|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: iSCSI authentication requirementsI don't know what "resistance to highjacking" means in this context. I would say that resistance to dictionary attack is important. I would also argue for: "resistance to impersonation" for the target (and initiator?) Julo
In order to move forward on selecting an alternative mandatory iSCSI login authentication method, it is important to understand what the requirements are. I would like to suggest that the following requirements are essential: a. Mutual authentication b. Pre-shared key support with sufficient key size (e.g. 128 bits) c. Resistance to man-in-the-middle attack On the other hand, I would argue that the following requirements are *not* important: d. Resistance to hijacking e. Dictionary attack resistance f. Support for certificate authentication Goals Mutual authentication is important so that not only can the iSCSI Target authenticate the Initiator, but also the Initiator can authenticate the Target. The ability to detect a rogue Target is important, especially since iSCSI can be used for booting and rogue Targets could fools Initiators into making use of bogus data. The ability of the Target to authenticate the Initiator is important so that the Target can control access. Pre-shared key support is important since this is likely to be the most common use of iSCSI login authentication. The pre-shared key should be unique to the two parties, and not suceptible to man-in-the-middle attack, as opposed to the Group Pre-Shared key that is so widely implemented within IPsec VPN clients, and that enables man-in-the-middle vulnerabilties. Sufficient entropy is required to avoid brute-force attacks. Non-goals iSCSI login authentication can be used with or without IPsec. When IPsec is not used, the iSCSI connection can be hijacked, but this is not something that login authentication can protect against. One of the reasons that SRP was chosen was its resistant to dictionary attack when weak secrets are used. However, it is not clear that this is useful functionality for iSCSI login authentication. Mounting iSCSI volumes is inherently a machine activity, since access to that volume, when mounted, is determined by the operating system and its access controls rather than security services within the wire protocol. As a result, the credentials used for iSCSI login may be machine credentials, which can be assumed to be pre-shared keys with significant entropy, rather than a user password. The once scenario in which a user password might be relevant is mounting an iSCSI volume via a storage service provider. However, this is exactly the scenario in which IPsec protection of iSCSI would be most likely. Therefore, I would claim that dictionary attack resistance is not important here either. If certificate authentication is possible and desired, this can be provided within IKE Main Mode. As a result, certificate-based authentication is not required within iSCSI login. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Home Last updated: Sat Mar 30 12:18:17 2002 9394 messages in chronological order |