One document matched: draft-tuexen-sctp-auth-chunk-00.txt
Network Working Group M. Tuexen
Internet-Draft Univ. of Applied Sciences Muenster
Expires: April 18, 2004 R. Stewart
Cisco Systems, Inc.
October 19, 2003
Authenticated Chunks for Stream Control Transmission Protocol (SCTP)
draft-tuexen-sctp-auth-chunk-00.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 18, 2004.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This document describes a new chunk type for SCTP. This new chunk
type can be used to encapsulate SCTP chunks and sign it by using a
secret shared between the sender and receiver.
Tuexen & Stewart Expires April 18, 2004 [Page 1]
Internet-Draft SCTP authenticated chunks October 2003
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. New Chunk Type . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Authenticated Chunk (AUTH) . . . . . . . . . . . . . . . . . . 3
4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.1 Sender . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2 Receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
Normative References . . . . . . . . . . . . . . . . . . . . . 6
Informative References . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 7
Intellectual Property and Copyright Statements . . . . . . . . 8
Tuexen & Stewart Expires April 18, 2004 [Page 2]
Internet-Draft SCTP authenticated chunks October 2003
1. Introduction
SCTP uses 32 bit verification tags to protect itself against blind
attackers. These values are not changed during the lifetime of an
SCTP association.
Looking at new SCTP extensions there is the need to have a way of
proving that some SCTP chunks are really sent by the peer and not by
a malicious attacker.
Using TLS as defined in RFC3436 [6] does not help here because it
only secures SCTP user data.
Therefore an SCTP extension is presented in this document which
allows an SCTP sender to sign chunks using a shared secret between
the sender and receiver. The receiver can then verify, that the
chunks are sent from the sender and not from a malicious attacker.
The establishment of the shared secret is out of scope of this
document. This can be done by manual configuration or by using TLS
over SCTP.
2. Conventions
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when
they appear in this document, are to be interpreted as described in
RFC2119 [4].
3. New Chunk Type
This section defines the new chunk type that will be used to
encapsulate other chunks for authentication. Figure 1 illustrates the
new chunk type.
Chunk Type Chunk Name
--------------------------------------------------------------
0x82 Authenticated Chunk (AUTH)
Figure 1
It should be noted that the AUTH-chunk format requires the receiver
to ignore the chunk if it is not understood. This is accomplished as
described in RFC2960 [5] section 3.2. by the use of the upper bit of
the chunk type.
3.1 Authenticated Chunk (AUTH)
Tuexen & Stewart Expires April 18, 2004 [Page 3]
Internet-Draft SCTP authenticated chunks October 2003
This chunk is used to hold the result of the HMAC calculation and the
chunk to be authenticated.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x82 | Flags=0 | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HMAC Length | HMAC Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
\ HMAC /
/ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
\ Chunks including the chunk header and padding /
/ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2
Chunk Type : 8 bits - This value MUST be set to 0x82 for all
AUTH-chunks.
Flags : 8 bits - Set to zero on transmit and ignored on
receipt.
Chunk Length : 16 bits unsigned int - This value holds the length
of the AUTH-chunk including the chunk header. Note that the length of
the AUTH-chunk also includes all chunks with their padding that are
encapsulated within it.
HMAC Length : 16 bits unsigned int - This values holds the number
of bytes of the HMAC used.
HMAC Identifier: 16 bits unsigned int - This value describes which
message digest is being used. The following Figure 3 shows the
currently defined values.
HMAC Identifier Message Digest Algorithm
---------------------------------------------------------------
0 MD-5 defined in [1]
1 SHA-1 defined in [7]
Figure 3
HMAC : variable length - This hold the value of the HMAC.
Tuexen & Stewart Expires April 18, 2004 [Page 4]
Internet-Draft SCTP authenticated chunks October 2003
Chunks : variable length - This holds the chunks to be
authenticated. Please note that all padding, especially the padding
of the last chunk, MUST be included.
4. Procedures
4.1 Sender
The sender MUST have a list of chunk types which it encapsulates in
an AUTH-chunk. The corresponding list on the receiver side MUST be
part of this list. If this is not the case, some chunk types will
always be discarded by the receiver.
The sender MUST have a secret shared between the sender and receiver.
The sender MUST calculate the HMAC as defined in RFC2104 [3] using
the hash function H as described by the HMAC Identifier and the
shared secret K. The 'data' used for the computation is given by
Figure 4:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x82 | Flags=0 | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HMAC Length | HMAC Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
\ 0 /
/ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
\ Chunks including the chunk header and padding /
/ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4
Please note that all fields are in network byte order.
The last chunk encapsulated within the AUTH-chunk may not end on a 32
bit boundary. In such a case this padding MUST be included in the
AUTH-chunk.
The sender fills the HMAC then into the HMAC field and sends the
chunk.
4.2 Receiver
The receiver MUST have a list of chunk types which it expects to be
Tuexen & Stewart Expires April 18, 2004 [Page 5]
Internet-Draft SCTP authenticated chunks October 2003
encapsulated in an AUTH-chunk. It MUST silently discard a chunk if it
is received without being encapsulated but the chunk type is in the
list.
The receiver MUST have a secret shared between the sender and
receiver.
The receiver MUST use the HMAC algorithm indicated in the HMAC
Identifier field. If this algorithm is not known the chunk MUST be
silently discarded.
If the algorithm is known but the HMAC Length field does not match
the length required by the algorithm that chunk MUST be silently
discarded.
The receiver now performs the same calculation as described for the
sender based on Figure 4. If the result of the calculation is the
same as given in the HMAC field, the encapsulated chunk is processed.
If the field does not match the result of the calculation the chunk
MUST be silently discarded.
5. IANA Considerations
The HMAC Identifier has to be handled by IANA. Initially the values
given above should be registered.
6. Security Considerations
This section is still incomplete and misses a lot of things.
Because SCTP has already mechanism built-in that handles the
reception of outdated packets the presented solution makes use of
this functionality and does not provide a method to avoid replay
attacks by itself.
Normative References
[1] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
1992.
[2] Bradner, S., "The Internet Standards Process -- Revision 3", BCP
9, RFC 2026, October 1996.
[3] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
Tuexen & Stewart Expires April 18, 2004 [Page 6]
Internet-Draft SCTP authenticated chunks October 2003
[5] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer,
H., Taylor, T., Rytina, I., Kalla, M., Zhang, L. and V. Paxson,
"Stream Control Transmission Protocol", RFC 2960, October 2000.
[6] Jungmaier, A., Rescorla, E. and M. Tuexen, "Transport Layer
Security over Stream Control Transmission Protocol", RFC 3436,
December 2002.
[7] National Institute of Standards and Technology, "Secure Hash
Standard", FIPS PUB 180-1, April 1995, <http://www.itl.nist.gov/
fipspubs/fip180-1.htm>.
Informative References
[8] Stewart, R., "Stream Control Transmission Protocol (SCTP)
Dynamic Address Reconfiguration",
draft-ietf-tsvwg-addip-sctp-08 (work in progress), September
2003.
Authors' Addresses
Michael Tuexen
Univ. of Applied Sciences Muenster
Stegerwaldstr. 39
48565 Steinfurt
Germany
EMail: tuexen@fh-muenster.de
Randall R. Stewart
Cisco Systems, Inc.
8735 West Higgins Road
Suite 300
Chicago, IL 60631
USA
EMail: rrs@cisco.com
Tuexen & Stewart Expires April 18, 2004 [Page 7]
Internet-Draft SCTP authenticated chunks October 2003
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
Tuexen & Stewart Expires April 18, 2004 [Page 8]
Internet-Draft SCTP authenticated chunks October 2003
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Tuexen & Stewart Expires April 18, 2004 [Page 9]
| PAFTECH AB 2003-2026 | 2026-04-24 02:52:49 |