[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: <warlord@mit.edu>
Subject: Re: IPSEC Security Gateways & NAT
From: "Hilarie Orman" <HORMAN@volera.com>
Date: Tue, 26 Jun 2001 11:35:16 -0600
Cc: <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

A random nonce can be computed much more quickly than
a hash.

What's "counting N"?

The point about the resource usage is that if you are under
a severe attack, whether or not you have cookies you need to keep
track of state.  The cookies help only against mild attacks.  Even
then, I'd assume any resilient system would be managing resources
carefully, balancing connection state memory against other
memory demands.  Such systems *should* be able to adjust
to mild attacks without noticeable loss of service.

Hilarie

 >>> Derek Atkins <warlord@MIT.EDU> 06/26/01 07:59AM >>>
The "extra computation" is really not much more than creating the
cookie itself.  It doesn't have to be encrypted data; it can be a
keyed hash or some other verifiable system.  It's probably just as
much work as running a PRNG to generate a random NONCE for a cookie.
It is certainly much less work than having to keep track of N
message-1 messages sitting around and then seeing if you're under
attack by counting N.

You don't really need to keep track of resource usage; you _can_
choose do so.  However, no, this does not require the same amount
of state as recording all your message-1 state for each initiator.
What's easier, keeping a counter or keeping all the cookie state
from all the initiators?

-derek

PS: I have no objection to an optional stateless cookie round-trip.

"Hilarie Orman" <HORMAN@volera.com> writes:

 > The statelessness seems to exist only in non-stressed circumstances.  
 > If there really is a resource shortage, such as would occur in a denial 
 > of service attack, then one needs to start keeping track of resource 
 > usage, and that means keeping state around, doesn't it?  The stateless
 > cryptographic cookie seems to have the disadvantage of requiring
 > extra computation even in the non-attack situation, whereas, the
 > stateful approach requires no extra work until an attack is underway.
 > 
 > Hilarie
 > 
 > >>> Bill Sommerfeld <sommerfeld@East.Sun.COM> 06/25/01 11:19AM >>>
 > > Is anyone still interested in Base Mode? It would be possible to create
 > > a Base Mode where reception of the first message is stateless to the Responder,
 > > by sending the state back in msg2 encrypted with some locally known symmetric
 > > key, and verified upon reception in msg3. This modified Base Mode
 > > could then be used to replace Aggressive Mode. The rationale for changing
 > > Base Mode would be that nobody's yet really using it (?), and that it's cool :).
 > > There's a paper by Pekka Nikander explaining the theory of making protocols
 > > stateless, forget where that is though.
 > 
 > I'd be very interested in seeing a mode which is initially stateless
 > for the responder; it's a key bit of technology from photuris which
 > was never carried forward to IKE.
 > 
 > 					- Bill

-- 
        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
        Member, MIT Student Information Processing Board  (SIPB)
        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
        warlord@MIT.EDU                        PGP key available

Follow-Ups:

Re: IPSEC Security Gateways & NAT

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Prev by Date: Re: [Fwd: Re: P1363: prudent fields]
Next by Date: Re: [Fwd: Re: P1363: prudent fields]
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread