Re: DOS attacks with Cookies

[SatishK Amara <kumar_amara@yahoo.com>]

Yogesh,

    The problem you have specified is mentioned in
IKEV2 draft. In this case Alice should process
multiple responses for it's request. This would solve
the problem. 

Satish
--- Yogesh.Swami@nokia.com wrote:
> Hi,
> 
> I have a question/comment on the use of Cookies for
> key exchange. I think there is a potential for very
> easy and more pointed DOS attacks with the present
> key exchange mechanisms. Let me give an example to
> explain this.
> 
> Lets say Alice wants to establish a Phase-1 SA with
> Bob. Also, lets say Trudy--who wants to deny Alice
> any access to resources--can some how snoop Alice's
> packets. Also let the round trip time between Alice
> and Trudy be far less than the roundtrip time
> between Alice and Bob (say Trudy is on the same LAN
> as Alice for the sake of this example--but Trudy
> does not necessarily have to be on the same LAN, all
> she needs is a) ability to see Alice's packet and b)
> her round trip time to be less than that of Bob). 
> 
> When Alice sends her cookie, Trudy sees this packet
> coming on UDP 500, and quickly responds to Alice's
> cookie with a random cookie and sets the source IP
> address in her response packet to be that of Bob and
> sends it to Alice. 
> 
> Alice will receive this Cookie response from Trudy
> long before she can receive Bob's response and since
> Alice has no way of knowing if this cookie really
> came from Bob, she will respond to this cookie
> thinking this is a Legitimate response and proceed
> with the Deffie Hellmann exchange to Bob.
> 
> When Bob receives this cookie, the cookies will not
> match (Since the cookie was generated by Trudy) and
> he will just reject the request thinking that Alice
> was trying to attack him. This way Trudy has
> successfully prevented Alice from having a secure
> channel with Bob. 
> 
> Question: What is Alice supposed to do when she
> receives a Duplicate Message with a Different Cookie
> from the same host? Please consider the case when
> there was a retransmission and the retransmitted
> packet got corrupted in the way and the two
> cookies--though legitimate--have different values.
> 
> If Trudy can automate this process, she can deny
> access to anyone who she can snoop. If someone can
> write a worm that does this automatically and spread
> this across the internet (in this case on just needs
> to snoop the loop back interface and does not even
> need to see packet on the wire) one can create a lot
> more damage. 
> 
> If Alice and Bob were to be two SG (security
> gateways), then Trudy can virtually isolate every
> one behind Alice's SG from accessing Bob's
> resources. In the process of avoiding DOS attacks we
> have opened room for even worse attacks (this is
> worse because it could be targeted towards a
> particular set of people without affecting others.
> So, for example, if two companies want to vote for a
> merger one of them can prevent the other by simply
> not allowing any secure channel, while people from
> the other company can easily do so)
> 
> I guess, the only solution is to do authentication
> before doing anything else -- in which case we don't
> need any cookies anymore and we can save a round
> trip too. Any comments?
> 
> Thanks
> Best Regards
> Yogesh


=====
In natural science, Nature has given us a world and we're just to discover its laws. In computers, we can stuff laws into it and create a world            -- Alan Kay

__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com