[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ahar's attacks

To: smb@research.att.com
Subject: Re: Bellovin's and Ahar's attacks
From: Danny.Nessett@eng.sun.com (Dan Nessett)
Date: Wed, 12 Apr 1995 12:49:12 -0700
Cc: ipsec@ans.net, linehan@watson.ibm.com, ashar@jurassic.eng.sun.com

>  
>  A lot depends on our assumptions.  For TCP, it's probably feasible, so
>  long as rekeying occurs more frequently than the TIMEWAIT period.  For
>  UDP, there's no mandatory dead time in the protocol.  I strongly suspect
>  that we absolutely must use very rapid key changes, though -- per user
>  (though with AH+ESP for some services), per packet (a la SKIP), or per
>  socket.  Nothing less seems to guard adequately against both replay attacks
>  and the CBC cut-and-paste attack that I outlined.
>  

I agree that rapid rekeying is a good idea. However, it isn't sufficient for
all cases.

By the way, the replay attack Ashar suggests relies on the ability of an
intruder running on a machine discovering which port to use to receive the
replayed traffic. Since ESP hides this information in the encrypted
part, the intruder must use indirect methods to discover this.

Dan

Prev by Date: Re: Bellovin's and Ahar's attacks
Next by Date: No Subject
Next by thread: Re: IPv6 Security Last Call Initial Questions
Index(es):
- Main
- Thread