[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: addition of TLV to locator ID or locator ID set

To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: addition of TLV to locator ID or locator ID set
From: Paul Jakma <paul@clubi.ie>
Date: Mon, 3 Oct 2005 09:42:00 +0100 (IST)
Cc: shim6-wg <shim6@psg.com>, Brian E Carpenter <brc@zurich.ibm.com>, Spencer Dawkins <spencer@mcsr-labs.org>, Erik Nordmark <erik.nordmark@sun.com>
In-reply-to: <952e6116b66282481d0589f3e82e465c@it.uc3m.es>
Mail-copies-to: paul@hibernia.jakma.org
References: <Pine.GSO.4.20.0509221614300.28499-100000@meno.corp.us.uu.net> <Pine.LNX.4.63.0509230228280.3483@sheen.jakma.org> <433986D8.1080603@zurich.ibm.com> <Pine.LNX.4.63.0509281225470.3722@sheen.jakma.org> <599A3AB3-F21C-4E51-B705-101AC56DA569@tony.li> <EBB90B1D-5643-4CB7-BA1F-3701ADABC011@muada.com> <35E4CEA9-5D03-4F52-8394-E8E74B08F670@tony.li> <01a901c5c479$40af14b0$8b010a0a@china.huawei.com> <433BCDCD.2020401@zurich.ibm.com> <Pine.LNX.4.63.0509291332290.3722@sheen.jakma.org> <433C2B37.106@sun.com> <Pine.LNX.4.63.0509302106470.11479@sheen.jakma.org> <1b0d973b0bf507b3e238adfbc0f04725@it.uc3m.es> <Pine.LNX.4.63.0510021632580.11479@sheen.jakma.org> <952e6116b66282481d0589f3e82e465c@it.uc3m.es>

On Sun, 2 Oct 2005, marcelo bagnulo braun wrote:

there is no public key in HBA... there is public key in CGA though(and in hybrid CGA/HBA)


Hybrid being required to support renumbering events, right?

However there is no security issues with CGA public keydistribution because the CGA is intrinsically bound to the publickey, so it is extrmely hard to find a different public key that isbound to a given CGA


Sure.

the HBA addresses are intrinsically bound to the prefix set, sothere is no leap of faith involved in the usage of HBA (nor in CGA)as opposed to opportunistic IPSec
HBA addresses are bound to a given prefix set i.e. the addresses ofa given HBA set are bound together and this cannot be easilyforged. In the same way, the CGA is bound to a public key andcannot be easily forged.

Sure, so it proves the packet was constructed correctly, at least theassociation of the outer locator prefix to the inner ULID. Thisdoesn't prove anything about who sent the packet though, does it?

It seems vulnerable to injection attacks (unless you assume routingis secured in some way, eg RPF everywhere, but that still leaves a anattacker who is on-link or MITM able to inject packets. Further,operational experience shows this to be a dangerous assumption torely on).

HBA seems a way to detect quite fraudulent packets (invalid binding),it doesn't seem (to me) to be a way to assure a received packet camefrom where the binding claims it did.

As i mentioned above, there is no leap of faith in HBA/CGAsecurity,

while it does exists in oportunistic IPSec. Actually, the nicething about CGA/HBA is that they do provide a quite continuosprotection and don't need to trust in the information exchangedduring the initial contact, preventing the so-called future or timeshifted attacks


I'm not quite sure that's true:


A-----B D ---E
      | |
     -----
      |
      C

For whatever operational reasons C is able to send packets with thesame source prefix as A, it /might/ also able to able to observe thepackets sent by E to A.

C can, at a minimum, play havoc with any shim mapping on E relevantto A, if the only security is HBA and the shim protocol is stateless(without having to observe packets obviously). If the shim protocolis not stateless, eg through use of some sequence number, then it can(without observation) possibly deny A from speaking to E by settingup shim6 negotiation in advance of A doing so (A's shim6 controlpackets then might be rejected, due to wrong state) if E assumes thatfor a given valid HBA future state will match. With observation, Ccan likely play further havoc.

Attacks requiring no observation likely would work regardless where Cis located..

Obviously, we don't know yet what the shim6 protocol will be. But Idon't think it can assume very much about security just because HBAchecks out..

The problem is not key exchange, is the binding between theidentifier and the key. for example you could use the key of theCGA in IPSec, (actually, HIP is basically what it does) and wecould use AH and ESP formats here for securing the shim protocol,no problem with that. The point is how do we make sure that the keyused in IPSec corresponds to the identifier we are using and not toan attacker


I don't see what prevents an attacker constructing the same HBA.

If you rely solely on HBA validation then Shim would be vulnerable toinjection attacks. If you add further state to the Shim protocol todefeat blind injection attacks, then you'll be open to same anonymousstate DoSes as anonymous IPSec. (In which case you might as well haveused IPSec).

right, how do you bind the key used in IPSec with the ULPidentifier used in the shim?

Well, why is this required exactly? I don't think it provides thatmuch security (just a modicum of anti-spoofing protection).

how to perform the binding between the ULP identifier and the keyused in IPSec

You don't have a secure binding though, unless you assume IPv6routing is to be completely secured before shim6 deployment and madeimmune to injection (unlikely).


regards,
--
Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
Fortune:
UFOs are for real: the Air Force doesn't exist.

Follow-Ups:
- Re: addition of TLV to locator ID or locator ID set
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- Re: addition of TLV to locator ID or locator ID set
  - From: "Jason Schiller (schiller@uu.net)" <jason.schiller@mci.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- Re: addition of TLV to locator ID or locator ID set
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- Re: addition of TLV to locator ID or locator ID set
  - From: Tony Li <tony.li@tony.li>
- Re: addition of TLV to locator ID or locator ID set
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Tony Li <tony.li@tony.li>
- Re: addition of TLV to locator ID or locator ID set
  - From: "Spencer Dawkins" <spencer@mcsr-labs.org>
- Re: addition of TLV to locator ID or locator ID set
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- Re: addition of TLV to locator ID or locator ID set
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- Re: addition of TLV to locator ID or locator ID set
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: addition of TLV to locator ID or locator ID set
  - From: Paul Jakma <paul@clubi.ie>
- Re: addition of TLV to locator ID or locator ID set
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: Re: addition of TLV to locator ID or locator ID set
Next by Date: Re: addition of TLV to locator ID or locator ID set
Previous by thread: Re: addition of TLV to locator ID or locator ID set
Next by thread: Re: addition of TLV to locator ID or locator ID set
Index(es):
- Date
- Thread