Browse Prior Art Database

Security Threats for Next Steps in Signaling (NSIS) (RFC4081)

IP.com Disclosure Number: IPCOM000125598D
Original Publication Date: 2005-Jun-01
Included in the Prior Art Database: 2005-Jun-09
Document File: 29 page(s) / 68K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Tschofenig: AUTHOR [+2]

Abstract

This threats document provides a detailed analysis of the security threats relevant to the Next Steps in Signaling (NSIS) protocol suite. It calls attention to, and helps with the understanding of, various security considerations in the NSIS Requirements, Framework, and Protocol proposals. This document does not describe vulnerabilities of specific parts of the NSIS protocol suite.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group                                      H. Tschofenig
Request for Comments: 4081                                D. Kroeselberg
Category: Informational                                          Siemens
                                                               June 2005


          Security Threats for Next Steps in Signaling (NSIS)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This threats document provides a detailed analysis of the security
   threats relevant to the Next Steps in Signaling (NSIS) protocol
   suite.  It calls attention to, and helps with the understanding of,
   various security considerations in the NSIS Requirements, Framework,
   and Protocol proposals.  This document does not describe
   vulnerabilities of specific parts of the NSIS protocol suite.

Table of Contents

   1. Introduction ....................................................2
   2. Communications Models ...........................................3
   3. Generic Threats .................................................7
      3.1. Man-in-the-Middle Attacks ..................................8
      3.2. Replay of Signaling Messages ..............................11
      3.3. Injecting or Modifying Messages ...........................11
      3.4. Insecure Parameter Exchange and Negotiation ...............12
   4. NSIS-Specific Threat Scenarios .................................12
      4.1. Threats during NSIS SA Usage ..............................13
      4.2. Flooding ..................................................13
      4.3. Eavesdropping and Traffic Analysis ........................15
      4.4. Identity Spoofing .........................................15
      4.5. Unprotected Authorization Information .....................17
      4.6. Missing Non-Repudiation ...................................18
      4.7. Malicious NSIS Entity .....................................19
      4.8. Denial of Service Attacks .................................20
      4.9. Disclosing the Network Topology ...........................21
      4.10. Unprotected Session or Reservation Ownership .............21
      4.11. Attacks against the NTLP .................................23

Tschofenig & Kroeselberg     Informational                      [Page 1]
RFC 4081               Security Threats for NSIS               June 2005


   5. Security Considerations ........................................23
   6. Contrib...