[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: evaluation draft



I believe you have missed some important points in your DoS analysis.
All proposals are suceptible to DoS as all of them either perform a DH key
exchange or perform some kind of RSA operation.
It is not important if the machine being DoS is running IKE (as is the case
with most proposals) or another protocol (GetCert, PIC?)
Your analysis is based on the assumption that RSA private operations (i.e.
RSA signatures) are more expensive than RSA public operarions (i.e. RSA
verifications).
You must note the following:
While in practice RSA verification is faster than RSA signature this is NOT
the case when you have a DoS attack.
While RSA private operations can be accelerated using CRT (as well as by
using some precomputation techniques), RSA public operations cannot.
An attacker can use a public key with a large exponent with or without a
large modulus to mount a DoS attack.
Note that in Hybrid the security gateway does not perform any RSA public
operation and is therefore better protected even compared to regular IKE
with certs!

In order to mount a DoS attack in a PIC/GetCert  environment:
1. One can mount an attack on the server running PIC/Get cert.
2. One can mount an attack on the server running IKE. Since these IKE
servers use RSA signatures to authenticate the clients they are suceptible
to a large RSA exponent (or modulus) DoS attack as well as the fact that
they are required to perform DH.

You have made some remraks that XAUTH  has a weakness of known plaintext at
fixed locations.
I believe that you have raised this issue more than once and more than once
have been proven wrong.
First, because any crypographic protocol can be argued to have known
plaintext in it.
Second, because one assumes that the cipher used to protect the exchange is
strong enough and if it is not, then all bets are off.
I can't understand why you repeat this argument.


Tamir.