| RE: EAP-SIM -- Protected Start/Notifybefore fast-ReAuth | <– Date –> <– Thread –> |
From: Joseph Salowey (jsalowey cisco.com)
|
|
| Date: Mon, 23 Aug 2004 11:35:00 -0400 (EDT) | |
Hi Uma, Thanks for a detailed review of the document. Comments inline below. Joe Uma Shankar Ch wrote: > Can any body answer this query -- from > "draft-haverinen-pppext-eap-sim-13.txt" > > > As of now,the protected Notification are valid only after successful > EAP-Request/SIM/Challenge round trip in full authentication or > successful EAP-Request/SIM/Re-authentication round trip in fast > re-authentication. IF the draft won't mandate protected notifications > after successful authentication there is a possibility for session > closure by the peer because of an attacker as mentioned below. > > Consider the case, when server is going for fast re-authentication > and for the same it has started with EAP-Request/SIM/Start and at > that point of time even if, EAP server wants to send a Notification > it MUST send a protected notify, otherwise an attacker can always > force the peer to close the connection just by sending a unprotected > Notification Failure followed by Failure. > [Joe] This is true, any notification sent in the clear will result in a failure. We chose not to attempt to protect from many DOS attacks on EAP-SIM as there are many in the system that we can do nothing about. Perhaps in the future a subsequent version of EAP-SIM will be able to do better. > In the similar lines, before the fast re-authentication, the > EAP-Request/SIM/Start MUST be protected, if not a man in the middle > attacker can always force the peer to reveal the permanent Identity > by changing the actual the EAP-Request/SIM/Start from AT_ANY_ID to > AT_PERMENANT_ID_REQ. Where server is expecting a valid fast-re > authentication ID and for that peer would be responding with > Permanent Identity because of the Man-In-Middle attacker. > [Joe] It is not possible to avoid this problem with EAP-SIM alone. The identity privacy offered by EAP-SIM is only slightly better than what is provided by GSM TMSI. Considerations for implementing identity privacy are discussed in several places throughout the document including section 9.1 and section 4.2.2.5. > So, is it not advisable to send EAP-Request/SIM/Start or > EAP-Request/Identity under the protection of the K_auth key derived > in full-authentication, before going for fast re-authentication. > [Joe] You are correct that the protection of these messages can help reduce the problems you described above. Unfortunately it is not possible to protect these using EAP-SIM. If this level of protection is desired then a tunneling method such as PEAP,TTLS,EAP-FAST, or IKEv2 should be used with EAP-SIM as an inner method. > Thanks in advance. > Uma S > > www.intoto.com
-
EAP-SIM -- Protected Start/Notifybefore fast-ReAuth Uma Shankar Ch, August 23 2004
- RE: EAP-SIM -- Protected Start/Notifybefore fast-ReAuth Joseph Salowey, August 23 2004
- RE: EAP-SIM -- Protected Start/Notifybefore fast-ReAuth henry.haverinen, August 24 2004
- RE: EAP-SIM -- Protected Start/Notifybefore fast-ReAuth henry.haverinen, August 30 2004
Results generated by Tiger Technologies using MHonArc.