The Secure Neighbor Discovery (SEND) Hash Threat Analysis
RFC 6273
Document | Type | RFC - Informational (June 2011; No errata) | |
---|---|---|---|
Authors | Suresh Krishnan , Ana Kukec , Sheng Jiang | ||
Last updated | 2015-10-14 | ||
Replaces | draft-kukec-csi-hash-threat | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6273 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Ralph Droms | ||
IESG note | Document shepherd: Marcelo Bagnulo (marcelo@it.uc3m.es) | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) A. Kukec Request for Comments: 6273 University of Zagreb Category: Informational S. Krishnan ISSN: 2070-1721 Ericsson S. Jiang Huawei Technologies Co., Ltd June 2011 The Secure Neighbor Discovery (SEND) Hash Threat Analysis Abstract This document analyzes the use of hashes in Secure Neighbor Discovery (SEND), the possible threats to these hashes and the impact of recent attacks on hash functions used by SEND. The SEND specification currently uses the SHA-1 hash algorithm and PKIX certificates and does not provide support for hash algorithm agility. This document provides an analysis of possible threats to the hash algorithms used in SEND. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6273. Kukec, et al. Informational [Page 1] RFC 6273 SEND Hash Threat Analysis June 2011 Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Impact of Collision Attacks on SEND . . . . . . . . . . . . . . 3 2.1. Attacks against CGAs Used in SEND . . . . . . . . . . . . . 3 2.2. Attacks against PKIX Certificates in Authorization Delegation Discovery Process . . . . . . . . . . . . . . . 3 2.3. Attacks against the Digital Signature in the SEND RSA Signature Option . . . . . . . . . . . . . . . . . . . . . 4 2.4. Attacks against the Key Hash Field of the SEND RSA Signature Option . . . . . . . . . . . . . . . . . . . . . 4 3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 1. Introduction SEND [RFC3971] uses the SHA-1 hash algorithm [SHA1] to generate the contents of the Key Hash field and the Digital Signature field of the RSA Signature option. It also indirectly uses a hash algorithm (SHA-1, MD5, etc.) in the PKIX certificates [RFC5280] used for router authorization in the Authorization Delegation Discovery (ADD) process. Recently there have been demonstrated attacks against the collision free property of such hash functions [SHA1-COLL] and attacks on the PKIX X.509 certificates that use the MD5 hash algorithm [X509-COLL]. The document analyzes the impacts of these attacks on SEND and it recommends mechanisms to make SEND resistant to such attacks. Kukec, et al. Informational [Page 2] RFC 6273 SEND Hash Threat Analysis June 2011 2. Impact of Collision Attacks on SEND [RFC4270] summarizes a study that assesses the threat of the aforementioned attacks on the use of cryptographic hashes in Internet protocols. This document analyzes the hash usage in SEND following the approach recommended by [RFC4270] and [NEW-HASHES]. The following sections discuss the various aspects of hash usage in SEND and determine whether they are affected by the attacks on the underlying hash functions.Show full document text