[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about Version Numbers



Yeah, as you said, an active attacker can keep responding to the first
message with an unauthenticated notification message saying "the highest
I support is n", and cause the connection to break and restart, and
the active attacker can disrupt that one also.

What should be done about it?

a) (your suggestion), allow them to continue talking the lower version number
b) ignore this problem in the spec as being not important enough at this point,
and perhaps fix it later. Maybe consider it a feature, that an active attacker
can prevent Alice and Bob from talking, but can't trick them into talking in
an insecure manner.
c) have the negotiation for version n+1 be authenticated, using the protection
of the IKE version n SA already created (rather than tearing it down and
starting from scratch with n+1)
d) have Alice remember that Bob can talk n+1, and refuse to believe an unauthenticated
notification telling her otherwise
e) I'm sure other solutions are possible.

Note that d) is allowed by the current spec (wouldn't violate any on-the-wire
messages). So I think we should do that, which doesn't require changing the spec.
Perhaps this will motivate me to revive the tutorial spec and mention that in
an implementation tip.

Radia



----- Original Message -----
From: vamsi <vamsi@intotoinc.com>
Date: Thursday, April 8, 2004 11:20 pm
Subject: Question about Version Numbers

> Hi  Friends,
> In IKEv2 of section 2.5 Version Numbers and Forward Compatibility  
> ,the 
> text says
>  ".....If Alice is capable of speaking versions n,
>    n+1, and n+2, and Bob is capable of speaking versions n and 
> n+1, then
>    they will negotiate speaking n+1, where Alice will set the flag
>    indicating ability to speak a higher version. If they mistakenly
>    (perhaps through an active attacker sending error messages) 
> negotiate    to version n, then both will notice that the other 
> side can support a
>    higher version number, and they MUST break the connection and
>    reconnect using version n+1."
> 
> Let us assume the following scenario
> Alice has sent the message with version n+2 to Bob and in between 
> the attacker
>   'yyy' has tricked to make Alice to use version 'n'. So the next 
> message 
> from Alice with version 'n'
> and enabling the Flag (which indicates that Alice support higher 
> version) 
> is sent to the BOB and he(BOB) will sent the
> second message with version 'n' and flag enabled(which indicates 
> that BOB 
> supports higher version) . Then draft says "they MUST break the 
> connection 
> and reconnect using version n+1." So Alice again start with 
> version 'n+1' 
> and the attacker again trick him to use version
> 'n' or  the attacker  even trick the Alice by sending with  n+1 
> version and 
> flag(that indicates the higher version) enabled  where  Bob   
> doesn't even 
> support higher version than n+1 and there by attacker succeeds 
> interrupting 
> the  IKE exchanges . My doubt is that are we not going in a loop??
> 
> My feeling is that the text should be as  follows
> ".....If Alice is capable of speaking versions n,
>    n+1, and n+2, and Bob is capable of speaking versions n and 
> n+1, then
>    they will negotiate speaking n+1, where Alice will set the flag
>    indicating ability to speak a higher version. If they mistakenly
>    (perhaps through an active attacker sending error messages) 
> negotiate    to version n, then both will notice that the other 
> side can support a
>    higher version number, and they SHOULD continue and SHOULD 
> audit the event"
> 
> 
> Thanks
> Vamsi
> CTO Office
> Intoto Inc.
> www.intoto.com
> 
>