[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rohc] Re: (in)security of ESP with header compression

To: David Mcgrew <mcgrew@cisco.com>
Subject: [rohc] Re: (in)security of ESP with header compression
From: Stephen Kent <kent@bbn.com>
Date: Wed, 16 Apr 2003 12:56:37 -0400
Cc: "Wang Haiguang" <wanghg@i2r.a-star.edu.sg>, <Lars-Erik.Jonsson@epl.ericsson.se>, <yaronf@gmx.net>, <rohc@ietf.org>, <ipsec@lists.tislabs.com>
In-reply-to: <4.3.2.7.2.20030416070333.00b30688@mira-sjcm-1.cisco.com>
List-help: <mailto:rohc-request@ietf.org?subject=help>
List-id: Robust Header Compression <rohc.ietf.org>
List-post: <mailto:rohc@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/rohc>,<mailto:rohc-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/rohc>,<mailto:rohc-request@ietf.org?subject=unsubscribe>
References: <4.3.2.7.2.20030415060622.00b68ef8@mira-sjcm-1.cisco.com><4.3.2.7.2.20030415060622.00b68ef8@mira-sjcm-1.cisco.com><4.3.2.7.2.20030416070333.00b30688@mira-sjcm-1.cisco.com>
Sender: rohc-admin@ietf.org

David,

The ESP processing order at the receiver is authenticate then decrypt, IF there are separate authentication and encryption algorithms employed, i.e., the common case today. The structure of the payload requires this, since the integrity check is applied to the ciphertext, not the plaintext, by the sender.

That says that the transmitter processing order is:
- map to SA (the outbound access control check)
- compress if appropriate
- encrypt
- integrity check

At the receiver the processing is defined as:
- map to SA using SPI ( a demuxing operation, not a security check)
- validate sequence number
- integrity check
- decrypt
- decompress if appropriate
- check against selectors (the inbound access control check)

Sorry for any confusion re my previous response in not spelling out all the steps and why they are performed in the order indicated.

Given this ordering of processing steps, it would seem that the main issue for a stateful compression algorithm like ROHC is to be smart about reacting to out of order arrival, a fact of life if it is to be used in the IPsec context.

Steve
_______________________________________________
Rohc mailing list
Rohc@ietf.org
https://www1.ietf.org/mailman/listinfo/rohc

References:
- [rohc] (in)security of ESP with header compression
  - From: David Mcgrew
- [rohc] Re: (in)security of ESP with header compression
  - From: David Mcgrew

Prev by Date: [rohc] Re: (in)security of ESP with header compression
Next by Date: [rohc] Re: (in)security of ESP with header compression
Previous by thread: [rohc] Re: (in)security of ESP with header compression
Next by thread: [rohc] Re: (in)security of ESP with header compression
Index(es):
- Date
- Thread