[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2: active user identity protection

To: "Jesse Alpert" <jalpert@CheckPoint.com>
Subject: RE: IKEv2: active user identity protection
From: Tero Kivinen <kivinen@ssh.fi>
Date: Mon, 30 Jun 2003 15:13:57 +0300
Cc: <ipsec@lists.tislabs.com>
In-Reply-To: <000301c33e41$b6d40350$7b2e1dc2@jesse>
Organization: SSH Communications Security Oy
References: <16125.18207.934384.924599@ryijy.hel.fi.ssh.com><000301c33e41$b6d40350$7b2e1dc2@jesse>
Sender: owner-ipsec@lists.tislabs.com

Jesse Alpert writes:
> 2. The polling attack mentioned below is of little concern in an EAP (remote
> access) scenario - the server is usually well known and the client should
> not
> respond to EAP phase 1 exchanges.

Not all of the server addresses are globally well known. Some people
for example do not put security gateways address to dns, and configure
those so that they do not reply to anything than valid requests etc,
so it makes harder for attackers to find those (i.e security by
obscurity). This does not offer real security, but some people do want
to have that kind of features. They do not like the idea that they
need to give out proof that this is roadwarrior-sgw.company.com to all
connections. 

> 3. Most importantly - exchanges which were used in IKEv1 DID support this
> requirement. For example XAUTH requires the server to prove his
> identity first and the client's identity is protected against active
> attacks.
> So protection which is around for current clients using IKEv1 will not be
> there
> after migrating to IKEv2.

XAUTH is not part of IKEv1. So this feature was not in the IKEv1. Also
the original XAUTH versions I looked at did the normal IKEv1 exchange
and only then started the XAUTH. This meant that the client still
needed to proof its identity before starting XAUTH. If people were
using group pre shared keys, then anybody with the key (i.e anybody
with the group) could by active attack get the identities (and
if basic password authentication was used also the password).

Anyways you can still use the ID_KEY_ID (changing every time) as a
identity in those EAP cases, and have very small program in the sgw
end that will convert that ID_KEY_ID to the real EAP identity. This
will offer completele protection to the initiators identity, without
any change to the IKEv2 protocol, and with very minor changes to those
implementations that actually require this. 
-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

Follow-Ups:
- Re: IKEv2: active user identity protection
  - From: "Scott G. Kelly" <scott@airespace.com>

References:
- RE: IKEv2: active user identity protection
  - From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: NPF Info and/or site password
Next by Date: Re: QoS selectors (was LAST CALL: IKE)
Prev by thread: RE: IKEv2: active user identity protection
Next by thread: Re: IKEv2: active user identity protection
Index(es):
- Date
- Thread