Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[LinkSec] RE: [802.1] Proposal on link layer security

To: <saidatta@in.ibm.com>, <stds-802-1@ieee.org>, <stds-802-linksec@ieee.org>
Subject: [LinkSec] RE: [802.1] Proposal on link layer security
From: <antti.pietilainen@nokia.com>
Date: Fri, 27 Jun 2003 16:38:50 +0300
Sender: owner-stds-802-linksec@majordomo.ieee.org
Thread-Index: AcM8YUOMHjyWk2WwQ+SN4TNq8jvBQgAR14vw
Thread-Topic: [802.1] Proposal on link layer security


Hi Sai,
You are investigating an important topic also studied by others. For example, Mohamed G. Gouda et al., Computer Networks 41(2003) p. 57-71, have presented one solution for secure ARP. Their solution is based on common secret between a server and end stations. Having to rely on common secret is not very optimal but may be the only solution.

Unfortunately, the proposal you presented would not pass peer review in a publication nor be accepted into a standard. 

First I present the main points of the proposal: 
1) It duplicates part of layer 2.5 in a hardware watchdog that checks that the upper layer behaves. 
2) For further ensuring that the watchdog behaves, its control would be restricted to the original HW designer and access by SW developers would be inhibited. 
3) In addition a new transmission speed would be introduced to inhibit old misbehaving interfaces to take part in a network of behaving interfaces.

I'll go then through the points in reverse order to show their deficiencies.
3) Changing transmission speed will work for a period that ends when the hacker has measured the new speed and changed oscillator on his card. If the line code is changed, it will also be a matter of short period after which security is broken.
2) The second point states a rule that works only if everybody obeys it. I do not understand how anybody can trust that.
1) Because of 2) there is no point in duplicating features in a watchdog because the watchdog itself may misbehave.

The proposal mentiones that there should be state-machine states that increase security. In my opinion, one should, indeed, implement states where applicable to increase network security. As an example of failior to implement protective state machines in the early days, brute force attacks were able to make millions of password tries without the target computer doing anything to protect itself.

best regards
Antti Pietilainen



   

> -----Original Message-----
> From: ext Sai Dattathrani [mailto:saidatta@in.ibm.com]
> Sent: 27 June, 2003 07:09
> To: stds-802-1@ieee.org; stds-802-linksec@ieee.org
> Subject: [802.1] Proposal on link layer security
> 
> 
> Hi,
>  I have a proposal to avoid ARP spoofing by providing 
> additional security
> checks at the MAC sub-layer. I would like to initiate a 
> discussion on the
> proposal and take it forward. I am attaching the proposal. 
> Kindly initiate
> the discussion on the same.
> (See attached file: ieee_proposal.txt)
> 
> rgds,
> Sai
>

Prev by Date: [LinkSec] White paper on authentication
Next by Date: Re: [LinkSec] Re: [802.1] September interim
Prev by thread: [LinkSec] White paper on authentication
Next by thread: [LinkSec] RE: [802.1] Proposal on link layer security
Index(es):
- Date
- Thread