RFC4081 - Security Threats for Next Steps in Signaling (NSIS)

   Attacks during NSIS SA Establishment:

      While establishing a security association, an adversary fools the
      signaling message Initiator with respect to the entity to which it
      has to authenticate.  The Initiator authenticates to the man-in-
      the-middle adversary, who is then able to modify signaling
      messages to mount DoS attacks or to steal services that get billed
      to the Initiator.  In addition, the adversary may be able to
      terminate the Initiator's NSIS messages and to inject messages to
      a peer itself, thereby acting as the peer to the Initiator and as
      the Initiator to the peer.  As a result, the Initiator wrongly
      believes that it is talking to the "real" network, whereas it is
      actually attached to an adversary.  For this attack to be
      successful, pre-conditions that are described in the following
      three cases have to hold:

      Missing Authentication:

         In the first case, this threat can be carried out because of
         missing authentication between neighboring peers: without
         authentication, an NI, NR, or NF is unable to detect an
         adversary.  However, in some practical cases, authentication
         might be difficult to accomplish, either because the next peer
         is unknown, because there are misbelieved trust relationships
         in parts of the network, or because of the inability to
         establish proper security protection (inter-domain signaling
         messages, dynamic establishment of a security association,

上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] 下一页

复制本页网址和标题，发送给你QQ/Msn的好友一起分享

上一篇:RFC4085 - Embedding Globally-Routable Internet Addresses Considered Harmful

下一篇:RFC4103 - RTP Payload for Text Conversation