[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on "Hybrid Auth. mode for IKE"

To: Greg Carter <greg.carter@entrust.com>
Subject: Re: Comments on "Hybrid Auth. mode for IKE"
From: Moshe Litvin <moshe@checkpoint.com>
Date: Thu, 23 Jul 1998 20:45:54 +0300
CC: moshe@checkpoint.com, ipsec@tis.com, "Pat Calhoun (E-mail)" <pcalhoun@Eng.Sun.Com>
References: <D789F71F24B4D111955D00A0C99B4F50BEA45E@sothmxs01.entrust.com>
Sender: owner-ipsec@ex.tis.com

Greg,

You proposal require perfect state synchronization between the client
and the server (either what is the last challenge "sent" or the exact
time). It is impossible in practice especially since there are no means
to synchronize them.

Also notice that in the hybrid mode no challenge and no reply are
passing in the clear.

Regards,

	Moshe


Greg Carter wrote:
> 
> EAP Introduced to ipsec ? :), I don't want to be there when PKIX meets
> SPKI...
> 
> Anyway...
> When I thought of EAP-ISAKMP it was to increase security which was lacking
> in most of the other EAP mechanisms.  Now it seems we want to hack ISAKMP to
> work with the 'lacking' EAP mechanisms, mostly token cards.  Which come in
> two varieties, those based on DES, and those based on proprietary protocols.
> Putting aside the wisdom of DES and proprietary algorithms...
> 
> The DES cards usually have a "Guess next Challenge" mode where they know
> what the next challenge will be based on the last.  The proprietary card
> uses a time based scheme, and so at any moment in time you know the
> response, there is no challenge.  You can take the response as the IKE
> shared secret.  No Challenge is needed.
> 
> Benefits -
> No changes to IKE.
> May increase security of DES based challenge/response cards since known
> plain text/cipher text never flows over the network.  DES cards when used
> with protocols like RADIUS or TACACS do all the challenge/response in the
> open.  $250K and 56-224 hours later you have the key.  In this mode DES is
> combined with key hashes and no known text is transmitted over the network.
> Supports DES cards, Time based cards (OK they'll have to write some code on
> their server to give up the expected response based on ID, rather than a
> simple yes/no response, but nothing is for free), PAP/CHAP (no reason to do
> CHAP, just use the password as the secret...
> 
> Drawbacks
> Aggressive mode is the only practical choice.
> Initialization and resync.  Initialization is easily handled, resync is
> doable.
> Backend server will be needed to track card state.  Not really a drawback,
> every card manufacture I know offers a backend management server of some
> sort which already does this.  Since the backend server is now essentially a
> key server you should probably run IPSEC over the link from the Gateway to
> the server.
> 
> Anyway my point is that it is doable with the current spec, no changes to
> token hardware, maybe a little coding on the server side.  Sure there are
> some drawbacks but you want to use 1980's technology...
> Later.
> ----
> Greg Carter, Entrust Technologies
> greg.carter@entrust.com
> 

-- 
-----------------------------------------------------------------------
Moshe Litvin                    Check Point Software Technologies Ltd.

moshe@checkpoint.com            Tel:   +972-3-753-4601 (972-3-753-4555)
                                Fax:   +972-3-575-9256
-----------------------------------------------------------------------

References:

RE: Comments on "Hybrid Auth. mode for IKE"

From: Greg Carter <greg.carter@entrust.com>

Prev by Date: Re: Comments on "Hybrid Auth. mode for IKE"
Next by Date: Re: ESP and AH used in tunnel mode by a Security Gateway
Prev by thread: RE: Comments on "Hybrid Auth. mode for IKE"
Next by thread: RE: Comments on "Hybrid Auth. mode for IKE"
Index(es):
- Main
- Thread