[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG/Authors Opinions please :draft-cruickshank-ipdvb-sec-req-03.txt

To: ipdvb@erg.abdn.ac.uk
Subject: Re: WG/Authors Opinions please :draft-cruickshank-ipdvb-sec-req-03.txt
From: Michael Noisternig <mnoist@cosy.sbg.ac.at>
Date: Tue, 15 Aug 2006 21:47:12 +0200
In-reply-to: <>
References: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Thunderbird 1.5.0.5 (Windows/20060719)

Hello George,

thanks for commenting on this. See below.

George Gross wrote:

Hi Michael,

in looking over this thread, I think that there might be confusion about
which threat model is being assumed by you versus the one assumed by
Prashant. The group key management subsystem does the authentication and
authorization of the IPDVB group membership. The network's security policy
administrator decides what constitutes a group's membership and whether
there is an unacceptable risk of an insider attack that the group must be
defended against.

For a basic security policy, group authentication is sufficient because
group members are trusted.  Source authentication using digital signature
or TESLA is not required. In the event that the group's authentication key
is compromised then the scope of the damage is limited to only that group
rather than all groups sharing that MPEG TS. Limiting the size of each
group can help minimize this risk.

For a security policy that considers an insider attack a risk, then source
authentication would be a reasonable mechanism to counter that
vulnerability.  However, I have not heard on this list any use cases that
would need that service at layer-2.

This is exactly what I was talking about. I am fully aware that insiderattacks are more unlikely than attacks from outside a VPN (or virtualLAN, to stay with your terminology) within the ULE network, and thatmost will be fine with group authentication (i.e. MACs). (And there aregood other reasons why one would want to stick with MACs.)

I was just trying to point out that...

one can distinguish between two other cases:
(a) insider attacks, i.e. active attacks from adverseries in the know of
certain keys
    -> protection against this attack requires source authentication
(e.g. digitial signatures)
(b) outsider attacks, i.e. active attacks from outside of a VPN

-> in this case simple MACs are sufficient (i.e. group authentication)

Michael, did you have such an example in mind for IPDVB?

Yes, I was considering just another threat model in which MACs do notprovide source authentication. I guess the authors of that draft havealso considered that threat once because of mentioning TESLA.


hth,
	George


Best regards,
Michael

References:
- Re: WG/Authors Opinions please :draft-cruickshank-ipdvb-sec-req-03.txt
  - From: George Gross <gmgross@nac.net>

Prev by Date: RE: WG/Authors Opinions please :draft-cruickshank-ipdvb-sec-req-03.txt
Next by Date: New rev of WG document following WGLC (draft-ietf-ipdvb-ar-05.txt)
Previous by thread: Re: WG/Authors Opinions please :draft-cruickshank-ipdvb-sec-req-03.txt
Next by thread: Stephane Combes is out of the office.
Index(es):
- Date
- Thread