[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE_SA SPI with a changed address



 In your previous mail you wrote:

   what would happen in IKEv2 if the  Initiator and Responder change their
   IP adresses after have established an IKE_SA?
   
=> nothing very good:
 - NAT traversal includes an optional automatic peer address update
   for all SAs for a peer which is detected to be behind a NAT.
 - responses are required to be sent with source/destination address/port
   reversed, so received requests will be correctly answered.
 - without an explicit peer address update mechanism (there is a WG
   agreement to study such a thing in the close future) the best is
   just to rekey the IKE_SA.

   It is still possible refernce the SAD with the SPI (the IKE_SA SPI)

=> yes, this is the role of the SPI and any IKEv2 implementation
which uses addresses to look up an IKE_SA should be nuked.

   found in the CREATE_CHILS_SA header in order to retrieve the parametres
   to generate a new CHILD_SA?
   
=> an IKE_SA rekey will use the addresses IKE runs over so this should work.
BTW as the peer addresses are not protected in this case and some attacks
can be built using this security flaw, it is possible a future draft
will change this... For instance I interpret Jari and Tero's proposal
as keeping the peer addresses seen in the first message where they are
indirectly protected, note the proposal includes an explicit update
mechanism too. Nothing is really decided, only my firm intention to
raise a concern if nothing is done about peer address protection
before the last call.

Thanks

Francis.Dupont@enst-bretagne.fr

PS: read draft-dupont-transient-pseudonat-01.txt for an example
of an attack based on the lack of protection, and RFC 3519 for
a defense against a similar problem in Mobile IP which was never
claimed to be a security protocol...