Security Threats for Next Steps in Signaling (NSIS)
RFC 4081
Document | Type | RFC - Informational (June 2005; No errata) | |
---|---|---|---|
Authors | Dirk Kroeselberg , Hannes Tschofenig | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4081 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Allison Mankin | ||
Send notices to | john.loughney@nokia.com |
Network Working Group H. Tschofenig Request for Comments: 4081 D. Kroeselberg Category: Informational Siemens June 2005 Security Threats for Next Steps in Signaling (NSIS) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This threats document provides a detailed analysis of the security threats relevant to the Next Steps in Signaling (NSIS) protocol suite. It calls attention to, and helps with the understanding of, various security considerations in the NSIS Requirements, Framework, and Protocol proposals. This document does not describe vulnerabilities of specific parts of the NSIS protocol suite. Table of Contents 1. Introduction ....................................................2 2. Communications Models ...........................................3 3. Generic Threats .................................................7 3.1. Man-in-the-Middle Attacks ..................................8 3.2. Replay of Signaling Messages ..............................11 3.3. Injecting or Modifying Messages ...........................11 3.4. Insecure Parameter Exchange and Negotiation ...............12 4. NSIS-Specific Threat Scenarios .................................12 4.1. Threats during NSIS SA Usage ..............................13 4.2. Flooding ..................................................13 4.3. Eavesdropping and Traffic Analysis ........................15 4.4. Identity Spoofing .........................................15 4.5. Unprotected Authorization Information .....................17 4.6. Missing Non-Repudiation ...................................18 4.7. Malicious NSIS Entity .....................................19 4.8. Denial of Service Attacks .................................20 4.9. Disclosing the Network Topology ...........................21 4.10. Unprotected Session or Reservation Ownership .............21 4.11. Attacks against the NTLP .................................23 Tschofenig & Kroeselberg Informational [Page 1] RFC 4081 Security Threats for NSIS June 2005 5. Security Considerations ........................................23 6. Contributors ...................................................24 7. Acknowledgements ...............................................24 8. References .....................................................25 8.1. Normative References ......................................25 8.2. Informative References ....................................25 1. Introduction Whenever a new protocol is developed or existing protocols are modified, threats to their security should be evaluated. To address security in the NSIS working group, a number of steps have been taken: NSIS Analysis Activities (see [RSVP-SEC] and [SIG-ANAL]) Security Threats for NSIS NSIS Requirements (see [RFC3726]) NSIS Framework (see [RFC4080]) NSIS Protocol Suite (see GIMPS [GIMPS], NAT/Firewall NSLP [NATFW-NSLP] and QoS NSLP [QOS-NSLP]) This document identifies the basic security threats that need to be addressed during the design of the NSIS protocol suite. Even if the base protocol is secure, certain extensions may cause problems when used in a particular environment. This document cannot provide detailed threats for all possible NSIS Signaling Layer Protocols (NSLPs). QoS [QOS-NSLP], NAT/Firewall [NATFW-NSLP], and other NSLP documents need to provide a description of their trust models and a threat assessment for their specific application domain. This document aims to provide some help for the subsequent design of the NSIS protocol suite. Investigations of security threats in a specific architecture or context are outside the scope of this document. We use the NSIS terms defined in [RFC3726] and in [RFC4080]. Tschofenig & Kroeselberg Informational [Page 2] RFC 4081 Security Threats for NSIS June 2005 2. Communications Models The NSIS suite of protocols is envisioned to support various signaling applications that need to install and/or manipulate state at nodes along the data flow path through the network. As such, the NSIS protocol suite involves the communication between different entities. This section offers terminology for common communication models that are relevant to securing the NSIS protocol suite. An abstract network topology with its administrative domains is shownShow full document text