Issue182

Issues
Show Unassigned
Show All
Search

Documents

Login




Register
E-mail the Administrator
Issue Title Requirements on SID generation
Document: GIST Protocol Specification v11 Section: 3.5, 8.7
Category: Technical Priority: Must Fix
Status: Text Proposed

Created on 2007-02-12.22:00:34 by reh, last changed 2007-02-13.16:33:19.

Messages
msg507 Author: reh Date: 2007-02-13.16:33:19 
The text on SID generation requirements is moved to a new normative section
4.1.3 as follows:

4.1.3.  SID Selection

   The fact that SIDs index routing state (see Section 4.2.1 below)
   means that there are requirements for how they are selected.
   Specifically, signalling applications MUST choose SIDs so that they
   are cryptographically random, and SHOULD NOT use several SIDs for the
   same flow, to avoid additional load from routing state maintenance.
   Guidance on secure randomness generation can be found in [32].

and section 8.7 is extended with new text on how GIST security depends on
correct action by the NSLP, reading in part:

   Certain security aspects of GIST operation depend on signalling
   application behaviour: a poorly implemented or compromised NSLP could
   degrade GIST security.  However, the degradation would only affect
   GIST handling of the NSLP's own signalling traffic or overall
   resource usage at the node where the weakness occurred, and
   implementation weakness or compromise could have just as great an
   effect within the NSLP itself.  The relevant aspects of NSLP
   behaviour are as follows:

   o  GIST depends on NSLPs to choose SIDs appropriately
      (Section 4.1.3).  If NSLPs choose non-random SIDs this makes off-
      path attacks based on SID guessing easier to carry out.  NSLPs can
      also leak information in structured SIDs, but they could leak
      similar information in the NLSP payload data anyway.
msg486 Author: reh Date: 2007-02-12.22:00:34 
From Sam Hartman:

The advice at the end of section 3.5 indicates that there is a DOS attack if
SIDs are not cryptographically random, but only requires at a SHOULD level that
they be cryptographically random.  Why is this not a MUST? 

Also, given the security properties of SIDs, is it really appropriate for each
NSLP to choose the SID itself?  In particular, without making assumptions about
lack of structure in a SID, how can you analyze the structure of GIST?  Could an
NSLP embed IP addresses or other structured data in a SID?  If so, wouldn't that
have an adverse security impact?
History
Date User Action Args
2007-02-13 16:33:19rehsetstatus: No Discussion -> Text Proposed
messages: + msg507
2007-02-12 22:00:35rehcreate