A toxonomy of eavesdropping attacks
draft-richardson-saag-onpath-attacker-01
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Author | Michael Richardson | ||
| Last updated | 2020-12-29 | ||
| RFC stream | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-richardson-saag-onpath-attacker-01
anima Working Group M. Richardson
Internet-Draft Sandelman Software Works
Intended status: Standards Track 29 December 2020
Expires: 2 July 2021
A toxonomy of eavesdropping attacks
draft-richardson-saag-onpath-attacker-01
Abstract
The terms on-path attacker and Man-in-the-Middle Attack have been
used in a variety of ways, sometimes interchangeably, and sometimes
meaning different things.
This document offers an update on terminology for network attacks. A
consistent set of terminology is important in describing what kinds
of attacks a particular protocol defends against, and which kinds the
protocol does not.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 July 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
Richardson Expires 2 July 2021 [Page 1]
Internet-Draft MITM December 2020
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Three kinds of attack . . . . . . . . . . . . . . . . . . . . 3
2.1. First Kind of attack . . . . . . . . . . . . . . . . . . 3
2.2. Second Kind of attack . . . . . . . . . . . . . . . . . . 4
2.3. Second Kind of attack with bypass . . . . . . . . . . . . 4
2.4. Third Kind of attack . . . . . . . . . . . . . . . . . . 5
3. Three proposals on terminology . . . . . . . . . . . . . . . 6
3.1. QUIC terms . . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Malory/Man in various places . . . . . . . . . . . . . . 6
3.3. Council of Attackers . . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
7. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . 7
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
A number of terms have been used to describe attacks against
networks.
In the [dolevyao] paper, the attacker is assumed to be able to:
* view messages as they are transmitted
* selectively delete messages
* selectively insert or modify messages
Richardson Expires 2 July 2021 [Page 2]
Internet-Draft MITM December 2020
Some authors refer to such an attacker as an "on-path" attack
[reference], or a "Man-in-the-Middle" attack [reference]. In
general, most authors form a clear consensus about this mode. Some
authors are not happy with the gender of the attack ("Man") being
assumed, and have sought other terminology.
Where opinions diverge is what to call other forms of attack or
eavesdropping.
The term "passive attack" has been used in many cases to describe
situations where the attacker can only observe messages, but can not
intersept, modify or delete any messages.
There are situations where an eavesdropper has a better network
connection than the actual corresponds, and so while no messages can
be removed, such an attacker may be able to beat the original packet
in a race.
The summary is that there are probably three variations of attack:
1. An on-path attacker that can view, delete and modify messages.
This is the Dolev-Yao attack.
2. An off-path attacker that can view messages and insert new
messages.
3. An off-path attacker that can only view messages.
2. Three kinds of attack
The attacks are numbered in this section as no consensus on naming
the attacks yet. In the diagrams below, the sender is named "Alice",
and the recipient is named "Bob", as is typical in many cryptographic
protocols [alicebob], as first introduced by [digisign].
The attacker in is named "Mallory"
.-------. .-----.
| Alice |------------------>| Bob |
'-------' '-----'
Figure 1: Alice communicating with Bob
2.1. First Kind of attack
In this attack, the attacker is involved with the forwarding of the
packets. A firewall or network router is ideally placed for this
attack.
Richardson Expires 2 July 2021 [Page 3]
Internet-Draft MITM December 2020
.-------. *********** .-----.
| Alice |------* Mallory *------>| Bob |
'-------' *********** '-----'
Figure 2: The first kind of attack
In this case Mallory can:
* view all packets
* selectively forward or drop any packet
* modify any packets that is forwarded
* insert additional packets
2.2. Second Kind of attack
In this attack, the attacker is not involved with the forwarding of
the packets. The attacker receives a copy of packets that are sent.
This could be from, for instance, a mirror port or SPAN [span].
Alternatively, a copy of traffic may be obtained via passive
(optical) tap [fibertap].
.-------. .-----.
| Alice |---------.------------->| Bob |
'-------' | '-----'
v
***********
* Mallory *
***********
Figure 3: The second kind of attack
In this case Mallory can:
* view all packets
2.3. Second Kind of attack with bypass
In some cases, Mallory may be able to send messages to Bob via
another route which due to some factor will arrive at Bob prior to
the original message from Alice.
Richardson Expires 2 July 2021 [Page 4]
Internet-Draft MITM December 2020
.-------. .->--. .-----.
| Alice |---------------| | | .>| Bob |
'-------' | | | | | '-----'
| | | v | ^
| | | | | |
v '--> '->| |
*********** |
* Mallory *---------------------'
***********
Figure 4: The second kind of attack with bypass
In that case Mallory can:
* view all packets
* insert additional/copied packets into the stream
But Mallory will be unable to drop or modify the original packets.
Bob however, may be unable to distinguish packets from Alice vs
packets sent from Mallory that purport to be from Alice.
2.4. Third Kind of attack
The third kind of attack is one in which Mallory can not see any
packets from Alice. This is usually what is meant by an "off-path"
attack. Mallory can usually forge packets purporting to be from
Alice, but can never see Alice's actual packets.
.-------. .-----.
| Alice |--------------------------->| Bob |
'-------' '-----'
^
|
|
*********** |
* Mallory *---------------------'
***********
Figure 5: The third kind of attack
In this case Mallory can:
* insert additional packets
Richardson Expires 2 July 2021 [Page 5]
Internet-Draft MITM December 2020
3. Three proposals on terminology
This document aspires to pick a single set of terms and explain them.
3.1. QUIC terms
[quic] ended up with a different taxonomy:
* nn-path [Dolev-Yao]
* Limited on-path (cannot delete)
* Off-path
3.2. Malory/Man in various places
[malory] proposes:
* man-in-the-middle [Dolev-Yao]
* man-on-the-side
* man-in-the-rough
Alternatively:
* Malory-in-the-middle [Dolev-Yao]
* Malory-on-the-side
* Malory-in-the-rough
3.3. Council of Attackers
[alliteration] proposes the "the council of attackers"
* malicious messenger [Dolev-Yao: who rewrites messages sent]
* oppressive observer [who uses your information against you]
* off-path attacker
4. Security Considerations
This document introduces a set of terminology that will be used in
many Security Considerations sections.
Richardson Expires 2 July 2021 [Page 6]
Internet-Draft MITM December 2020
5. IANA Considerations
This document makes no IANA requests.
6. Acknowledgements
The SAAG mailing list.
7. Changelog
8. References
8.1. Normative References
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>.
8.2. Informative References
[alicebob] "Alice and Bob", 2020,
<https://en.wikipedia.org/wiki/Alice_and_Bob>.
[alliteration]
"Council of Attackers", 2020,
<https://mailarchive.ietf.org/arch/msg/saag/
R0uevzT0Vz9uqqaxiu98GtK1rks/>.
[digisign] Rivest, R.L., Shamir, A., and L. Adleman, "A method for
obtaining digital signatures and public-key
cryptosystems", February 1978,
<https://doi.org/10.1145/359340.359342>.
[dolevyao] "On the Security of Public Key Protocols", 1983,
<https://www.cs.huji.ac.il/~dolev/pubs/dolev-yao-ieee-
01056650.pdf>.
[fibertap] "Fiber Tap", 2020,
<https://en.wikipedia.org/wiki/Room_641A>.
[malory] "Man-in-the-Middle", 2020,
<https://mailarchive.ietf.org/arch/msg/saag/b26jvEz4NRHSm-
Xva6Lv5-L8QIA/>.
[quic] "QUIC terms for attacks", 2020,
<https://mailarchive.ietf.org/arch/msg/saag/
wTtDYlRAADMmgqd6Vhm8rFybr_g/>.
Richardson Expires 2 July 2021 [Page 7]
Internet-Draft MITM December 2020
[span] "Port Mirroring", 2020,
<https://en.wikipedia.org/wiki/Port_mirroring>.
Contributors
Author's Address
Michael Richardson
Sandelman Software Works
Email: mcr+ietf@sandelman.ca
Richardson Expires 2 July 2021 [Page 8]