Re: Authentication Mechanism Matrix (was L2TP vs IPSEC)

[Ben McCann <bmccann@xxxxxxxxxxxxxx>]

"CHINNA N.R. PELLACURU" wrote:
> 
> Consider this model:
> 
> You add anohter AV pair to whatever legacy authentication server you are
> using today, like a IKE-Pre-Shared-Key attribute. Now, we fetch the
> pre-shared key from the legacy authentication server, and do the IKE
> pre-shared key authentication in a way that it is not vulnerable to
> passive off-line dictionary attacks. This will do the authentication of
> the user in a way that IPSRA wants.

It is not safe to "fetch" the preshared key from the authentication
server because now that server becomes an "oracle" that can be asked
"Give me the pre-shared key for user FOO". The current Radius mechanism
accepts queries of the form "Is FOO's password equal to BAR" and returns
TRUE or FALSE. It requires an active dictionary attack to learn FOO's
password is BAR rather than just _asking_ the server.

I know you could authenticate the gateway to the Radius server but
I assert a PASS/FAIL mechanism has to be safer than just 'Tell me
the secret' no matter how strongly you authenticate the gateway. So,
I doubt the AAA group or the IAB would support a Radius change that
requires the radius server to divulge the authentication secret.

-Ben McCann

-- 
Ben McCann                              Indus River Networks
                                        31 Nagog Park
                                        Acton, MA, 01720
email: bmccann@xxxxxxxxxxxxxx           web: www.indusriver.com 
phone: (978) 266-8140                   fax: (978) 266-8111