[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006




El 19/07/2006, a las 22:30, Bound, Jim escribió:

I dont accept the threats in 4218 so that is a problem right there

we have identified the core issue i think, great!!

we have based the design of the shim6 security on the threats identified on RFC4218, so if you don't agree with those, we need to discuss those first and then move on to the security solutions (since they are direct consequence of the threats described there)

proabably we should even also consider the threats of MIP described in RFC4225 since RFC4218 is heavily based on this one...


But good we are making progress (at least in identifying the disagreement points)

regards, marcelo


but I will do that but that is more than just a quick response on email and need to go do proper analysis. I will respond to where we disagree too later ok. As I said email is not good for me now I keep changing my location :--).

thx
/jim

-----Original Message-----
From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
Sent: Wednesday, July 19, 2006 3:27 PM
To: Bound, Jim
Cc: Francis Dupont; shim6@psg.com; Pekka Savola; Iljitsch van Beijnum
Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006


El 19/07/2006, a las 20:10, Bound, Jim escribió:

Global PKI is not required for certificates that can be done with
pre-shared keys too or as we are doing with shim6 out-of-band
signaling.  If any here believe IPsec will not be used end-to-end
think again please it will.  Ipsec is totally possible and
I will not
repeat my mail on enclaves for end-to-end PKI as that is a
deployment
and systems integration implementation issue.


ok at this point it seems to me that we may start to
repeating ourselves, so at least let's try to identify where
do we disagree...

What i am saying is that:

- In order to use IPSec to protect the shim6 protocol (in
particular for providing a secure binding between identifier
and locators), there are two options: a) we use certificates
issued by a global PKI are needed in all shim6 peers or b) we
have preshared keys in all shim6 nodes

do you disagree with this statement?

I assume you do

if you disagree could you explain to me how would you protect
the shim6 protocol from the threats described in RFC4218?

in particular could you explain to me how would you protect
from the following attack:

Suppose that Alice and Bob work in the same office and that
Alice reads the local newspaper web page every morning at
www.localpress.com Now, suppose that tomorrow is Alice
birthday and since Bob has a crush on Alice, Bob wants to
make Alice believe that tomorrow local newspaper headline is
"Happy Birthday Alice".

In order to do that, Bob's plan is to hijack any future
communication that Alice initiates from her machine to Bob's
laptop, so Bob can substitute the local newspaper web page by
his own fake happy birthday greetings home page.

So, in the DNS www.localpress.com has a single IP address IPlp.

To launch the attack, the night before, Bob creates a shim6
state in alice machine. In order to do that, Bob initiates
the shim6 context establishment exchange.

The created context, has IPlp as ULID and it has IPB (i.e.
Bob's laptop
IP) as preferred locator.

In order to keep the context alive, Bob sends periodic packets (e.g.
ping or UDP) to Alice machine. Note that the goal of these
packets is just to prevent the shim6 state at Alice machine
to be garbage collected, so there is no need to have a actual
application receiving those packets above the shim (i.e.
these packets can be perfectly discarded once they passed
above the shim, and they would still be fulfilling their goal
from the attack p.o.v.)

The next morning (Alice birthday!!!) Alice arrives to the
office and she tries to connect to the local newspaper as
everyday. The only difference is that today, there is a shim6
state in Alice machine for IPlp.
Alice browser asks the resolver for www.localpress.com. the
resolver returns IPlp. The browser initiates a TCP connection
with IPlp, but the SYN packet is intercepted by the shim
layer (at Alice's machine) and the address is translated to
IPB. the result, the communication is redirected to Bob's
machine and Alice will be accessing Bob's web server while
she thinks that she is reaching the local newspaper web page

Bob has managed to steal the local newspaper IP identity from
Alice p.o.v.

This type of attack cannot be prevented by simply using
IPSec, because it is launched before the keys have been exchanged.

In order to prevent these attacks, we need additional tools,
like global certificates, pre shared keys or crypto identities.

reagrds, marcelo





thanks
/jim

-----Original Message-----
From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
Sent: Wednesday, July 19, 2006 11:32 AM
To: Bound, Jim
Cc: Francis Dupont; shim6@psg.com; Pekka Savola; Iljitsch
van Beijnum
Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006


El 19/07/2006, a las 16:55, Bound, Jim escribió:

I was assuming the node regardless will use IPsec as
required.  Thus
it really is not shime6 concern.  But I do not believe no
one will not
deploy IPsec because of PKI that is simply not true.

i agree with this


but the problem is that if you want to use IPSEc to secure
the shim,
you need to use certificates, if not the security is not
acceptable.

You need to provide a secure binding between the identifer and the
locators. IPSec wihtout certificates does not provides
this feature.
If you want to use IPSec to secure the
shim6 protocol, you need the certificates hence you need
the global
PKI.

So in order to evaluate a solution based on IPSec for securing the
shim6, you need to consider the fact that a global PKI is required
for this.

Hence, the alternative solution for securing the shim at
this point
would be IPSec+PKI, agree?

regards, marcelo



  IPsec is deployed today with PKI.



/jim

-----Original Message-----
From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
Sent: Wednesday, July 19, 2006 8:04 AM
To: Francis Dupont
Cc: shim6@psg.com; Bound, Jim; Pekka Savola; Iljitsch van Beijnum
Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006


El 19/07/2006, a las 14:38, Francis Dupont escribió:

I can't see where Jim proposed to base the Shim6 security
on IPsec...

in message http://ops.ietf.org/lists/shim6/msg01511.html

it is stated that:

Suggestion is to simply embed ULIDs within the data
payload with new
option and secure all communications at least for now
for IP layer
communcatiions with IPsec encryption based on locator pair.

meaning to use IPSec as an alternative to HBA security

(something which is known to require the impossible and
even not
desirable global PKI :-)


exactly

Regards, marcelo


Regards

Francis.Dupont@point6.net