SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME

    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI Security rough consensus

    


Just wanted to add that SRP with usage of its shared key for
ESP will be added as additional authentication method that
can be negotiated in the Login phase (maybe "SRP_WITH_ESP_KEYING").
I.e., SRP is mandatory to implement, SRP_WITH_ESP_KEYING is optional
as the rest of the authentication methods.

A very delicate issue that needs work in this SRP_WITH_ESP_KEYING
'method' is the synchronization of the ESP startup on both sides.
The intention is to keep the same TCP connection on which the Login
(and SRP exchange) occurred, and just turn on ESP to protect it,
from that 'sync point'.

If this works out OK, we can similarly use the shared key generated
by other optional authentication methods (i.e., define
KERB5_WITH_ESP_KEYING, SPKM_WITH_ESP_KEYING). For administrators
who want to use these methods, it may save the overhead of manual ESP
keying (assuming they buy minimal-compliant iSCSI, that is, without
IKE/certs).

  Regards,
    Ofer



Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253

---------------------- Forwarded by Ofer Biran/Haifa/IBM on 05/03/2001
11:01 AM ---------------------------

Black_David@emc.com on 05/03/2001 06:53:36 AM

Please respond to Black_David@emc.com

To:   ips@ece.cmu.edu
cc:
Subject:  iSCSI Security rough consensus




The rest of the Nashua minutes will be coming, but
this item is important enough to post on the list now.

The rough consensus on "mandatory to implement" iSCSI
security in the Nashua meeting was that the following
two items will be REQUIRED (mandatory to implement):

- ESP (part of IPSec) with NULL encryption.  This provides
     cryptographic integrity, and authentication, depending
     on how its keys are managed.  The rest of
     IPSec (e.g., IKE and AH) will be OPTIONAL.
- SRP for in-band authentication.  The remaining in-band
     authentication algorithms in the current iSCSI draft
     will be OPTIONAL.

There was also rough consensus in the meeting to pursue
a direction of using SRP to generate the keys for ESP,
and I asked whether there were problems
with the fact that such an approach would not permit
solutions that use an IPSec security gateway external
to an iSCSI implementation.

While there were no answers in the meeting,
I've gotten some strong "Yes, there are problems"
responses off line, and between them and the fact that
there are a bunch of details to work out in exactly
how to use SRP to key ESP, I would propose
that the security requirements be just the two
bullets above (i.e., ESP with NULL encryption and
SRP are REQUIRED).  This allows external gateways,
and keying of ESP with IKE or pre-shared keys,
and is consistent with the bulk of the discussion
in the meeting.

Although the approach of using SRP to key ESP has
a lot of promise, making it a requirement in advance
of a draft providing details that can be checked
by other security experts seems premature ... and
now I have to go help get that draft written
in my "copious spare time" ;-).  Once that draft
is in hand, we can make a concrete decision about
requiring that mechanism.

Also, the integrity hash and signature algorithm
that MUST be implemented for ESP w/Null Encryption
still need to be designated -- in consultation with
the security area and security experts (e.g., Ted
Ts'o, ipsec WG co-chair, who was at the Nashua
meeting) the hope is to bring a recommendation to the
WG in the near future.  A complicating factor is that
new hash algorithms are being introduced as a
consequence of the new AES/Rijndael cipher.  Requiring
such a new algorithm (e.g., as opposed to the current
SHA-1 or MD5) was discussed as a desirable direction
in the meeting, but there are a bunch of details
that need to be checked (e.g., state of IETF use
and standardization of those algorithms).

Comments to the list, especially if anyone disagrees
with the proposed requirements stated above.  Specific
input from security-knowledgeable folks on algorithm
selection should probably be sent directly to me, as
the IPS list is not the best forum for that purpose.

Thanks,
--David

---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

Home

Last updated: Tue Sep 04 01:04:47 2001
6315 messages in chronological order