[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Use of Encryption in Heartbeat Packets
Hi everyone,
I'm working on a heartbeat protocol draft based on the comments I received
back in December.
I want to get people's opinion on one subject that is not clear to me, which
is whether heartbeat packets should be both encrypted and authenticated or
just authenticated.
Possible advantages of encryption are: a) the additional level of
authentication it provides, and b) the confidentiality of the packet.
a) is not a problem if you use a hash function that is fully resistant to
differential plaintext analysis (since consecutive packets may be quite
similar).
b) seems to be a minor issue because the packet contents are of low
sensitivity. The only relevant information the adversary could gain is the
list of negotiated Spis for that connection.
The disadvantage of encryption is that it slows down packet throughput in
the normal case.
However, during a DoS attack, the use of encryption would allow the sgw to
quickly discard invalid (spoofed/replayed) packets. This gives it an
advantage over authentication in rejecting large spoofed packets. However,
there is no advantage in rejecting small spoofed packets.
So if the adversary can generate and route large numbers of small spoofed
packets as easily as small numbers of large spoofed packets, then this
protection mechanism doesn't work and encryption does not provide a DoS
advantage.
I estimate that in the normal case, 1000 SAs will only generate an average
of 5kb/sec of heartbeat traffic, so throughput is not a huge issue. But
there doesn't seem to be a compelling reason to use encryption either. I'm
tempted to say "better safe than sorry", but I'd like to get a straw poll on
this issue.
Andrew
_______________________________________________
Beauty without truth is insubstantial.
Truth without beauty is unbearable.
Follow-Ups: