[Pana] data origin auth

["Alper Yegin" <alper.yegin at yegin.org>]

Hi Sam,

Please see below for my response regarding the language about data origin
authentication in the spec.

Let us know if it makes sense, so we keep the current text as-is; or you
still recommend a change.

Thanks

Alper



> >     Sam> Similarly, I'm concerned that the blanket claim that if a
> >     Sam> link does not provide security then security is required at a
> >     Sam> higher layer.  I agree that PANA integrity protection is
> >     Sam> required, but for example I don't see why data origin
> >     Sam> authentication or connectionless integrity is required for
> >     Sam> most Internet traffic.  I think the security considerations
> >     Sam> section could be reworked to talk a lot more about tradeoffs
> >     Sam> and a lot less about hard requirements.  Some hard
> >     Sam> requirements are probably still necessary.
> >
> >     -> We can remove references to any specific network types
> >     -> (DSL/3GPP2), and
> > > physical vs. cryptographic security.
> >
> >     -> I think what we are really concerned is data origin
> >     -> authentication,
> > > integrity and replay protection (not confidentiality, like
> > > the current spec is saying). Those are important, because
> > > they are the primary tools for enforcement points in policing
> > > the data traffic. Unless there is a way to perform data
> > > origin authentication, the enforcement points cannot
> > > distinguish traffic of authenticated clients from
> > > unauthenticated clients.
> >
> > I'm not sure this is true in practice.  I'm sitting at a wireless
> > hotspot.  I log into a web page and give them my credit card number.
> > MAC address seems to be good enuogh.  It does not provide data origin
> > authentication, but it seems to be operationally good enough.
> 
> Yes it's true that many users and hotspot operators are using such a
> scheme (UAM -- Universal Authentication Method) everyday. It's very
> "practical" because it does not require any special client (just web
> browser), but it's "security is very weak." The only reason it's being
> used (and widely used!) is that the operators cannot practically install
> 3rd party software on the client base. And they (and unknowingly the
> users) trade a lot of security for a lot of practicality.
> 
> More specifically, anyone can impersonate your PC and spoof and consume
> traffic on your behalf. And anyone can impersonate the wireless hotspot
> and spoof and consume traffic on its behalf. (And that effectively negates
> the whole idea behind "access authentication.") These threats are possible
> because there is no cryptographic protection (data origin auth) of the
> data traffic after the client and the network authenticated each other.
> 
> The next step from UAM would be to use an EAP-based solution. The
> appropriate client software would include EAP methods, EAP, EAP lower
> layer (IEEE 802.11i, IEEE 802.16e PKMv2, PANA, etc.), L2/L3 per-packet
> crypto protection, etc. Hosts with such a package would naturally utilize
> data origin authentication.
> 



_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana