[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: ULE SEC REQ draft rev -03

To: Prashant Pillai <P.Pillai@Bradford.ac.uk>
Subject: Re: Fwd: ULE SEC REQ draft rev -03
From: Michael Noisternig <mnoist@cosy.sbg.ac.at>
Date: Fri, 06 Jul 2007 14:54:36 +0200
Cc: ipdvb@erg.abdn.ac.uk
In-reply-to: <>
References: <>
Reply-to: ipdvb@erg.abdn.ac.uk
Sender: owner-ipdvb@erg.abdn.ac.uk
User-agent: Thunderbird 2.0.0.4 (Windows/20070604)

Hi Prashant,

Regarding this paragraph from your modifications. It was only removed because we
were not very comfortable with the wordings. See Inline

I did not put much effort into the wordings because I had expected toget some feedback on that prior to publication. Sorry, I should havetold so. :/

However, the end-points of a communication might not be under central
control (such as when browsing the public internet), and then it may not
be possible to rely on end-to-end security.


End-to-end security has nothing to do with central control. Only the two
comunicating end parties are resposible for seting up any end-to-end security.
So this sentance is quite misleading as we should be able to use end-to-end
security withought any central control.

Ok, what I mean is that if the destination end-point is not under thesame control as the source, i.e. does not have the same owner (as aperson/company), then you are restricted to whatever security thedestination offers you. If it does not offer any security, there is noway to enforce it. E.g., this is true for most of the web servers in thewww.

To repeat, in such case having security for the vulnerable (in terms ofpassive attacks) ULE broadcast link is very desirable.

ULE link security will then
provide protection against attacks on the weakest link within the
communication chain, i.e. the ULE broadcast link (see section 3.2).


I am not sure if the ULE link would be the weakest link. Especially when data is
sent over the interent (the case of wesbites like you mention) I would consider
the fixed links to be vulnerable also.

Sure, the other links are vulnerable, too, if you don't have end-to-endsecurity. But compared to the ULE broadcast link wired links are muchmore secure. On the ULE broadcast link, all it takes an attacker is toswitch his receiver into some kind of promiscious mode to derive passiveattacks. To succeed in any kind of attack on a wired link of theInternet requires much more sophistication. That is why I said that theULE link was the weakest link in the communication chain. (Yes, I do notlike the wording myself, it was just to get the point.)

I think it is a case important enough to be outlined, i.e. a case where
an "ordinary" end-user (compared to a company) has no possibility to
enforce end-to-end security, yet he does not want "the whole world" to
potentially see the data he receives (e.g. the web sites he visits).
It demonstrates another reason for why ULE link layer security is
desirable, IMO.


As discussed above, I also do not really see the point of only securing the ULE
link when the interet link is unsecured. Securing only part of the link IMO
will make the other link the weakest link.

As explained above, it will make it quite harder to derive successfulattacks. You'd have to tap specific wired links the data travels over,or get access to the routers in between.


Best regards,
Michael

Follow-Ups:
- RE: Fwd: ULE SEC REQ draft rev -03
  - From: <S.Iyengar@surrey.ac.uk>

References:
- Re: Fwd: ULE SEC REQ draft rev -03
  - From: Prashant Pillai <P.Pillai@Bradford.ac.uk>

Prev by Date: Re: Fwd: ULE SEC REQ draft rev -03
Next by Date: RE: Fwd: ULE SEC REQ draft rev -03
Previous by thread: Re: Fwd: ULE SEC REQ draft rev -03
Next by thread: RE: Fwd: ULE SEC REQ draft rev -03
Index(es):
- Date
- Thread