Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [LinkSec] Teleconf 12/17 notes

To: allyn romanow <allyn@cisco.com>
Subject: Re: [LinkSec] Teleconf 12/17 notes
From: "Marcus Leech" <mleech@nortelnetworks.com>
Date: Wed, 18 Dec 2002 11:02:52 -0500
CC: stds-802-linksec@ieee.org, Dolors Sala <dolors@ieee.org>
Organization: Nortel Networks
References: <4.3.2.7.2.20021217154913.041aaf08@mira-sjcm-3.cisco.com>
Sender: owner-stds-802-linksec@majordomo.ieee.org


allyn romanow wrote:

> 
> Security is a system design, 802 is at the MACs only
> look at DOCSIS - similar problem?
> yes, same concerns as EPON
> prevent theft of service and protect customers from each other
> 
> Dolors - DOCSIS encaps the entire frame
> put fields in front of the frame
> 802.16 arch is very similar to DOCSIS
> no fields in clear outside?
> single key upstream, multiple keys downstream, 1 SA upstream
> 
> [SA= Security Association]
> Mick - each receeiver on LAN only has to decrypt under 1 key
> The problem is which key should you use to decrypt? if receive frame
> from upstream
> headend receives all frames
> several SAs, headend belongs to all
> multiple multicast SAs on downstream
> SA sent in clear, the rest is protected
> protects one listener from another
> down stream cable modems, headend uses different keys for different
> cable modems
> one key for me, one for each group, get the SAID in clear which says
> which key to use
> encrypt after the first 12 bytes of the frame, first 12 Bytes not encrypted
> CRC encrypted, so if change source address or destination address,
> need to change CRC
> CRC is a guessing game, not a hamming distance
> would cause trouble in 802.3
> some people think still need hamming distance of 4
I've never been clear on what "upstream" and "downstream" mean in cable plants, so
  bear with me.  If the stream from the headend to the subscriber is protected
  by a single key shared among all subscribers, then it is based on an assumption
  about "average" use of the service--namely web surfing.  The data coming from
  the headend is either cleartext dancing bears on port 80, in which case, having
  your neighbour be able to see that is no big deal.  If it isn't on port 80,
  it's on port 443, which means your neighbour can't see it due to the encryption
  happening at higher layers.

There are two problems with this:

  o Security model based on "average use" case.  Since they have to do key
    management anyway (to arrange for keys between the subscriber and the headend),
    it seems that they already have the infrastructure necessary to "do it right".

  o Ability for me to inject packets that appear to be coming from the headend
    is restricted purely by the fact that off-the-shelf DOCSIS modems don't
    allow users to inject traffic onto the cable on the stream that the headend
    sends on.  This is assuming a threat model where the bad guy is lazy.
    He already has the key, all he needs is some special hardware, and the DOCSIS
    specification, and he can inject traffic onto the cable.  Granted the bad
    guy needs motivation and a little bit of cash to do this, but security models
    based on assumptions of laziness and poor finances are generally very bad.


-- 
----------------------------------------------------------------------
Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
Advisor                                  Phone: (ESN) 393-9145  +1 613 763 9145
Security Architecture and Planning       Fax:   (ESN) 393-9435  +1 613 763 9435
Nortel Networks                          mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------

References:
- [LinkSec] Teleconf 12/17 notes
  - From: allyn romanow <allyn@cisco.com>

Prev by Date: [LinkSec] Link Security SG meeting attendance
Next by Date: [LinkSec] Reminder: pre-registration for January meeting
Prev by thread: Re: [LinkSec] Teleconf 12/17 notes
Next by thread: Re: [LinkSec] Teleconf 12/17 notes: DOCSIS pointers
Index(es):
- Date
- Thread