[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
about the protection against on path attackers
Iljitsch in hiss review have raised the following issues w.r.t. the
seuciryt of the shim6 protocol
my comments are inline
Also, for CGA verification, don't we need to send the other side a
challenge to avoid replays?
I don't know if this is necessary...
I mean, the attack that we are considering is an attacker that can
sniff an update request message and then will repeat it later on (i
mean it cannot modify it, since it is protected by HBA/CGA) right?
what would be the effect of such attack? that an old locator set will
be used instead of the new one, potentially leading to DoS attack. So,
the effect of this would be a time shifted DoS attack (i.e. the
attacker was once in the path, it can then later on, try to perform a
DoS attack, hoping that none of the old locators are reachable now). I
am not sure we need to provide protection against this attack... what
do you think?
later on in his review, it is stated that:
context. In this case, we are in the Context confusion
and the host MUST NOT use the old context to send any packets.
MAY just discard the old context (after all, the peer has
discarded it), or it MAY attempt to re-establish the old context
by sending a new I1 message and moving its state to I1-SENT. In
any case, once that this situation is detected, the host MUST NOT
keep two contexts with overlapping Ls(peer) locator sets and the
same context tag in ESTABLISHED state, since this would result in
demultiplexing problems on the peer.
What if an attacker is trying to interfere with legitimate
communication? We must be VERY sure that the new shim messages come
from the same host as the one that created the existing state if we're
going to mess with that existing state.
THe current security level is that we don't provide protection against
on path attackers. If an attacker learns the context tag, then it can
do some nasty stuff, including destroying the established context. this
is the level of security that we have defined for the protocol. We can
discuss whether this security level is approapriate, but i would like
to have a high level discussion on the issue.