|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsI'm not Scott, but some of Doug's comments deserve a rather blunt response: > If there is 'required to implement' security that is later found compromised > by a man in the middle or through a spoofing mechanism, would such a mandate > in the end ensure an open door for those familiar with this 'required to > provide' security weakness? Could you recommend a security scheme that is > safe from this type of attack? There's no such thing as a perfect security mechanism that is secure from all attacks for all time. The reason for using off-the-shelf mechanisms like IPSec and TLS is that peer review in the security community has eliminated not only all of the obvious problems, but also all of the non-obvious ones that have turned up. Asking for a mechanism that is guaranteed to be immune from all possible attacks is a veiled argument for no security, and is hence nonsense. Assuming that keys that are supposed to remain secret do remain secret, TLS and IPSec are safe from all of the obvious man-in-the-middle attacks *when properly configured* and are likewise safe from the obvious spoofing attacks provided that the key distribution mechanism used works correctly (which can be a tall assumption). In some cases, other components also need to be secured, for example, if DNS names are used as identities, DNS may have to be secured via something like DNSSEC depending on how DNS is used. Both IPsec and TLS are frameworks into which various encryption and hash algorithms can be inserted, so evolution away from algorithms in which weaknesses are discovered is possible over time (and furthermore is left in the hands of the security experts who are in the best position to make these judgements). > Could security mandates be limited to user authentication and authorization? > Compression-Encryptions passes are computationally expensive processes that > offer little benefit in many configurations. If there is a mandated > security, cryptographic resources should be limited to authentication. Unfortunately, the answer is "no" if the desire is to avoid computationally expensive operations on each message exchanged after connection setup. The problem is that in order to do authentication sufficient for a public network, cryptographic integrity is required on the connection to avoid well known hijack attacks on TCP (after authentication, the adversary hijacks the connection by taking over one end of it - attack scripts are readily available for this). The algorithms for cryptographic integrity (e.g., used to compute HMACs) tend to be computationally expensive (as much as encryption, if not moreso), and my current understanding is that unlike the transition from 3DES to AES/Rijndael that reduces the computational overhead of encryption, no such overhead reduction is in sight for the hash algorithms used for integrity (e.g., SHA-1). --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 435-1000 x75140 FAX: +1 (508) 497-8500 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Tue Sep 04 01:05:34 2001 6315 messages in chronological order |