missing authentication, and other deficiencies that help an adversary steal resources. Different threat scenarios based on deficiencies that could enable an attack are addressed in this section.
The threat scenarios are not independent. Some of them (e.g., denial of service) are well-established security terms and, as such, need to be addressed, but they are often enabled by one or more deficiencies described under other scenarios.
4.1. Threats during NSIS SA Usage
Once a security association is established (and used) to protect signaling messages, many basic attacks are prevented. However, a malicious NSIS node is still able to perform various attacks as described in Section 4.7. Replay attacks may be possible when an NSIS node crashes, restarts, and performs state re-establishment. Proper re-synchronization of the security mechanism must therefore be provided to address this problem.
4.2. Flooding
This section describes attacks that allow an adversary to flood an NSIS node with bogus signaling messages to cause a denial of service attack.
We will discuss this threat at different layers in the NSIS protocol suite:
Processing of Router Alert Options:
The processing of Router Alert Option (RAO) requires that a router do some additional processing by intercepting packets with IP options, which might lead to additional delay for legitimate requests, or even rejection of some of them. A router being flooded with a large number of bogus messages requires resources before finding out that these messages have to be dropped.
If the protocol is based on using interception for message delivery, this threat cannot be completely eliminated, but the protocol design should attempt to limit the processing that has to be done on the RAO-bearing packet so that it is as similar as
精品推荐