datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Security Threats for Next Steps in Signaling (NSIS)
RFC 4081

Document type: RFC - Informational (June 2005)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html
IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned
IESG State: RFC 4081 (Informational)
Responsible AD: Allison Mankin
Send notices to: john.loughney@nokia.com
Email Authors | IPR Disclosures | References | Referenced By | Check nits | History feed | Search Mailing Lists 
Network Working Group                                      H. Tschofenig
Request for Comments: 4081                                D. Kroeselberg
Category: Informational                                          Siemens
                                                               June 2005

          Security Threats for Next Steps in Signaling (NSIS)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This threats document provides a detailed analysis of the security
   threats relevant to the Next Steps in Signaling (NSIS) protocol
   suite.  It calls attention to, and helps with the understanding of,
   various security considerations in the NSIS Requirements, Framework,
   and Protocol proposals.  This document does not describe
   vulnerabilities of specific parts of the NSIS protocol suite.

Table of Contents

   1. Introduction ....................................................2
   2. Communications Models ...........................................3
   3. Generic Threats .................................................7
      3.1. Man-in-the-Middle Attacks ..................................8
      3.2. Replay of Signaling Messages ..............................11
      3.3. Injecting or Modifying Messages ...........................11
      3.4. Insecure Parameter Exchange and Negotiation ...............12
   4. NSIS-Specific Threat Scenarios .................................12
      4.1. Threats during NSIS SA Usage ..............................13
      4.2. Flooding ..................................................13
      4.3. Eavesdropping and Traffic Analysis ........................15
      4.4. Identity Spoofing .........................................15
      4.5. Unprotected Authorization Information .....................17
      4.6. Missing Non-Repudiation ...................................18
      4.7. Malicious NSIS Entity .....................................19
      4.8. Denial of Service Attacks .................................20
      4.9. Disclosing the Network Topology ...........................21
      4.10. Unprotected Session or Reservation Ownership .............21
      4.11. Attacks against the NTLP .................................23

Tschofenig & Kroeselberg     Informational                      [Page 1]
RFC 4081               Security Threats for NSIS               June 2005

   5. Security Considerations ........................................23
   6. Contributors ...................................................24
   7. Acknowledgements ...............................................24
   8. References .....................................................25
      8.1. Normative References ......................................25
      8.2. Informative References ....................................25

1.  Introduction

   Whenever a new protocol is developed or existing protocols are
   modified, threats to their security should be evaluated.  To address
   security in the NSIS working group, a number of steps have been
   taken:

      NSIS Analysis Activities (see [RSVP-SEC] and [SIG-ANAL])

      Security Threats for NSIS

      NSIS Requirements (see [RFC3726])

      NSIS Framework (see [RFC4080])

      NSIS Protocol Suite (see GIMPS [GIMPS], NAT/Firewall NSLP
      [NATFW-NSLP] and QoS NSLP [QOS-NSLP])

   This document identifies the basic security threats that need to be
   addressed during the design of the NSIS protocol suite.  Even if the
   base protocol is secure, certain extensions may cause problems when
   used in a particular environment.

   This document cannot provide detailed threats for all possible NSIS
   Signaling Layer Protocols (NSLPs).  QoS [QOS-NSLP], NAT/Firewall
   [NATFW-NSLP], and other NSLP documents need to provide a description
   of their trust models and a threat assessment for their specific
   application domain.  This document aims to provide some help for the
   subsequent design of the NSIS protocol suite.  Investigations of
   security threats in a specific architecture or context are outside
   the scope of this document.

   We use the NSIS terms defined in [RFC3726] and in [RFC4080].

Tschofenig & Kroeselberg     Informational                      [Page 2]
RFC 4081               Security Threats for NSIS               June 2005

2.  Communications Models

   The NSIS suite of protocols is envisioned to support various
   signaling applications that need to install and/or manipulate state
   at nodes along the data flow path through the network.  As such, the

[include full document text]