[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's attack

To: smb@research.att.com, rogaway@cs.ucdavis.edu, ashar@osmosys.incog.com
Subject: Re: Bellovin's attack
From: Danny.Nessett@eng.sun.com (Dan Nessett)
Date: Tue, 11 Apr 1995 16:12:35 -0700
Cc: ipsec@ans.net

Ashar,

I think the attack you suggest is different from, but in a sense subsumes
Steve's attack. What we are rediscovering is the somewhat fundamental idea
that multiplexed resources (in the case you cite, ports) must be properly
managed so that no information can leak from one principal to another due to
a failure in the underlying system. This is the same property that must exist
when disk space is shared between users, both concurrently and serially.

In your example, the information residue is keying material attached to a
serially reused resource (i.e., ports). The problem is identifying what is
the appropriate set of actors to be kept separate and how to multiplex 
the resource, i.e., the crypto-channel, so that separation is obtained.

I must admit I was confused by Phil's assertion that it made no difference
whether the information is MACed for Steve's attack to work. The example
you give clarifies this for me. Thanks.

Regards,

Dan

Prev by Date: Combining key mgmt & ESP (was Re: Bellovin's attack and ...)
Next by Date: Re: Bellovin's and Ahar's attacks
Prev by thread: Re: Bellovin's attack
Next by thread: IPSEC Comments
Index(es):
- Main
- Thread