RE: [LinkSec] http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
Mani,
I guess that you may be assuming that security associations are not
distributed to other bridges and therefore replay attacks can only apply
at an old bridge that a station has visited before where a security
association still exists. In this scenario, the answer to your question
would be "yes".
I think that the mechanism to support secure roaming among bridges is
not well defined yet, however. If the replay can be done to other bridge
nodes such as in the case where security associations are shared among
bridges but without proper replay protection, this can be an even more
serious threat.
Xinhua "Joshua" Zhao
Scientist
Cranite Systems, Inc.
6620 Via Del Oro
Second Floor
San Jose, CA 95119
-----Original Message-----
From: Mani, Mahalingam (Mahalingam) [mailto:mmani@avaya.com]
Sent: Thursday, January 02, 2003 7:05 PM
To: Joshua Zhao; mick_seaman@ieee.org; stds-802-linksec@ieee.org
Subject: RE: [LinkSec]
http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
That's a valid threat.
Is such a threat a concern for just the window of time that 'older'
bridge takes to age its controlled port closed in the absence of a
dissociate?
-mani
> -----Original Message-----
> From: Joshua Zhao [mailto:jzhao@cranite.com]
> Sent: Thursday, January 02, 2003 6:34 PM
> To: mick_seaman@ieee.org; stds-802-linksec@ieee.org
> Subject: RE: [LinkSec]
> http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
>
>
> I just want to comment on the potential threat that replays can pose.
>
> Lack of replay attack can potentially be detriment to support for
> roaming. In case that the bridges use the arriving of legitimate
frames
> from a certain station on a given port to infer the current attachment
> point of the station, replays at an access point other than the
> station's current point of attachment can potentially mislead the
system
> as to the whereabouts of the station. This could be a serious threat.
>
> Regards,
>
> Joshua
> Scientist
> Cranite Systems, Inc.
> 6620 Via Del Oro
> San Jose, California 95119
>
> > -----Original Message-----
> > From: Mick Seaman [mailto:mick_seaman@ieee.org]
> > Sent: Thursday, January 02, 2003 1:23 PM
> > To: stds-802-linksec@ieee.org
> > Subject: RE: [LinkSec]
> > http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
> >
> >
> > Russ,
> >
> > Thanks for the comments.
> >
> > On the subject of replay you are right, generally I am not concerned
> about
> > replay being used to subvert a service for which most critical
> > communication
> > is using an ordering/sequencing/duplicate suppression protocol on
top.
> > However I would like to understand more about the threat that replay
> could
> > pose at this layer, my imagination is not doing a great job on this
> > subject
> > so any examples (other than ones that simply result in denial of
> service)
> > would help.
> >
[...]