[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] Comments on hiccups draft

To: Tobias Heer <heer at cs.rwth-aachen.de>
Subject: Re: [Hipsec] Comments on hiccups draft
From: Jan Melen <Jan.Melen at nomadiclab.com>
Date: Tue, 28 Jul 2009 17:30:48 +0300
Cc: hip WG <hipsec at ietf.org>
Delivered-to: hipsec at core3.amsl.com
In-reply-to: <6512FD53-0253-4B49-BC0D-41022DBB9644 at cs.rwth-aachen.de>
List-archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-help: <mailto:hipsec-request@ietf.org?subject=help>
List-id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-post: <mailto:hipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
References: <6512FD53-0253-4B49-BC0D-41022DBB9644 at cs.rwth-aachen.de>
User-agent: Thunderbird 2.0.0.7pre (X11/20090418)

Hi,

Tobias Heer wrote:

Some comments on the hiccups draft. In general I find the approachinteresting and worth pursuing. Below are some questions that mostlyfocus on security:
Conceptual comments and questions:
----------------------------------

Section 3: Existence of the HMAC in the packet:
The hiccups draft states that "[the payload is] protected by aPAYLOAD_HMAC parameter". To me it is unclear how such protection canpossibly work. Since there is no previous handshake there are no keysfor use in the HMAC. Jan explained that the HMAC is merely used as away to create a digest over the packet for making the signature moreefficient. However, if it is only used for creating the digest, Iwonder why it is actually transmitted in the packet because without asecret included in the packet, the digest can easily be calculated andtransmitting the digest in a packet seems to be a unnecessary waste ofspace. Am I missing something here? It would be nice if the draft wasmore precise about the nature and the use of the HMAC.

Yes, it is only a message authentication code of the packet and I knowthat you don't have to send it but it is less prone to errors if you dosend it as the receiving end doesn't have to generate the actualparameter that was used to create MAC code in order to verify the signature.

Section 4.3: Sending R1 if receiver suspects an attack:
I guess that in this case, the receiver drops the data packet and itscontent should be retransmitted (by a higher-layer mechanism?)? Ifyes, this could be mentioned somewhere.


Yes, I will add that to the draft.

Replay protection:
The draft talks about a immediate replays of DATA packets in thecontext of DoS attacks targeted at ACK signature generation. However,it does not talk about replays after a longer time (e.g. to mess withupper-layer state machines).How can hosts shelter against replays of valid but old hiccupspackets? The sequence number only works from the second packet on andstill complete sequences of HIP DATA packets can be replayed. Cachingpackets or keeping state for every ever-received packet is probablynot feasible. Is there a solution? If not, this should also be statedin the text and the security considerations.
Various sections: DoS resistance:
The draft briefly mentions that the protocol is susceptible to DoSattacks. This statement is rather vague and only mentions the absenceof "half-stateless DoS protection nature of the base exchange" andimmediate replays. However, CPU targeted DoS attacks (verification ofPK-sigantures without a puzzle or working HMAC to shelter againstfloods of HIP DATA packets - not necessarily replays) seem much morerealistic to me than state a space exhaustion attacks. Using HIP DATApacket creates a computational asymmetry between the attacker and thevictim (receiver). This imbalance could be mentioned in a moreexplicit way.

These are known attacks and that is why we have said in the securityconsiderations section that host should consider carefully when toaccept HIP data packets.

Editorial comments:
-------------------

Section 4.3: "The host MAY responds" -> "The host MAY respond"


Thanks for the comments
Jan

Follow-Ups:
- Re: [Hipsec] Comments on hiccups draft
  - From: Tobias Heer

References:
- [Hipsec] Comments on hiccups draft
  - From: Tobias Heer

Prev by Date: Re: [Hipsec] Comments on the HIP-BONE draft
Next by Date: Re: [Hipsec] feedback of hiccups-01 draft
Previous by thread: [Hipsec] Comments on hiccups draft
Next by thread: Re: [Hipsec] Comments on hiccups draft
Index(es):
- Date
- Thread