RE: FCIP and iFCP Keying Problem

To: Black_David@emc.com, ips@ece.cmu.edu
Subject: RE: FCIP and iFCP Keying Problem
From: Black_David@emc.com
Date: Fri, 7 Sep 2001 18:28:03 -0400
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Filling in a couple of missing pieces here:

- See Section 4.4 of draft-aboba-ips-iscsi-security-00.txt
	for more details on the man-in-the-middle vulnerability.
	That vulnerability is based on the use of group pre-shared
	keys.  
- My strong language below is based in part on an 
	assumption that banning group pre-shared keys is
	unworkable in practice.  Key management is a pain,
	and use of group pre-shared keys simplifies it, even
	though it has some security costs.

Questioning the latter assumption is reasonable, but I'll
point out that group pre-shared (vs. per session pre-shared)
keys are a fact of life in current IPsec deployment/management,
and even turn up in the absence of dynamic IP address
assignment.  The reason the text in my previous message
just said "pre-shared keys" rather than "group pre-shared keys"
is that there may be no way for a participant in an IKE
session to know whether the pre-shared key was shared only
among the two endpoints of the session or with other parties.

Thanks,
--David

> -----Original Message-----
> From: Black_David@emc.com [mailto:Black_David@emc.com]
> Sent: Friday, September 07, 2001 4:34 PM
> To: ips@ece.cmu.edu
> Subject: FCIP and iFCP Keying Problem
> Importance: High
> 
> 
> Both FCIP and iFCP intend to require:
> 
> 	- IKE with pre-shared keys MUST implement
> 	- IKE with public-key based keys MAY implement
> 	- IKE Main Mode MUST implement
> 	- IKE Aggressive Mode MAY implement
> 
> That's not acceptable because the result of combining
> the two mandatory (MUST) mechanisms is vulnerable to a
> man-in-the-middle attack.
> 
> If IKE with pre-shared keys is "MUST implement" (which
> makes sense, as it's the simplest IKE authentication
> mechanism), then:
> 	- IKE Aggressive Mode needs to be "MUST implement"
> 	- Use of IKE Main Mode with pre-shared keys needs
> 		to be "SHOULD NOT use" or "MUST NOT use".
> Alternatively, if IKE Aggressive Mode remains "MAY implement",
> then:
> 	- IKE with signature authentication based on public
> 		keys needs to be "MUST implement" along with
> 		some certificate usage guidelines.
> 	- Pre-Shared keys needs to be "MAY implement" (can't
> 		be any stronger than the requirement for
> 		IKE Aggressive Mode).
> 	- Use of IKE Main Mode with pre-shared keys needs
> 		to be "SHOULD not use" or "MUST not use".
> 
> Changing IKE to remove the Main Mode vulnerability
> with pre-shared keys is not a viable approach.
> 
> Sorry,
> --David
> 
> ---------------------------------------------------
> David L. Black, Senior Technologist
> EMC Corporation, 42 South St., Hopkinton, MA  01748
> +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
> black_david@emc.com       Mobile: +1 (978) 394-7754
> ---------------------------------------------------
>

Prev by Date: RE: iFCP: security position
Next by Date: RE: iSCSI: ISIDs
Prev by thread: FCIP and iFCP Keying Problem
Next by thread: Re: FCIP and iFCP Keying Problem
Index(es):
- Date
- Thread

Home

Last updated: Fri Sep 07 19:17:10 2001
6452 messages in chronological order