[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: questions on Anti Replay Check

To: "Jean-Jacques Puig" <jean-jacques.puig@int-evry.fr>
Subject: Re: questions on Anti Replay Check
From: "Lokesh" <lokeshnb@intotoinc.com>
Date: Fri, 22 Feb 2002 17:34:33 +0530
Cc: <ipsec@lists.tislabs.com>
References: <002b01c1bb67$e3b80c80$ae0510ac@roc.com> <200202220900.KAA10074@hugo.int-evry.fr>
Sender: owner-ipsec@lists.tislabs.com

Thanks ,
please see questions inlined.
-Lokesh
----- Original Message -----
From: Jean-Jacques Puig <jean-jacques.puig@int-evry.fr>
To: Lokesh <lokeshnb@intotoinc.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Friday, February 22, 2002 2:30 PM
Subject: Re: questions on Anti Replay Check


> Hi !
>
> Lokesh wrote:
>
> > My understanding of replay attack is a hacker can get hold of a
legitimate packet
> > in the traffic and transmit it to recevier after a while, this can cause
confusion or
> > have some undesirable consequences at the receiving end. right?
>
> Right. Depending on the protocol, one can also cause troubles replaying
the packet to another receveir, or even to the original sender.
>

Troubles to original sender? how? ones like sender getting two ACKs for one
packet sent?

> > Usually Antireplay check is not done for IPsec SA's of manual key
management.
> > why?
>
> Usually, manual keying sets directly the secrets of the SA. The
anti-replay window will cycle after many exchanges, and SA's adminitrator
may not bother about manually rekeying again and again. Thus, LEGAL packets,
with the same caracteristics (SPI...) and sequence numbers of ones of the
previous cycle will be sent. For a manual-keyed SA to last for many cycles,
antireplay check must be disabled, or cycling packets are likely to be
dropped.
>
> >Like any other secure traffic, traffic carried such SA too can be hacked
by
> > replay attack right?
>
> Yes.
> May be an easy way to solve this situation would be to manually set a key
seed for the SA, and the key material would be automatically derived from
that key on both sides in order to refresh SA's secrets when anti-replay
window is about to cycle. But there are hazards of loss of key
synchronization beetween hosts.
>
> > ESP RFC 2406 says:
> >
> >  The anti- replay service may be selected only if data origin
authentication is
> >    selected, and its election is solely at the discretion of the
receiver.
> >
> >  Why only if data origin authentication is selcted? esp trafiic without
authentication
> >   can't come under replay attack?[ assuming AH is not used ]
>
> If there is no data origin authentication, one may build or alter a packet
with a correct sequence number which will bypass the anti-replay service.
This service is useless in such a case.
>
> Building a new packet is eased by the lack of authentication.
> Alter a packet is eased by the improper use of integrity without
authentication.
>
> Thus authentication is necessary for anti-replay service.

So manual keying as well as using ESP without authentication are
 prone to replay attack.
and there are no safe and easy mechanisms to protect them. Am I right?

>
> --
> Jean-Jacques Puig
>
> "There is a Chinese proverb for all situations"
> -- Chinese proverb --

Follow-Ups:
- Re: questions on Anti Replay Check
  - From: Jean-Jacques Puig <jean-jacques.puig@int-evry.fr>

References:
- questions on Anti Replay Check
  - From: "Lokesh" <lokeshnb@intotoinc.com>
- Re: questions on Anti Replay Check
  - From: Jean-Jacques Puig <jean-jacques.puig@int-evry.fr>

Prev by Date: RE: NAT Traversal
Next by Date: Re: questions on Anti Replay Check
Prev by thread: Re: questions on Anti Replay Check
Next by thread: Re: questions on Anti Replay Check
Index(es):
- Date
- Thread