Re: iSCSI: PAK: an alternative to SRP and DH-CHAP

To: Bill Strahm <bill@strahm.net>
Subject: Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
From: Philip MacKenzie <philmac@research.bell-labs.com>
Date: Tue, 30 Apr 2002 09:33:02 -0400
CC: ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii; format=flowed
Organization: Bell Labs, Lucent Technologies
References: <3CCD3A92.9050603@research.bell-labs.com> <20020429112331.B65828@homegate.strahm.net> <3CCDC90B.6010905@research.bell-labs.com> <20020429161800.D65828@homegate.strahm.net>
Sender: owner-ips@ece.cmu.edu
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

> Funny, iSCSI all ready has excellent protection from active attackers 
> in the fact that IPsec has protection from active attackers.  If you 
> need the protection, turn on the MUST implement IPsec and be done with
> it.  If you don't need the protection, and want some extra performance
> just turn off IPsec and go through your dedicated switched network that
> doesn't have the ability for an unknown attacker to sit in the middle...
> 
> Why are we still wasting time on this ???
> 
> Bill
> 


Good question.  I did find the following reason
in <draft-ietf-ips-security-11.txt>, Section 5.8.2:

> Thus when pre-shared key authentication is used in Main Mode  along with
> entities whose address is dynamically assigned, the same pre-shared key
> is shared by a group and is no longer able to function as an effective
> shared secret.  In this situation, neither the Initiator nor Responder
> identifies itself during IKE Phase 1; it is only known that both parties
> are a member of the group with knowledge of the pre-shared key. This
> permits anyone with access to the group pre-shared key to act as a man-
> in-the-middle.  This vulnerability is typically not of concern where IP
> addresses are typically statically assigned (such as with iFCP and
> FCIP), since in this situation individual pre-shared keys are possible
> within IKE Main Mode.
> 
> However, where IP addresses are dynamically assigned and Main Mode is
> used along with pre-shared keys, the Responder is not authenticated
> unless application-layer mutual authentication is performed (e.g. iSCSI
> Login with SRP). This enables an attacker in possession of the group
> pre-shared key to masquerade as the Responder. In addition to enabling
> the attacker to present false data, the attacker would also be able to
> mount a dictionary attack on legacy authentication methods such as CHAP
> [RFC1994], potentially compromising many passwords at a time.  This
> vulnerability is widely present in existing IPsec implementations.


Also, paraphrasing Jablon's comments, (1) having weaker authentication,
and thus more requirements on when and when not to use IPSec
means that iSCSI is harder for people to safely use, and (2) perhaps
protecting the password is more important than protecting
the data sent in an individual session.

-Phil

Follow-Ups:
- Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
  - From: Paul Koning <ni1d@arrl.net>

References:
- iSCSI: PAK: an alternative to SRP and DH-CHAP
  - From: Philip MacKenzie <philmac@research.bell-labs.com>
- Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
  - From: Bill Strahm <bill@strahm.net>
- Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
  - From: Philip MacKenzie <philmac@research.bell-labs.com>
- Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
  - From: Bill Strahm <bill@strahm.net>

Prev by Date: Re: iSCSI: SendTargets & NAT
Next by Date: Re: iSCSI 4.1 & 4.2
Prev by thread: Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
Next by thread: Re: iSCSI: PAK: an alternative to SRP and DH-CHAP
Index(es):
- Date
- Thread

Home

Last updated: Tue Apr 30 13:18:31 2002
9887 messages in chronological order