Re: ISCSI: User authentication vs. Machine Authentication for iSCSI

To: Bill Strahm <bill@sanera.net>
Subject: Re: ISCSI: User authentication vs. Machine Authentication for iSCSI
From: Mark Bakke <mbakke@cisco.com>
Date: Wed, 29 Aug 2001 16:05:54 -0500
CC: "Ips@Ece. Cmu. Edu" <ips@ece.cmu.edu>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <HDECJFNIFJBIAINDCFOMKEJOCAAA.bill@sanera.net>
Sender: owner-ips@ece.cmu.edu

Bill Strahm wrote:
> 
> I have been fighting with this problem since I left LA.
> 
> I am not aware of any usage scenarios today where block devices are owned by
> the user rather than the machine.  I will conceed that in many instances the
> first thing the system does is assign the resource to a use (tape, scanner,
> etc.) but the machine still owns the resource and can in fact remove it out
> from under the user...
> 
> I am not to certain how I could build a trusted iSCSI environment where one
> user would have no knowledge about what was happening with other users in a
> malicious environment (especially where a system was participating in the
> exposure of resourses).  Examples of this include things like co-located Web
> hosting where a single user scans process memory looking for 1Kbit of random
> data, and when finding it attempts to determine if that is the private key
> of a user sharing the resource.
> 
> The reason I am bringing this up, is I am not sure trying to define security
> above the machine level makes any sense for iSCSI.  Aren't most SCSI devices
> owned by the Operating System not the User and partitioned out by the
> Operating System to the users ?  If this is the case many of our
> authentication methods simplify to simple IKE identities.
> 
> Bill

Bill-

As you pointed out, there is a case where just using IKE with
an iSCSI AuthMethod of "none" is valid.  That case is where:

- There a one-to-one correspondence between an initiator and an
  operating system
- IPsec is being used for all iSCSI traffic
- The customer is willing to deploy public key certificates on the
  client side (for each initiator) as well as on the devices

If all of the above are true, iSCSI can certainly use an AuthMethod
of none, and be done with it.

However,

- There are cases (David Black brought up some tape applications) where
  more than one initiator might exist on an operating system

- IPsec is not likely to be used for a large percentage of iSCSI
  traffic any time soon

- When IPsec is used, many customers will have an easier time with the
  familiar model of authenticating the server "machine" but using a
  dummy certificate for the client.

If any of the above are true, iSCSI-level of authentication is
required.

Hope this helps,

Mark

Follow-Ups:
- RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
  - From: "Bill Strahm" <bill@sanera.net>

References:
- ISCSI: User authentication vs. Machine Authentication for iSCSI
  - From: "Bill Strahm" <bill@sanera.net>

Prev by Date: Re: iSCSI - Change - Login/Text commands with the binary stage code
Next by Date: Re: iSCSI - Change - Login/Text commands with the binary stage code
Prev by thread: ISCSI: User authentication vs. Machine Authentication for iSCSI
Next by thread: RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:51 2001
6315 messages in chronological order