Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol
In an unlicensed band there are multiple trivial DoS attacks.
Sending CTS-to-Self repeatedly is one such.
DoS is more interesting when targeted at an individual, I don't think this new attack does that.
Best Regards,
Adrian P STEPHENS
Tel: +44 (1793) 404825 (office)
Tel: +44 (7920) 084 900 (mobile, UK)
Tel: +1 (408) 2397485 (mobile, USA)
----------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47
-----Original Message-----
From: Christian Huitema [mailto:huitema@xxxxxxxxxxxxx]
Sent: 21 November 2014 02:11
To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol
> Basically a MAC address can be constructed as:
>
> MAC_i_t = H(cipher_suite, public_key, time_t, nonce_i)[0:6]
>
> With H being a cryptographic secure hash like SHA256
You can do that, but I would not claim much security from the construct. When it comes to cryptography, 48 bits make really small numbers. Attackers who want to target a specific MAC could search 2^48 combinations of key, time and nonce and find collisions reasonably rapidly. In fact, they could probably pre-compile dictionaries.
I am worried about the potential of denial of service with address collision detection. Protocols like IPv6 duplicate address detection can trivially be hacked that way. Upon broadcast of "does anyone use address X" message, the attacker quickly proceeds to install that address on their NIC, and responds "yes." And yes, and yes, and yes. The target never manages to get a validated address.
The hash constructs provide some protection against such attacks, but it is not a very strong protection. In the absence of such strong protection, we are probably better off with no conflict detection at all, if the probability of collision is low enough and the concern with DOS attacks high enough.
-- Christian Huitema