[LinkSec] RE: [802.1] Proposal on link layer security
I agree the proposed solution cannot work. See inline
comments below.
Yonadav
At  27/6/03 04:38 PM+0300, antti.pietilainen@nokia.com
wrote:
Hi Sai,
You are investigating an important topic also studied by others. For
example, Mohamed G. Gouda et al., Computer Networks 41(2003) p. 57-71,
have presented one solution for secure ARP. Their solution is based on
common secret between a server and end stations. Having to rely on common
secret is not very optimal but may be the only solution.
Unfortunately, the proposal you presented would not pass peer review in a
publication nor be accepted into a standard. 
First I present the main points of the proposal: 
1) It duplicates part of layer 2.5 in a hardware watchdog that checks
that the upper layer behaves. 
2) For further ensuring that the watchdog behaves, its control would be
restricted to the original HW designer and access by SW developers would
be inhibited. 
3) In addition a new transmission speed would be introduced to inhibit
old misbehaving interfaces to take part in a network of behaving
interfaces.
I'll go then through the points in reverse order to show their
deficiencies.
3) Changing transmission speed will work for a period that ends when the
hacker has measured the new speed and changed oscillator on his card. If
the line code is changed, it will also be a matter of short period after
which security is broken.
2) The second point states a rule that works only if everybody obeys it.
I do not understand how anybody can trust that.
Put more simply, assume all major NIC manufacturers do indeed include the
proposed ARP protection code in their hardware. The next day you will
find special "rogue" NICs advertised on hacker sites, with a
"feature" to bypass the ARP protection...
1) Because of 2) there
is no point in duplicating features in a watchdog because the watchdog
itself may misbehave.
The proposal mentiones that there should be state-machine states that
increase security. In my opinion, one should, indeed, implement states
where applicable to increase network security. As an example of failior
to implement protective state machines in the early days, brute force
attacks were able to make millions of password tries without the target
computer doing anything to protect itself.
best regards
Antti Pietilainen
   
> -----Original Message-----
> From: ext Sai Dattathrani
[mailto:saidatta@in.ibm.com]
> Sent: 27 June, 2003 07:09
> To: stds-802-1@ieee.org; stds-802-linksec@ieee.org
> Subject: [802.1] Proposal on link layer security
> 
> 
> Hi,
>  I have a proposal to avoid ARP spoofing by providing 
> additional security
> checks at the MAC sub-layer. I would like to initiate a 
> discussion on the
> proposal and take it forward. I am attaching the proposal. 
> Kindly initiate
> the discussion on the same.
> (See attached file: ieee_proposal.txt)
> 
> rgds,
> Sai
> 
Yonadav Perry
Tel:  09-765-2417
Fax:  09-767-8829
yonadav@netvision.net.il