[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's and Ahar's attacks
I have a thought. The reason that Ashar's attack on UDP can succeed
is that an UDP packet has infinite life time. If we can restrict the
life time to a short period, then the attacks and possible damages
can be confined, though not completely eliminated.
Assuming the following :
1. Every system can keep its time down to the precision of a second.
2. Every system's clock tick at about the same rate, down to the precision
of a second.
If the assumptions hold, then what can be done is :
1. When exahanging keys (including re-keying), each system send its current
time to the other.
2. Upon receiving the other's time, a t-delta is computed between the local
time and the other's time. This t-delta is then associated with the other's
SPI.
3. When sending a UDP message, including in the AH a time stamp which is
equal to "current local time + t-delta". This value is an estimate of
the other's time.
4. When receiving a UDP message, examine the time stamp, discard any message
that is too old (e.g., more than twice the network latency).
Regards, Pau-Chen
Follow-Ups:
References: