• Transport
• IPsec
• Routing area (currently OSPF and RIP)
• Itrace

Transport:

• Secure Path MTU discovery: framework (ROUGH DRAFT): This document presents a framework for a secure path MTU discovery which intend to improve the security compared to the current method. The rfc1191 method relies on unauthenticated packets sent by routers on the path. The lack of authentication allows an attacker to send fake packets and forces the host to instensively fragment all packets. It is an effective DoS because it significantly increases the packet loss, dramatically reduces the effective bandwidth and can be done from anywhere in the internet. The secure path mtu discovery requires a cookie exchange between the router and the host before accepting the suggested MTU. Thus, it limits the scope of this attack to the adversaries on the path. We think it is acceptable as attacker on the path can perform more efficient attacks. [txt] [html]

IPsec:

• The counter mode and its use with ESP (ROUGH DRAFT): This memo presents the use of the counter mode in the context of ESP and specifies its application to DES, 3DES and AES. The counter mode significantly reduces the ESP space overhead compared to the standard CBC with explicit IV (Section 5.2.1). Moreover, it allows to parallelize and precompute most of the processing (Section 5.1). [txt] [html]

• Secret IV and its use with ESP (ROUGH DRAFT): This memo presents a system of secret IV for ESP, based on the encryption of the sequence number. It doesn't add any space overhead in the packet and its generation can be parallelized and precomputed. Compared to the common explicit random IV (current MUST for ESP RFC2405.3 [5], or AES-CBC.3 [7]), it is more secure, saves bandwidth (e.g. 8 bytes with DES/3DES and 16 bytes with AES) but requires slightly more computation. [txt] [html]

OSPFv2/RIPv2: Security flaws and fixes

• IETF-49 slides: I have been invited to IETF-49 to talk about it. [ps]
• Flaws in packet's authentication of OSPFv2: OSPF is the Interior Gateway Protocol currently supported by the IETF and is widely deployed across the internet. The current strongest authentication method for OSPFv2 is the cryptographic authentication (RFC2328.D [4]) which uses shared secret key to authenticate the packets. This memo explains the different security flaws we found in the anti-replay and the MACs calculation. The second part presents practical exploitations of these weaknesses: an attacker directly connected to a link, can (i) replay LSAs, (ii) break neighborhood and (iii) flap routes. [txt] [html].
• Flaws in RIPv2 packet's authentication: The current strongest authentication method for RIPv2 (RFC2453 [6]) is the MD5 authentication (RFC2082 [5]) which uses shared secret key to authenticate the packets. This memo explains its different security flaws we found in the anti-replay and the MACs calculation. The second part presents practical exploitations of these weaknesses: an attacker directly connected to a link, can (i) break neighborhood, (ii) flap routes and (iii) inject obsolete routes. [txt] [html].
• Anti Replay Authentication (VERY ROUGH DRAFT): The anti-replay authentication is a new method which intends to solve the weaknesses we exposed. It offers a safer MAC function, an authentication of the IP header, a strict anti-replay across reset, and automatic re-keying. In this section, we describe the elements of the authentication field, the MAC calculation and the anti-replay mechanism. [txt]

RFC2154 security extension of OSPF: found insecure against insiders

• OSPF with digital signature against an insider: This text comments the security offered by RFC2154[1] "OSPF with Digital Signatures" and shows it is insecure against insiders attacks. It is describes an experimental extension of OSPF to digitaly sign the LSAs. [txt] [html]

ITrace:

• IETF-49 slides: I talked about it at IETF-49. It is mainly about authentication and backward itrace. [ps]