SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    I'm not Scott, but some of Doug's comments deserve a rather
    blunt response:
    
    > If there is 'required to implement' security that is later found
    compromised
    > by a man in the middle or through a spoofing mechanism, would such a
    mandate
    > in the end ensure an open door for those familiar with this 'required to
    > provide' security weakness?  Could you recommend a security scheme that is
    > safe from this type of attack?
    
    There's no such thing as a perfect security mechanism that is secure from
    all attacks for all time.  The reason for using off-the-shelf mechanisms
    like
    IPSec and TLS is that peer review in the security community has eliminated
    not only all of the obvious problems, but also all of the non-obvious ones
    that
    have turned up.  Asking for a mechanism that is guaranteed to be immune
    from all possible attacks is a veiled argument for no security, and is hence
    nonsense.
    
    Assuming that keys that are supposed to remain secret do remain secret,
    TLS and IPSec are safe from all of the obvious man-in-the-middle attacks
    *when properly configured* and are likewise safe from the obvious
    spoofing attacks provided that the key distribution mechanism used
    works correctly (which can be a tall assumption).  In some cases,
    other components also need to be secured, for example, if DNS
    names are used as identities, DNS may have to be secured via
    something like DNSSEC depending on how DNS is used.
    
    Both IPsec and TLS are frameworks into which various encryption and hash
    algorithms can be inserted, so evolution away from algorithms in which
    weaknesses are discovered is possible over time (and furthermore is left
    in the hands of the security experts who are in the best position to make
    these judgements).
    
    > Could security mandates be limited to user authentication and
    authorization?
    > Compression-Encryptions passes are computationally expensive processes
    that
    > offer little benefit in many configurations.  If there is a mandated
    > security, cryptographic resources should be limited to authentication.
    
    Unfortunately, the answer is "no" if the desire is to avoid computationally
    expensive operations on each message exchanged after connection
    setup.  The problem is that in order to do authentication sufficient
    for a public network, cryptographic integrity is required on the connection
    to
    avoid well known hijack attacks on TCP (after authentication, the adversary
    hijacks the connection by taking over one end of it - attack scripts are
    readily
    available for this).  The algorithms for cryptographic integrity (e.g., used
    to
    compute HMACs) tend to be computationally expensive (as much as
    encryption, if not moreso), and my current understanding is that unlike
    the transition from 3DES to AES/Rijndael that reduces the computational
    overhead of encryption, no such overhead reduction is in sight for the
    hash algorithms used for integrity (e.g., SHA-1).
    
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    


Home

Last updated: Tue Sep 04 01:05:34 2001
6315 messages in chronological order