Hi Alex,
Sorry its taken so long to get back to you.
> The threat document points out valid security concerns with ND. IMHO,
> some are easy to deal with and some other are harder, but in any case
> not all require total application of the ABK mechanism, noting that
> even if ABK's are applied some simple threats still hold.
>
Certainly agree.
> Threat 3.1. Malicious Last Hop Router fools the victim into using it
> as a default router. If the legitimate AR uses the ABK system then
> the attacker AR can also use a similar ABK system, right? It might be
> argued that the attacker AR can not communicate with the MN because it
> can't be authenticated by the MN with an attacker NAS, fair enough.
> But in that case, if the MN already shares a secret with the NAS, why
> not using the same secret to authenticate the ND, thus questioning the
> need for a more complex system.
>
The draft discusses two possible ways to use ABKs. One is based
on an authenticated exchange between the network and the host,
whereby the host proves its identity to the network and the
network does the same for the host, and the network gives
the host a private ABK to use. I believe this is what you
are referring to above. This could be accomplished some
other way, by having a session key with the router for example, but
the advantage of ID-crypto is that there is no secret key
held by the router which must be known to other routers in
the event the node is mobile, or which must be periodically
regenerated by the network to avoid compromise. The host's private
key acts as the session key. The cryptoparameters are public so there
is no need to worry about compromise. Also, of course,
standard public key could be used, but in this case,
a cert authority would be required (for a full blown
PKI) or, at the minimum, the host would require
some way to obtain the router's public key. If the
public key is the subnet id, there is no requirement for
this, and particularly if the host is mobile, this is
very convenient.
The other way that identity is proved is that the host
and the network participate in a roaming consortium
which supplies them with preconfigured cryptoparameters
and private key. In this case, there is no need for
an authentication exchange between the host and
network for purposes of securing ND (there may
be a need for other reasons).
> Threat 3.2 Good Router Goes Bad is probably less particular to ND.
> When good router goes bad it's too bad.
>
Yup. Nothing to do but have the network operator be vigilant for
attacks. Certainly, not requiring the routers to have globally
routable addresses (as IPv6 does) will help keep attacks
to a minimum.
> Threat 3.5 Bogus On-Link Prefix can be addressed by a smart legitimate
> access router sending RA's with the attacker-prefix with lifetime 0.
> A smart MN could even detect too many RA sequences
> infinity-0-infinity-0 and consider that subnet unreliable.
>
Sure, but this is a more complicated
solution that solves a single threat. And like Return Routabliltiy
in Mobile IP, there may be subtle ways around it.
> Threat 3.8 is not addressed by the ABK, I think.
>
You are right. If someone starts pumping packets at you, there is little
you can do, except maybe to shut down ND for a bit and maybe arrange to
find the perpetrator (it may just be buggy software).
Also, Francis Dupont pointed out that, if cryptographic techniques (any
techniques, not just ABK) are used in ND, then the process of address
resolution will suffer a performance hit (exactly how bad depends, of
course, on the implementation) and an attacker might exploit this to
mount a DOS attack.
So I agree that there are some problems that ABKs solve and some not.
jak
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
