[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comment on xauth and hybrid

To: Greg Carter <greg.carter@entrust.com>
Subject: Re: Comment on xauth and hybrid
From: Tamir Zegman <zegman@checkpoint.com>
Date: Thu, 22 Jul 1999 22:08:35 +0200
CC: ipsec@lists.tislabs.com, ietf-ipsra@vpnc.org
References: <01E1D01C12D7D211AFC70090273D20B1B8F8EA@sothmxs06.entrust.com>
Sender: owner-ipsec@lists.tislabs.com



Greg Carter wrote:

> Hi Tamir,
>
> <trimmed>
> Hybrid expects the Secure GW to use keying material it hasn't authenticated
> yet, to me this is similar to the global shared key case.

I believe there is a difference. When you use a global shared key the client
does not really authenticate the server whereas if you use Hybrid the server is
authenticated using signatures.
The Secure GW does use as you say the keying material before authenticating the
client. However this keying material is used only for the following XAUTH
exchange. It MUST NOT be used for anything else, specifically it MUST NOT be
used for quick mode until XAUTH is successfully completed.

< trimmed>

>
>
>         With regard to DoS attacks this weakness is inherent to IKE as it is
> today:
>         I assume you are not talking about Aggressive mode which opens you
> to very
>         vicious DoS attacks no matter what authentication you are using but
> on MainMode.
>
> Except with regular IKE at the end of phase 1 you have authenticated the
> client, so if it fails you can through away state.  Hybrid you must keep the
> phase 1 state around and do an XAUTH to authenticate the client.  Given that
> most of the XAUTH methods (token cards) are rather lengthy operations I
> think this is worse, especially given that you'll have to allow for mistyped
> responses and have to 'retry' the AXUTH a number of times before failing.
> Or do you force a new phase 1 for each XAUTH attempt?
>
>

Yes, I agree. This means that you need to keep state around for a while until
the XAUTH is finished.
I think that the best practice is to through away the Phase1 SA if XAUTH fails:
"If the User fails to authenticate the IKE SA MUST be discarded."

< trimmed>

> > [Greg Carter] I meant 'soft' challenge/response tokens:
> >
> > http://www.securitydynamics.com/products/datasheets/securidst-ds.html
> > <http://www.securitydynamics.com/products/datasheets/securidst-ds.html>
> >
> > http://www.axent.com/product/dsbu/def2.htm#secure
> > <http://www.axent.com/product/dsbu/def2.htm#secure>
> >
> > , which you as a SGW have no way of knowing the user is using.  So you can
> > not guarantee that the user is using a 'hard' token, so the arguments that
> > challenge/response tokens are more "secure" than public key are not valid.
> >
>
>         I think we agree. I was talking about hardware legacy tokens while
> you are
>         discussing software.
>         I was not trying to say that Hybrid is better than signatures but
> that in some
>         situations it is not much worse.
>
> I know your were talking about hardware tokens, I was pointing out that it
> is impossible for your gateway to distinguish a SecurID hardware token user
> from a SecurID software token user. So how can you make claims that using
> hardware tokens is better if there is no cryptographic way to prove the
> client is using them?
>
> Again I don't care if others want to do this, just don't claim it is better,
> or equivalent to existing IKE.
> Bye.

Yes I agree.
But if you issue your workers only hardware tokens then you have no problem with
that.


Regards,
Tamir.

References:

RE: Comment on xauth and hybrid

From: Greg Carter <greg.carter@entrust.com>

Prev by Date: Re: Checking incoming traffic against SPD
Next by Date: Requirements driving xauth [was Re: Secret public keys, Re: comment on xauth and hybrid]
Prev by thread: RE: Comment on xauth and hybrid
Next by thread: Re: new second mandatory IPsec cipher
Index(es):
- Main
- Thread