[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE_SA SPI with a changed address

To: ipsec@lists.tislabs.com
Subject: Re: IKE_SA SPI with a changed address
From: Corrado Derenale <derenale@polito.it>
Date: Thu, 29 May 2003 06:44:23 +0200
References: <200305271547.h4RFlnof044936@givry.rennes.enst-bretagne.fr>
Reply-To: derenale@polito.it
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Hello,

Francis Dupont wrote:
 >  In your previous mail you wrote:
 >
 >    what would happen in IKEv2 if the  Initiator and Responder change 
their
 >    IP adresses after have established an IKE_SA?
 >
 > => nothing very good:
 >  - NAT traversal includes an optional automatic peer address update
 >    for all SAs for a peer which is detected to be behind a NAT.
 >  - responses are required to be sent with source/destination address/port
 >    reversed, so received requests will be correctly answered.
 >  - without an explicit peer address update mechanism (there is a WG
 >    agreement to study such a thing in the close future) the best is
 >    just to rekey the IKE_SA.

I was against the NAT yet before reading the
draft-dupont-transient-pseudonat-01.txt but now, after that reading I'm
even more against it!

The problem was not for NAT traversal, I hope that with the IPv6 coming
all that problems with NAT will vanish with the NAT itself, but with the
mobile user. I was thinking about keep-up an IKE_SA even if one of the
peers change his network access (change WLAN hot spot) end conseguently
its IP address

 >
 >    It is still possible refernce the SAD with the SPI (the IKE_SA SPI)
 >
 > => yes, this is the role of the SPI and any IKEv2 implementation
 > which uses addresses to look up an IKE_SA should be nuked.

This sounds very good to me.

 >
 >    found in the CREATE_CHILS_SA header in order to retrieve the 
parametres
 >    to generate a new CHILD_SA?
 >
 > => an IKE_SA rekey will use the addresses IKE runs over so this 
should work.
 > BTW as the peer addresses are not protected in this case and some attacks
 > can be built using this security flaw,

I think that you refer to some DoS attacks, because only the
authenticated peers can negotiate a new CHILD_SA and derive new
cryptographic material from the one negotiated and authenticated during
the IKE_SA_INIT. Am I right?

 > it is possible a future draft
 > will change this... For instance I interpret Jari and Tero's proposal
 > as keeping the peer addresses seen in the first message where they are
 > indirectly protected, note the proposal includes an explicit update
 > mechanism too.

That will be very usefull in the mobile/nomadic user scenario.

 > Nothing is really decided, only my firm intention to
 > raise a concern if nothing is done about peer address protection
 > before the last call.
 >
 > Thanks
 >
 > Francis.Dupont@enst-bretagne.fr
 >
 > PS: read draft-dupont-transient-pseudonat-01.txt for an example
 > of an attack based on the lack of protection, and RFC 3519 for
 > a defense against a similar problem in Mobile IP which was never
 > claimed to be a security protocol...

:)

 >

Thank you,

/cdr

References:
- Re: IKE_SA SPI with a changed address
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: crypto algorithm documents for IKEv2
Next by Date: I-D ACTION:draft-ietf-ipsec-nat-t-ike-06.txt
Prev by thread: Re: IKE_SA SPI with a changed address
Next by thread: IKE_SA SPI with a changed address
Index(es):
- Date
- Thread