[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Predictable SPIs (was: Re: A pothole in ISAKMP/Oakley)

To: ipsec@tis.com
Subject: Predictable SPIs (was: Re: A pothole in ISAKMP/Oakley)
From: dpkemp@missi.ncsc.mil (David P. Kemp)
Date: Wed, 16 Apr 1997 09:09:21 -0400
Sender: owner-ipsec@ex.tis.com

> From: Stephen Kent <kent@bbn.com>
> 
> 	If one selects SPIs to be small integers so that they represent
> indices into local tables, then they may be very predictable and thus an
> attacker without passive wiretapping ability may be able to formulate
> credible-loooking SPIs for existing SAs.  Remember, the SPI plus
> destination address completely defines the SA, so there is no source
> address check that would be pereformed at this stage of packet processing.


If one believes that inject-only attackers are a threat, then it is
possible to get both unpredictable (to the attacker) SPIs and efficient
SPI lookup at the destination by picking a random offset once at boot
time and adding it to small integer indices to form the SPIs.

Since SPI selection does not affect interoperability, since DOS in
general is a hard problem, and since entropy testing of SPI sequences
for conformance testing purposes is impossible, it seems unwise to write
a MUST requirement on SPI generation.  I'd write a note on the rationale
for unpredictable SPIs in the Security Considerations section and leave
it at that.

Follow-Ups:

Re: Predictable SPIs (was: Re: A pothole in ISAKMP/Oakley)

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re[2]: ESP with stream ciphers
Next by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Prev by thread: Re: A pothole in ISAKMP/Oakley
Next by thread: Re: Predictable SPIs (was: Re: A pothole in ISAKMP/Oakley)
Index(es):
- Main
- Thread