UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7492

Analysis of Bidirectional Forwarding Detection (BFD) Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guidelines

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 March 2015
Status: active
Page Count: 9
scope:

Introduction

This document performs a gap analysis of the current state of Bidirectional Forwarding Detection [RFC5880] according to the requirements of KARP Design Guidelines [RFC6518]. Previously, the OPSEC working group has provided an analysis of cryptographic issues with BFD in "Issues with Existing Cryptographic Protection Methods for Routing Protocols" [RFC6039].

The existing BFD specifications provide a basic security solution. Key ID is provided so that the key used in securing a packet can be changed on demand. Two cryptographic algorithms (MD5 and SHA‐1) are supported for integrity protection of the control packets; the algorithms are both demonstrated to be subject to collision attacks. Routing protocols like "RIPv2 Cryptographic Authentication" [RFC4822], "IS‐IS Generic Cryptographic Authentication" [RFC5310], and "OSPFv2 HMAC‐SHA Cryptographic Authentication" [RFC5709] have started to use BFD for liveliness checks. Moving the routing protocols to a stronger algorithm while using a weaker algorithm for BFD would allow the attacker to bring down BFD in order to bring down the routing protocol. BFD therefore needs to match the routing While BFD uses a non‐decreasing, per‐packet sequence number to protect itself from intra‐connection replay attacks, it still leaves the protocol vulnerable to the inter‐session replay attacks.

Document History

IETF RFC 7492
March 1, 2015
Analysis of Bidirectional Forwarding Detection (BFD) Security According to the Keying and Authentication for Routing Protocols (KARP) Design Guidelines
Introduction This document performs a gap analysis of the current state of Bidirectional Forwarding Detection [RFC5880] according to the requirements of KARP Design Guidelines [RFC6518]. Previously,...

References

Advertisement