Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Hello
all
Below
is a proposal that has initial focus in single link security. The proposal
is to develop approximately three scenarios in parallel instead of choosing only
man-in-the-middle case. For following telecom regulations, operators do not
have to consider man-in-the-middle in wired networks. They are not
held responsible against physical intervention because they have to follow
regulations of certain level of physical protection. If the man-in-the-middle
"over engineering" comes with added cost, there has to
be a lower-cost alternative to be competitive.
Important customers may require protection against man-in-the-middle.
Therefore, this case deserves attention too.
Below
are the cases. The accompanying text is intended to show the differences between
the cases in support of developing all three cases in
parallel.
1)
Man-in-the-middle attack possible; by solving this, one solves any imaginable
attack
To
attack:
-Requires physical intervention in wired networks
-Requires relatively sophisticated equipment and expertise to avoid getting
caught
To protect:
-A large spectrum of malicious
behaviour must be covered
-Most probably a shared
secret or other shared information is recuired
for establishing secure connection
In 2)
and 3), man in-the-middle case is not considered
2)
Eavesdropping in both directions possible
To attack:
-Requires physical intervention in
wired point-to-point networks
-After the tap has
been inserted, eavesdropping is simple with standard PC
-Theoretically in rare cases possible in
EPON without physical intervention
To protect:
-Establishing encrypted connection is
possible even without shared information.
-Easier to authenticate packets than
in case 1)
3) EPON. Eavesdropping in one
direction easy, in other direction very limited
To attack:
-Extremely tempting to do in EPON because
physical intervention is not required and risk of getting caught is
practically non-existent
To protect:
-Same advantages as in case 2)
-May be lower cost than 2) because
initially upstream traffic may be unencrypted. Doing this involves a
small risk, however
-Sending encryption keys upstream in clear
text may be considered too risky.
In
cases 2) and 3) a suitable level of
protection against replay and jamming should be
considered. Both attacks will probably impair bit error ratio
severely so they may be detected easily.
Antti Pietiläinen
|