RE: DH-CHAP

["Yongge Wang" <ywang@karthika.com>]

>In your example, is this attack only possible in a HUBed environment?
>Would it still be as easy in a Switched only environment?

John,
For most Switched environment, this attack is possible though for
some switched network (with some special intelligent conficurations,
e.g., if the switch will not broadcast the traffic of initiator to the
attackers's side... however, this configuration is seldom used...
switch is not supposed to be as smart as a router in Internet), 
this attack will not work.

The only requirement for the attack to work is that the 
attacker's network card could "see" the request from the initiator.
For most networks, the attacker could see this due to the low-level
broadcast property of Ethernet.

Regards,
Yongge

--------------
"Yongge Wang" <ywang@karthika.com>@ece.cmu.edu on 04/14/2002 09:33:40 AM

Sent by:    owner-ips@ece.cmu.edu


To:    "Bill Studenmund" <wrstuden@wasabisystems.com>
cc:    <ips@ece.cmu.edu>
Subject:    RE: DH-CHAP



>There is one difference. The attack will get noticed.

Yes, you are correct. If the initiator logs all failure login, then
there is a failure log record.. but there may be many kinds of
failure log reports and the log due to this kind of attacks is
almost indistinguishable (for most concise log files)
from other failures. Thus we are not sure this failure is due to
a attack.

>Yongge's attack (as I understand it) is essentially a MITM attack, except
>that MITM usually tries to continue the conversation while in this case
>the rogue just leaves after it gets the response it needs.

You can say this is MITM if you define MITM in this way.
However, in the literature, the man-in-the-middle attack is defined
in the way David (Jablon) has pointed out: The attack controls the entire
communication links between the two real entities. This is a subtle
difference.

The attacker on DH-CHAP does not need to control the links.
A simple example is as follows:

The initiator and the attacker sit on one local Ethernet-I(e.g.,
connected by a hub), the target sits on another Ethernet-II though
still in the same organization.  The Ethernet-I and Ethernet-II
are connected by a switch or a router. Now the attacker could easily
(almost trivially) launch the attack though neither the attacker controls
the links between the initiator and the target nor the attacker
sits between the initiator and the target.

>This attack involves the rogue agent sending a response to the initiator
>giving it a g^x mod n to use. That g^x mod n will not be the one the
>target chose, so this attack will result in a login failure; a failure
>with the same signature as a MitM attack.
>
>So that is one difference between DH-CHAP and CHAP - you have to go to an
>active attack to get at the password.

Agreed. The fact pointed out by David (Jablon) is: Is this attack
essentially harder than the pure passive attack? In many situations,
it is not.... In the scenario I descreibed above this attack is as easy
as the pure passive attacks. (Note that a real Man-In-the-middle attack
is generally hard to mount than a pure passive attack).

I am just poiting out a vulverable situation for DH-CHAP.
Whether DH-CHAP will be included in the iSCSI standard,
it makes no difference to me.

Thanks for your discussion in this matter.

Best regards,
Yongge