The Secure Neighbor Discovery (SEND) Hash Threat Analysis
RFC 6273
|
| Document |
Type |
|
RFC - Informational
(June 2011; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Replaces |
|
draft-kukec-csi-hash-threat
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
html
bibtex
|
|
Reviews |
|
|
| Stream |
WG state
|
|
WG Document
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 6273 (Informational)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Ralph Droms
|
|
IESG note |
|
Document shepherd: Marcelo Bagnulo (marcelo@it.uc3m.es)
|
|
Send notices to |
|
(None)
|
Internet Engineering Task Force (IETF) A. Kukec
Request for Comments: 6273 University of Zagreb
Category: Informational S. Krishnan
ISSN: 2070-1721 Ericsson
S. Jiang
Huawei Technologies Co., Ltd
June 2011
The Secure Neighbor Discovery (SEND) Hash Threat Analysis
Abstract
This document analyzes the use of hashes in Secure Neighbor Discovery
(SEND), the possible threats to these hashes and the impact of recent
attacks on hash functions used by SEND. The SEND specification
currently uses the SHA-1 hash algorithm and PKIX certificates
and does not provide support for hash algorithm agility. This
document provides an analysis of possible threats to the hash
algorithms used in SEND.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6273.
Kukec, et al. Informational [Page 1]
RFC 6273 SEND Hash Threat Analysis June 2011
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Impact of Collision Attacks on SEND . . . . . . . . . . . . . . 3
2.1. Attacks against CGAs Used in SEND . . . . . . . . . . . . . 3
2.2. Attacks against PKIX Certificates in Authorization
Delegation Discovery Process . . . . . . . . . . . . . . . 3
2.3. Attacks against the Digital Signature in the SEND RSA
Signature Option . . . . . . . . . . . . . . . . . . . . . 4
2.4. Attacks against the Key Hash Field of the SEND RSA
Signature Option . . . . . . . . . . . . . . . . . . . . . 4
3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative References . . . . . . . . . . . . . . . . . . . 5
6.2. Informative References . . . . . . . . . . . . . . . . . . 5
1. Introduction
SEND [RFC3971] uses the SHA-1 hash algorithm [SHA1] to generate the
contents of the Key Hash field and the Digital Signature field of the
RSA Signature option. It also indirectly uses a hash algorithm
(SHA-1, MD5, etc.) in the PKIX certificates [RFC5280] used for router
authorization in the Authorization Delegation Discovery (ADD)
process. Recently there have been demonstrated attacks against the
collision free property of such hash functions [SHA1-COLL] and
attacks on the PKIX X.509 certificates that use the MD5 hash
algorithm [X509-COLL]. The document analyzes the impacts of these
attacks on SEND and it recommends mechanisms to make SEND resistant
to such attacks.
Kukec, et al. Informational [Page 2]
RFC 6273 SEND Hash Threat Analysis June 2011
2. Impact of Collision Attacks on SEND
[RFC4270] summarizes a study that assesses the threat of the
aforementioned attacks on the use of cryptographic hashes in Internet
protocols. This document analyzes the hash usage in SEND following
the approach recommended by [RFC4270] and [NEW-HASHES].
The following sections discuss the various aspects of hash usage in
SEND and determine whether they are affected by the attacks on the
underlying hash functions.
Show full document text