Jeff,
"No authentication also thus means you can't attack the system by sending a
sequence number".
I agree. But you don't need a seq number with no auth, you just attack by
sending a packet to take the session down. That's why I still view NULL auth as
(slightly) better than no auth.
I agree 100% with the rest.
Regards,Reshad.
On Wednesday, February 7, 2024, 12:30:00 PM EST, Jeffrey Haas
<jh...@pfrc.org> wrote:
Reshad,
On Feb 7, 2024, at 12:21 PM, Reshad Rahman <res...@yahoo.com> wrote:
ISAAC works for active attacks but I don't understand why no-auth still works,
no-auth is weaker than NULL auth: you don't need to be an active attacker to
knock over a session with no-auth?
With no-auth, the only thing you can say is "the session is still up". In the
optimized case we're guarding against parameter changes so that's all we get to
do.<RR> What I don't understand is no-auth still works in the statement below:
if NULL auth is impractical, so should no-auth. What I am missing?"1. NULL auth
and using the sequence numbers becomes impractical to use for optimizing
authentication procedures. ISAAC and no-auth still work. "
No authentication doesn't have sequence numbers. This means that sequence
number operations for incrementing are paused at last exchanged sequence number
in the strong authentication.
No authentication also thus means you can't attack the system by sending
packets with a sequence number. The system will be expecting authentication
types of either the strong auth (protected vs. blind injection by computing the
digest over the entire PDU), or the expected no-auth. If you send packets with
an unexpected auth type, they'll be dropped.
With ISAAC, blind injection can't work unless the injector has access to the
shared secret, BFD discriminator values, initial sequence number for the ISAAC
sequence base, and seed. Discriminator and seed can be discovered by
intercepting the ISAAC authenticated PDUs. The initial sequence value has to
be observed, or inferred by being able to compute the ISAAC table that will
have the outputs. The shared secret is thus the core protecting item.
Thus, with ISAAC, you can't push the sequence numbers ahead without being able
to satisfy ISAAC authentication, even if it's not a digest vs. the entire BFD
PDU.
With NULL auth, you just need to be able to convince the implementation to
accept the PDU with a higher sequence number. This can be done with blind
injection once you know enough of the BFD session state like discriminators.
The random discriminator makes this very low likelihood and pushes the attack
case to someone that is PITM.
-- Jeff
