[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006

To: "marcelo bagnulo braun" <marcelo@it.uc3m.es>
Subject: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
From: "Bound, Jim" <Jim.Bound@hp.com>
Date: Wed, 19 Jul 2006 15:30:04 -0400
Cc: "Francis Dupont" <Francis.Dupont@point6.net>, <shim6@psg.com>, "Pekka Savola" <pekkas@netcore.fi>, "Iljitsch van Beijnum" <iljitsch@muada.com>
In-reply-to: <6eba233ff8ab86b888a1a22864c0c569@it.uc3m.es>

I dont accept the threats in 4218 so that is a problem right there but I will do that but that is more than just a quick response on email and need to go do proper analysis.  I will respond to where we disagree too later ok.  As I said email is not good for me now I keep changing my location :--).

thx
/jim 

> -----Original Message-----
> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] 
> Sent: Wednesday, July 19, 2006 3:27 PM
> To: Bound, Jim
> Cc: Francis Dupont; shim6@psg.com; Pekka Savola; Iljitsch van Beijnum
> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006 
> 
> 
> El 19/07/2006, a las 20:10, Bound, Jim escribió:
> 
> > Global PKI is not required for certificates that can be done with 
> > pre-shared keys too or as we are doing with shim6 out-of-band 
> > signaling.  If any here believe IPsec will not be used end-to-end 
> > think again please it will.  Ipsec is totally possible and 
> I will not 
> > repeat my mail on enclaves for end-to-end PKI as that is a 
> deployment 
> > and systems integration implementation issue.
> >
> 
> ok at this point it seems to me that we may start to 
> repeating ourselves, so at least let's try to identify where 
> do we disagree...
> 
> What i am saying is that:
> 
> - In order to use IPSec to protect the shim6 protocol (in 
> particular for providing a secure binding between identifier 
> and locators), there are two options: a) we use certificates 
> issued by a global PKI are needed in all shim6 peers or b) we 
> have preshared keys in all shim6 nodes
> 
> do you disagree with this statement?
> 
> I assume you do
> 
> if you disagree could you explain to me how would you protect 
> the shim6 protocol from the threats described in RFC4218?
> 
> in particular could you explain to me how would you protect 
> from the following attack:
> 
> Suppose that Alice and Bob work in the same office and that 
> Alice reads the local newspaper web page every morning at 
> www.localpress.com Now, suppose that tomorrow is Alice 
> birthday and since Bob has a crush on Alice, Bob wants to 
> make Alice believe that tomorrow local newspaper headline is 
> "Happy Birthday Alice".
> 
> In order to do that, Bob's plan is to hijack any future 
> communication that Alice initiates from her machine to Bob's 
> laptop, so Bob can substitute the local newspaper web page by 
> his own fake happy birthday greetings home page.
> 
> So, in the DNS www.localpress.com has a single IP address IPlp.
> 
> To launch the attack, the night before, Bob creates a shim6 
> state in alice machine. In order to do that, Bob initiates 
> the shim6 context establishment exchange.
> 
> The created context, has IPlp as ULID and it has IPB (i.e. 
> Bob's laptop
> IP) as preferred locator.
> 
> In order to keep the context alive, Bob sends periodic packets (e.g. 
> ping or UDP) to Alice machine. Note that the goal of these 
> packets is just to prevent the shim6 state at Alice machine 
> to be garbage collected, so there is no need to have a actual 
> application receiving those packets above the shim (i.e. 
> these packets can be perfectly discarded once they passed 
> above the shim, and they would still be fulfilling their goal 
> from the attack p.o.v.)
> 
> The next morning (Alice birthday!!!) Alice arrives to the 
> office and she tries to connect to the local newspaper as 
> everyday. The only difference is that today, there is a shim6 
> state in Alice machine for IPlp.
> Alice browser asks the resolver for www.localpress.com. the 
> resolver returns IPlp. The browser initiates a TCP connection 
> with IPlp, but the SYN packet is intercepted by the shim 
> layer (at Alice's machine) and the address is translated to 
> IPB. the result, the communication is redirected to Bob's 
> machine and Alice will be accessing Bob's web server while 
> she thinks that she is reaching the local newspaper web page
> 
> Bob has managed to steal the local newspaper IP identity from 
> Alice p.o.v.
> 
> This type of attack cannot be prevented by simply using 
> IPSec, because it is launched before the keys have been exchanged.
> 
> In order to prevent these attacks, we need additional tools, 
> like global certificates, pre shared keys or crypto identities.
> 
> reagrds, marcelo
> 
> 
> 
> 
> 
> > thanks
> > /jim
> >
> >> -----Original Message-----
> >> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
> >> Sent: Wednesday, July 19, 2006 11:32 AM
> >> To: Bound, Jim
> >> Cc: Francis Dupont; shim6@psg.com; Pekka Savola; Iljitsch 
> van Beijnum
> >> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
> >>
> >>
> >> El 19/07/2006, a las 16:55, Bound, Jim escribió:
> >>
> >>> I was assuming the node regardless will use IPsec as
> >> required.  Thus
> >>> it really is not shime6 concern.  But I do not believe no
> >> one will not
> >>> deploy IPsec because of PKI that is simply not true.
> >>
> >> i agree with this
> >>
> >>
> >> but the problem is that if you want to use IPSEc to secure 
> the shim, 
> >> you need to use certificates, if not the security is not 
> acceptable.
> >>
> >> You need to provide a secure binding between the identifer and the 
> >> locators. IPSec wihtout certificates does not provides 
> this feature. 
> >> If you want to use IPSec to secure the
> >> shim6 protocol, you need the certificates hence you need 
> the global 
> >> PKI.
> >>
> >> So in order to evaluate a solution based on IPSec for securing the 
> >> shim6, you need to consider the fact that a global PKI is required 
> >> for this.
> >>
> >> Hence, the alternative solution for securing the shim at 
> this point 
> >> would be IPSec+PKI, agree?
> >>
> >> regards, marcelo
> >>
> >>
> >>
> >>>   IPsec is deployed today with PKI.
> >>>
> >>
> >>
> >>> /jim
> >>>
> >>>> -----Original Message-----
> >>>> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
> >>>> Sent: Wednesday, July 19, 2006 8:04 AM
> >>>> To: Francis Dupont
> >>>> Cc: shim6@psg.com; Bound, Jim; Pekka Savola; Iljitsch van Beijnum
> >>>> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
> >>>>
> >>>>
> >>>> El 19/07/2006, a las 14:38, Francis Dupont escribió:
> >>>>
> >>>>> I can't see where Jim proposed to base the Shim6 security
> >>>> on IPsec...
> >>>>
> >>>> in message http://ops.ietf.org/lists/shim6/msg01511.html
> >>>>
> >>>> it is stated that:
> >>>>
> >>>> Suggestion is to simply embed ULIDs within the data
> >> payload with new
> >>>> option and secure all communications at least for now 
> for IP layer 
> >>>> communcatiions with IPsec encryption based on locator pair.
> >>>>
> >>>> meaning to use IPSec as an alternative to HBA security
> >>>>
> >>>>> (something which is known to require the impossible and 
> even not 
> >>>>> desirable global PKI :-)
> >>>>>
> >>>>
> >>>> exactly
> >>>>
> >>>> Regards, marcelo
> >>>>
> >>>>
> >>>>> Regards
> >>>>>
> >>>>> Francis.Dupont@point6.net
> >>>>>
> >>>>
> >>>>
> >>>
> >>
> >>
> >
> 
>

Follow-Ups:
- Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

References:
- Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>

Prev by Date: RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by Date: RE: IPsec Issue Discussed for Shim6 at IETF Meeting July 10, 2006
Previous by thread: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Next by thread: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
Index(es):
- Date
- Thread