OPSEC WG - PowerPoint PPT Presentation

About This Presentation
Title:

OPSEC WG

Description:

Key is shared between all routers in the broadcast domain and possession of the ... Possible to replay IS-IS PDUs as there is no crypto sequence number in the PDUs. ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 11
Provided by: vishwas9
Learn more at: https://www.ietf.org
Category:
Tags: opsec | keys

less

Transcript and Presenter's Notes

Title: OPSEC WG


1
OPSEC WG
  • Issues with existing Cryptographic Protection
    Methods for Routing Protocols
  • Vishwas Manral (IP Infusion)
  • Russ White (Cisco)
  • Manav Bhatia (Alcatel-Lucent)
  • 73rd IETF - Minneapolis, USA

2
What is the draft about?
  • Its meant to give an overview of what we know and
    dont know about our routing protocols security.
    Mostly showing the clumsy use of cryptography.

3
Cryptographic Authentication
  • Routing Protocols are designed to use
    cryptographic mechanisms to authenticate data
    being received from a neighboring router to
    ensure that it has not been modified in transit,
    and actually originated from the neighboring
    router purporting to have originating the data.
  • There are some issues in how we use
    authentication currently with the routing
    protocols, leaving them vulnerable to attacks,
    despite using authentication mechanisms described
    in the standards - this draft discusses these
    issues.

Read the draft for more issues and a detailed
explanation for each one of these.
4
Cryptographic Authentication (contd)
  • The goal is to identify the weak points (make the
    community aware of the issues).
  • The draft discusses the management and the
    technical issues with the existing cryptographic
    authentication schemes for protecting the routing
    protocols.
  • Because of lack of time the presentation only
    discusses some of the technical issues with each
    of the routing protocols OSPF, IS-IS and RIP.

Read the draft for more issues and a detailed
explanation for each one of these.
5
Issues with OSPFv2
  • Sequence Num initialized to 0 when neighbor comes
    up/goes down. Can replay OSPF packets from the
    previous session if key isn't regularly changed.
  • Current specs use keyed MD5 - MUST upgrade to a
    stronger crypto algorithm construct like
    HMAC-SHA-1, etc.
  • Key is shared between all routers in the
    broadcast domain and possession of the key is
    used as an identity check.
  • X can masquerade as Y and send packets to Alice
    without the latter ever knowing about this.
  • In some scenarios an attack can bring down the
    adjacency between X and Y despite both using
    cryptographic authentication

Read the draft for more issues and a detailed
explanation for each one of these.
6
Issues with OSPFv3
  • Replaying HELLOs with an empty neighbor list can
    cause all the neighbor adjacencies with the
    sending router to be reset
  • Replaying Hellos from early in the designated
    router election process on broadcast links can
    cause all the neighbor adjacencies with the
    sending router to be reset, disrupting network
    communications.
  • Replaying Database description packets can cause
    all FULL neighbor adjacencies with the sending
    router to be reset, disrupting network
    communications.

Read the draft for more issues and a detailed
explanation for each one of these.
7
Issues with OSPFv3 (contd)
  • These issues are due to the use of manually keyed
    AH, where replay protection cant be used
  • So, the problem isnt really AH, but is due to the
    lack of an IPSec Group Key Management solution
    suitable for use with OSPFv3
  • Its the broadcast link problem that keeps us
    from using IKEv2 with OSPFv3
  • There are IETF group key management protocols,
    but the applying them to OSPF is problematic
    since they rely on a key server.

Read the draft for more issues and a detailed
explanation for each one of these.
8
Issues with IS-IS
  • Possible to replay IS-IS PDUs as there is no
    crypto sequence number in the PDUs.
  • An IIH PDU containing a digest within a TLV, and
    an empty neighbor list, could be replayed,
    causing all adjacencies with the original
    transmitting IS to be restarted.
  • Old CSNP packets can be replayed to trigger an
    LSP storm when a large number of LSPs are
    flooded.
  • No notion of a Key ID in the base spec. During
    Key rollover, each PDU received needs to be
    checked against all keys that are valid. This can
    be exploited to launch a DOS attack
  • Current specs use MD5 - MUST upgrade to HMAC-SHA
    and stronger.
  • This is being addressed currently in the IS-IS WG.

Read the draft for more issues and a detailed
explanation for each one of these.
9
Issues with RIPv2
  • RIP Cryptographic Authentication does not cover
    the IP and the UDP headers.
  • RIP uses the IP header to determine the neighbor
    its learnt the RIP Update from. Since there is no
    protection provided to the IP header, an attacker
    can exploit this and disrupt the RIP sessions.
  • An attacker can replay an earlier RIP packet and
    by modifying the IP header, can deceive the
    receiver in believing the packet came from a
    different source and can disrupt and inject false
    routing information

Read the draft for more issues and a detailed
explanation for each one of these.
10
Comments and Feedback?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "OPSEC WG" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!