[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RESEND: Thoughts on identity attacks

To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>
Subject: RE: RESEND: Thoughts on identity attacks
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Wed, 13 Feb 2002 20:37:42 -0500
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F40A1DFB25@vhqpostal.verisign.com>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

> > Have you read the JFK draft?
>
> Have you read my extensive comments on the JFK draft posted
> to the list?

Obviously my question was tongue in cheek.

In your last message you suggest that cookies be made optional. You state
"This allows the 2 round trip JFK scheme to be reduced to 1 required and 1
optional round trip." Then you go on to describe a protocol which bears
absolutely no resemblance to JFK at all.

JFK is a protocol which has 8 stated goals: security, simplicity,
memory-DoS, Computation-DoS, Privacy, Efficiency, Non-Negotiated, and PFS.
You didn't give all the details of your 'JFKbis' protocol, but it is almost
certain to forego at least 5 of these: security, memory-DoS,
Computation-DoS, Privacy, and PFS. Plus it is bound to add new weaknesses,
such as replay attacks (although I suppose those could be lumped in under
memory-DoS).

The JFK approach was to take 90% of the crypto features that IKEv2
implements in average case 4 messages (worst case 6) and do them in constant
time 4 messages. What you have done is take the same idea from IKEv2
(optional cookies), graft it onto XKASS, and then somehow pretend that this
is related to JFK.

I hate to resort to tired cliches, but if for some reason all you require is
fast negotiation, irregardless of the security drawbacks, then perhaps that
should be done by a separate protocol.



> > The idea of a generalized cookie mechanism for IP/TCP is
> > something I've
> > toyed with. For applications where you don't necessarily want
> > to do IPsec,
> > but DoS attacks are very important (e.g. wireless,
> > specifically IP paging),
> > it would be nice if your access router could generate an
> > ICMP_ROUTABILITY_TEST message which would force the initiator
> > to retry with
> > a nonce/cookie.
>
> I don't think that has much value. For the cookie to be useful it
> really has to be strongly bound to a particular request and a specific
> IP port. Otherwise an attacker can get one legitimate cookie and then
> SPAM you to death with it.

And why couldn't it be? The only stumbling block is that the legitimate
owner of the IP/port has to be able to determine whether he recently sent
you a packet. This is easy with TCP & not so easy with IP.


Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

References:
- RE: RESEND: Thoughts on identity attacks
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Re: RESEND: Thoughts on identity attacks
Next by Date: RE: RESEND: Thoughts on identity attacks
Prev by thread: RE: RESEND: Thoughts on identity attacks
Next by thread: RE: RESEND: Thoughts on identity attacks
Index(es):
- Date
- Thread