RE: iSCSI: Login authentication SRP/CHAP

["John Hufferd" <hufferd@us.ibm.com>]

Bill,
IPSec is optional to use!  So you can not assume that you have a Secure
connection.  And even if you use IPSec, you can not be sure that Privacy
(encryption) is being used.  So for these reasons alone you need to have an
iSCSI method of Authentication.

Next, the lower levels only know that the link is OK to be use for
something.  It does not know that it is iSCSI that is using the link, and
if it did it does not have access to the iSCSI ACLs.  Nor does iSCSI know
what is handled at the lower levels so it must do its own ACL processing.

Even if the link is secure (perhaps even encrypted) and iSCSI
Authentication finds out that you are user "Bill", that does not say that
you have the right to get at All resources.  "Bill" will be authorized to
operate from certain iSCSI Initiator Nodes, and those nodes will only be
permitted to see certain approprate LUs.  These are all iSCSI functions NOT
TCP or IPSec.

Your suggestion to use TLS, was fully discussed in Irvine, and that issue
is now behind us.



.
.
.
John L. Hufferd
Senior Technical Staff Member (STSM)
IBM/SSG San Jose Ca
Main Office (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
Home Office (408) 997-6136
Internet address: hufferd@us.ibm.com


"Bill Strahm" <bill@sanera.net>@ece.cmu.edu on 10/17/2001 02:19:38 PM

Sent by:  owner-ips@ece.cmu.edu


To:   "IPS Reflector \(E-mail\)" <ips@ece.cmu.edu>
cc:
Subject:  RE: iSCSI: Login authentication SRP/CHAP



Just to bring up a cynical point.  Why do we need SRP anyway... after all I
am running over a required secure channel, so there should be no problem
with just sending a user ID/Passphrase over the secure channel.  This will
prevent a LOT of interoperability problems, extra code required to
implement
additional security algorithms, etc.

This makes my implementation much simpler, I can seperate
login/authentication parameters (currently SRP) vs. setting up a secure
channel (IPsec).  If we go the Application level secure authentication
method, I would rather we replace the security layer with TLS rather than
IPsec, so we get authentication/security all in one place rather than
scattered around lower layer protocols, application protocols...

Bill Strahm
+========+=========+=========+=========+=========+=========+=========+
Bill Strahm     Software Development is a race between Programmers
Member of the   trying to build bigger and better idiot proof software
Technical Staff and the Universe trying to produce bigger and better
bill@sanera.net idiots.
(503) 601-0263  So far the Universe is winning --- Rich Cook


-----Original Message-----
From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of
Michael Schoberg
Sent: Wednesday, October 17, 2001 12:53 PM
To: IPS Reflector (E-mail)
Subject: iSCSI: Login authentication SRP/CHAP


I'm having some problems figuring out the exact implementation for the
login
authentication protocols being proposed.  Is anyone else having similar
issues answering these questions:

What is the hashing algorithm that will be used for SRP authentication
(SHA-1, MD5, HMAC-SHA1)?

The SRP negotiation passes the following information (T->I):

SRP_s = SRP salt
SRP_N = (SRP n value - Large prime number.  All computations are performed
modulo n)
SRP_g = Primitive root modulo of n

By passing [N] & [g] (T->I), does this mean the initiator must verify that
[N] is a prime and [g] is a primitive root modulo of [N]?  What are the
min/max digits for [N] and [g]?  If any of these are not satisfied (N not
prime, g not primitive modulo root, #digits too small or large), could it
be
used as an attack against the initiator or be used to derive the
initiator's
password?



The reference to RFC 1994 does not fully describe the CHAP function for
iSCSI, it describes the CHAP message protocol which isn't really used in
our
case.  There's some parameters that need to be nailed down.  What is the
CHAP hash algorithm: (MD5)?  What is the sequence of hashes that take place
on a CHAP challenge to form the CHAP digest?

The iSCSI draft allows for algorithm selection (CHAP_A=<A1,A2,...>) but
doesn't describe any.  Are these supposed to dictate the hashing function
or
give a description of [what/how it] gets hashed (or both)?  Will there be a
mandatory set (A1..An) that compliant iSCSI implementations must provide?
Is there a reference that actually shows the sequence for a CHAP digest
being formed from MD5 hashes?



It would help to have an appendix with real username/password examples of
the result exchange?  A table with a few sample sets would be useful for
validating designs.