|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSCSI: Security CommentsJulian, The following are security comments to your new -03.txt version of iSCSI: 1) There are several security sections (4.2, 4.3, and 7.) and they should be consolidated into one section. 2) Did we come to a consensus that no encryption was to be included in iSCSI? If yes, then section 7.2.2.4 needs to be deleted. If no, then I now do suggest encryption be delegated to IPSec or TLS. Both of these mechanisms are handled at a lower layer and this allows leverage of existing h/w and s/w implementations. 3) I would suggest that iSCSI consider adding an optional authentication block in each iSCSI PDU. If this is of interest I can work with you further on it. Specific comments to security section Appendix A: a) pg 77, the following: "- Public key algorithm (InitPublicKey,TargetPublicKey)" needs to be replaced by: "- Public key algorithm (PublicKey)" If a per-iSCSI PDU authentication block is to be added, perhaps that can be added to this list with something like: "- PDU-Authentication (AuthAlgorithm:)" Where AuthAlgorithm is the signature algorithm used to sign the authentication block. We would also need a description of new text commands such as: InitDHValue: and TargetDHValue:, which would list parameters for the Diffie Hellman exchange to calculate a shared secret key used for AuthAlgorithm. b) pg 83, see the following text and suggested modifications: "The next example is a public-key authentication. The initiator authenticates itself to the target and no keys are exchanged: " - Need to delete the part "...and no keys are exchanged: ". "If the user was not confirmed, the target sends a login response message with "login reject" to the initiator. Else, it can send a login response with "login accept" and MAY attach a secret: " - Need to delete the part "...and MAY attach a secret:". "The next example is another public-key authentication. The initiator authenticates itself to the target. The target authenticates itself to the initiator and key are exchanged: " - Delete the part "...and key are exchanged: ". " T->Text StartSecure:HERE secret: " - Delete the part "...secret: ". No secret keys should be exchanged in this phase since the login is authenticated only, not encrypted. If secret keys are needed for a PDU authentication block, then Diffie-Hellman should be used using the above text command. c) pg 83, I suggest changing the following text: NB - where the blob stands for the digitally signed hash of the packet header, the user (presumably some form of machine+OS+session name or a certificate issued by a certificate authority) the target salt and using the appropriate digital signature algorithm (DSS). to the following: "...where the blob stands for the digitally signed hash of the iSCSI PDU header, the WWUI of the iSCSI node being authenticated, and the salt provided by the authenticating node, using the appropriate digital signature method (DSS or DSA)." d) pg 84, suggest modifying the following text: where the blob stands for the digitally signed hash of the packet header, the user (presumably some form WWUID name or certificate issued by a certificate authority) the initiator salt and using the appropriate digital signature algorithm (DSS). The target also send a suggested key encrypted with the initiator public key. to the following: "...where the blob stands for the digitally signed hash of the iSCSI PDU header, the WWUI of the iSCSI node being authenticated, and the salt privided by the authenticating node, using the appropriate digital signature method (DSS or RSA). - Delete "Secret:key" from the following: "T-> Text Authenticate:user,blob Secret:key" In the following: where the blob stands for the digitally signed hash of the packet header, the user (presumably some form WWUID name or certificate issued by a certificate authority) the initiator salt and using the appropriate digital signature algorithm (DSS). The target also send a suggested key encrypted with the initiator public key. - delete the last sentence "The target also send....". That's all for now. Josh Tseng
Home Last updated: Tue Sep 04 01:05:53 2001 6315 messages in chronological order |