Security Threats for Next Steps in Signaling (NSIS)
RFC 4081
|
| Document |
Type |
|
RFC - Informational
(June 2005; No errata)
|
|
Last updated |
|
2013-03-02
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 4081 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Allison Mankin
|
|
Send notices to |
|
john.loughney@nokia.com
|
Network Working Group H. Tschofenig
Request for Comments: 4081 D. Kroeselberg
Category: Informational Siemens
June 2005
Security Threats for Next Steps in Signaling (NSIS)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This threats document provides a detailed analysis of the security
threats relevant to the Next Steps in Signaling (NSIS) protocol
suite. It calls attention to, and helps with the understanding of,
various security considerations in the NSIS Requirements, Framework,
and Protocol proposals. This document does not describe
vulnerabilities of specific parts of the NSIS protocol suite.
Table of Contents
1. Introduction ....................................................2
2. Communications Models ...........................................3
3. Generic Threats .................................................7
3.1. Man-in-the-Middle Attacks ..................................8
3.2. Replay of Signaling Messages ..............................11
3.3. Injecting or Modifying Messages ...........................11
3.4. Insecure Parameter Exchange and Negotiation ...............12
4. NSIS-Specific Threat Scenarios .................................12
4.1. Threats during NSIS SA Usage ..............................13
4.2. Flooding ..................................................13
4.3. Eavesdropping and Traffic Analysis ........................15
4.4. Identity Spoofing .........................................15
4.5. Unprotected Authorization Information .....................17
4.6. Missing Non-Repudiation ...................................18
4.7. Malicious NSIS Entity .....................................19
4.8. Denial of Service Attacks .................................20
4.9. Disclosing the Network Topology ...........................21
4.10. Unprotected Session or Reservation Ownership .............21
4.11. Attacks against the NTLP .................................23
Tschofenig & Kroeselberg Informational [Page 1]
RFC 4081 Security Threats for NSIS June 2005
5. Security Considerations ........................................23
6. Contributors ...................................................24
7. Acknowledgements ...............................................24
8. References .....................................................25
8.1. Normative References ......................................25
8.2. Informative References ....................................25
1. Introduction
Whenever a new protocol is developed or existing protocols are
modified, threats to their security should be evaluated. To address
security in the NSIS working group, a number of steps have been
taken:
NSIS Analysis Activities (see [RSVP-SEC] and [SIG-ANAL])
Security Threats for NSIS
NSIS Requirements (see [RFC3726])
NSIS Framework (see [RFC4080])
NSIS Protocol Suite (see GIMPS [GIMPS], NAT/Firewall NSLP
[NATFW-NSLP] and QoS NSLP [QOS-NSLP])
This document identifies the basic security threats that need to be
addressed during the design of the NSIS protocol suite. Even if the
base protocol is secure, certain extensions may cause problems when
used in a particular environment.
This document cannot provide detailed threats for all possible NSIS
Signaling Layer Protocols (NSLPs). QoS [QOS-NSLP], NAT/Firewall
[NATFW-NSLP], and other NSLP documents need to provide a description
of their trust models and a threat assessment for their specific
application domain. This document aims to provide some help for the
subsequent design of the NSIS protocol suite. Investigations of
security threats in a specific architecture or context are outside
the scope of this document.
We use the NSIS terms defined in [RFC3726] and in [RFC4080].
Tschofenig & Kroeselberg Informational [Page 2]
RFC 4081 Security Threats for NSIS June 2005
2. Communications Models
The NSIS suite of protocols is envisioned to support various
signaling applications that need to install and/or manipulate state
at nodes along the data flow path through the network. As such, the
NSIS protocol suite involves the communication between different
entities.
This section offers terminology for common communication models that
are relevant to securing the NSIS protocol suite.
An abstract network topology with its administrative domains is shown
Show full document text