a bigger project than can be taken on in this
document, given the completion dates envisaged by 3GPP2 (e.g. yesterday).

Part of the issue is defining the goals of a more extended effort.  So
far, the goal that has been most mentioned is to enable RADIUS to achieve
FIPS compliance.  However, that is not a short-term goal since NIST has
not provided us with a list of required changes to RADIUS.  It is
conceivable that achieving FIPS certification for RADIUS might require
the removal of all MD5 usage from the RADIUS protocol (including zero'ing
out of the Response Authenticator field), and definition
of new authentication mechanisms and attributes for not involving MD5.

Those changes would in turn bring up backward compatibility issues which
would take some time to resolve.  So it's hard to get a handle on the
work required to achieve FIPS compliance at this time, although it
could be quite substantial.

In the meantime, are you saying that the Message-Authenticator attribute
MUST be included in any message (Request, Challenge, Accept/Reject) containing
attributes defined in this document, and that a RADIUS client or server
receiving a message with the attribute MUST check it and MUST silently discard
a packet that fails the check?

I'm ok with this, assuming that the appropriate text can be developed and
posted.  It might help to cite RFC 3579 text relating to
Message-Authentocator.   For example, in Section 3.1:

"     Therefore the Message-Authenticator attribute MUST be used to
      protect all Access-Request, Access-Challenge, Access-Accept, and
      Access-Reject packets containing an EAP-Message attribute.

      Access-Request packets including EAP-Message attribute(s) without
      a Message-Authenticator attribute SHOULD be silently discarded by
      the RADIUS server.  A RADIUS server supporting the EAP-Message
      attribute MUST calculate the correct value of the
      Message-Authenticator and MUST silently discard the packet if it
      does not match the value sent.  A RADIUS server not supporting the
      EAP-Message attribute MUST return an Access-Reject if it receives
      an Access-Request containing an EAP-Message attribute.

      Access-Challenge, Access-Accept, or Access-Reject packets
      including EAP-Message attribute(s) without a Message-Authenticator
      attribute SHOULD be silently discarded by the NAS.  A NAS
      supporting the EAP-Message attribute MUST calculate the correct
      value of the Message-Authenticator and MUST silently discard the
      packet if it does not match the value sent."

Section 3.2:

"3.2.  Message-Authenticator

      This attribute MAY be used to authenticate and integrity-protect
      Access-Requests in order to prevent spoofing.  It MAY be used in
      any Access-Request.  It MUST be used in any Access-Request,
      Access-Accept, Access-Reject or Access-Challenge that includes an
      EAP-Message attribute.

      A RADIUS server receiving an Access-Request with a
      Message-Authenticator attribute present MUST calculate the correct
      value of the Message-Authenticator and silently discard the packet
      if it does not match the value sent.

      A RADIUS client receiving an Access-Accept, Access-Reject or
      Access-Challenge with a Message-Authenticator attribute present
      MUST calculate the correct value of the Message-Authenticator and
      silently discard the packet if it does not match the value sent.

      This attribute is not required in Access-Requests which include
      the User-Password attribute, but is useful for preventing attacks
      on other types of authentication.  This attribute is intended to
      thwart attempts by an attacker to setup a "rogue" NAS, and perform
      online dictionary attacks against the RADIUS server.  It does not
      afford protection against "offline" attacks where the attacker
      intercepts packets containing (for example) CHAP challenge and
      response, and performs a dictionary attack against those packets
      offline."

BTW, I should also mention that the document is missing the traditional
"Table of Attributes" which states what packets various attributes can be
included in.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue 7: Message Authenticator
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: Request for Review: RFC 3576 MIBs
Next by Date: Re: Issue 7: Message Authenticator
Previous by thread: Request for Review: RFC 3576 MIBs
Next by thread: Re: Issue 7: Message Authenticator
Index(es):
- Date
- Thread