The Secure Neighbor Discovery (SEND) Hash Threat Analysis
RFC 6273
Document Type RFC - Informational (June 2011; No errata)
Authors Suresh Krishnan  , Ana Kukec  , Sheng Jiang 
Last updated 2015-10-14
Replaces draft-kukec-csi-hash-threat
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Last Call Review
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 6273 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Ralph Droms
IESG note Document shepherd: Marcelo Bagnulo (marcelo@it.uc3m.es)
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Internet Engineering Task Force (IETF)                          A. Kukec
Request for Comments: 6273                          University of Zagreb
Category: Informational                                      S. Krishnan
ISSN: 2070-1721                                                 Ericsson
                                                                S. Jiang
                                            Huawei Technologies Co., Ltd
                                                               June 2011

       The Secure Neighbor Discovery (SEND) Hash Threat Analysis

Abstract

   This document analyzes the use of hashes in Secure Neighbor Discovery
   (SEND), the possible threats to these hashes and the impact of recent
   attacks on hash functions used by SEND.  The SEND specification
   currently uses the SHA-1 hash algorithm and PKIX certificates
   and does not provide support for hash algorithm agility.  This
   document provides an analysis of possible threats to the hash
   algorithms used in SEND.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any
   errata, and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6273.

Kukec, et al.                 Informational                     [Page 1]
RFC 6273                SEND Hash Threat Analysis              June 2011

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Impact of Collision Attacks on SEND . . . . . . . . . . . . . . 3
     2.1.  Attacks against CGAs Used in SEND . . . . . . . . . . . . . 3
     2.2.  Attacks against PKIX Certificates in Authorization
           Delegation Discovery Process  . . . . . . . . . . . . . . . 3
     2.3.  Attacks against the Digital Signature in the SEND RSA
           Signature Option  . . . . . . . . . . . . . . . . . . . . . 4
     2.4.  Attacks against the Key Hash Field of the SEND RSA
           Signature Option  . . . . . . . . . . . . . . . . . . . . . 4
   3.  Conclusion  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 4
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 5
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 5
     6.1.  Normative References  . . . . . . . . . . . . . . . . . . . 5
     6.2.  Informative References  . . . . . . . . . . . . . . . . . . 5

1.  Introduction

   SEND [RFC3971] uses the SHA-1 hash algorithm [SHA1] to generate the
   contents of the Key Hash field and the Digital Signature field of the
   RSA Signature option.  It also indirectly uses a hash algorithm
   (SHA-1, MD5, etc.) in the PKIX certificates [RFC5280] used for router
   authorization in the Authorization Delegation Discovery (ADD)
   process.  Recently there have been demonstrated attacks against the
   collision free property of such hash functions [SHA1-COLL] and
   attacks on the PKIX X.509 certificates that use the MD5 hash
   algorithm [X509-COLL].  The document analyzes the impacts of these
   attacks on SEND and it recommends mechanisms to make SEND resistant
   to such attacks.

Kukec, et al.                 Informational                     [Page 2]
RFC 6273                SEND Hash Threat Analysis              June 2011

2.  Impact of Collision Attacks on SEND

   [RFC4270] summarizes a study that assesses the threat of the
   aforementioned attacks on the use of cryptographic hashes in Internet
   protocols.  This document analyzes the hash usage in SEND following
   the approach recommended by [RFC4270] and [NEW-HASHES].

   The following sections discuss the various aspects of hash usage in
   SEND and determine whether they are affected by the attacks on the
   underlying hash functions.
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools