1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
|
Internet Engineering Task Force (IETF) J. Salowey
Request for Comments: 6813 Cisco Systems
Category: Informational S. Hanna
ISSN: 2070-1721 Juniper Networks
December 2012
The Network Endpoint Assessment (NEA) Asokan Attack Analysis
Abstract
The Network Endpoint Assessment (NEA) protocols are subject to a
subtle forwarding attack that has become known as the NEA Asokan
Attack. This document describes the attack and countermeasures that
may be mounted.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6813.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Salowey & Hanna Informational [Page 1]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
Table of Contents
1. Introduction ....................................................2
2. NEA Asokan Attack Explained .....................................2
3. Lying Endpoints .................................................4
4. Countermeasures against the NEA Asokan Attack ...................4
4.1. Identity Binding ...........................................4
4.2. Cryptographic Binding ......................................5
4.2.1. Binding Options .....................................5
5. Conclusions .....................................................6
6. Security Considerations .........................................6
7. Informative References ..........................................7
8. Acknowledgments .................................................7
1. Introduction
The Network Endpoint Assessment (NEA) [2] protocols are subject to a
subtle forwarding attack that has become known as the NEA Asokan
Attack. This document describes the attack and countermeasures that
may be mounted. The Posture Transport (PT) protocols developed by
the NEA working group, PT-TLS [5] and PT-EAP [6], include mechanisms
that can provide cryptographic-binding and identity-binding
countermeasures.
2. NEA Asokan Attack Explained
The NEA Asokan Attack is a variation on an attack described in a 2002
paper written by Asokan, Niemi, and Nyberg [1]. Figure 1 depicts one
version of the original Asokan attack. This attack involves tricking
an authorized user into authenticating to a decoy Authentication,
Authorization, and Accounting (AAA) server, which forwards the
authentication protocol from one tunnel to another, tricking the real
AAA server into believing these messages originated from the
attacker-controlled machine. As a result, the real AAA server grants
access to the attacker-controlled machine.
Salowey & Hanna Informational [Page 2]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
+-------------+ ========== +----------+
| Attacker |-AuthProto--|AAA Server|
+-------------+ ========== +----------+
|
AuthProto
|
+--------------+ ========== +----------------+
|AuthorizedUser|-AuthProto--|Decoy AAA Server|
+--------------+ ========== +----------------+
Figure 1: One Example of Original Asokan Attack
As described in the NEA Overview [2], the NEA Reference Model is
composed of several nested protocols. The Posture Attribute (PA)
protocol is nested in the Posture Broker (PB) protocol, which is
nested in the PT protocol. When used together successfully, these
protocols allow an NEA Server to assess the security posture of an
endpoint. The NEA Server may use this information to decide whether
network access should be granted, or it may use this information for
other purposes.
Figure 2 illustrates an NEA Asokan Attack. The attacker wants to
trick GoodServer into believing that DirtyEndpoint has good security
posture. This might allow, for example, the attacker to bring an
infected machine onto a network and infect others. To accomplish
this goal, the attacker forwards PA messages from CleanEndpoint
through BadServer to DirtyEndpoint, which sends them on to
GoodServer. GoodServer is tricked into thinking that the PA messages
came from DirtyEndpoint and therefore considers DirtyEndpoint to be
clean.
+-------------+ ========== +----------+
|DirtyEndpoint|-----PA-----|GoodServer|
+-------------+ ========== +----------+
|
PA
|
+-------------+ ========== +---------+
|CleanEndpoint|-----PA-----|BadServer|
+-------------+ ========== +---------+
Figure 2: NEA Asokan Attack
Countermeasures against an NEA Asokan Attack are described in Section
4.
Salowey & Hanna Informational [Page 3]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
3. Lying Endpoints
Some may argue that there are other attacks against NEA systems that
are simpler than the Asokan attack, such as lying endpoint attacks.
That is true. It's easy for an endpoint to simply lie about its
posture. But, there are defenses against lying endpoint attacks,
such as using an External Measurement Agent (EMA).
An EMA is hardware, software, or firmware that is especially secure,
hard to compromise, and designed to accurately report on endpoint
configuration. The EMA observes and reports on critical aspects of
endpoint posture, such as which security-relevant firmware and
software have been loaded.
When an EMA is used for NEA, the PA messages that reliably and
securely establish endpoint posture are exchanged between the EMA
itself and a Posture Validator on the NEA Server. The Posture
Collector on the endpoint and any other intermediaries between the
EMA and the Posture Validator on the NEA Server are not trusted.
They just pass messages along as untrusted intermediaries.
To ensure that the EMA's messages are accurately conveyed to the
Posture Validator, even if the Posture Collector or other
intermediaries have been compromised, these PA messages must provide
integrity protection, replay protection, and source authentication
between the EMA and the Posture Validator. Confidentiality
protection is not needed, at least with respect to the software on
the endpoint, but integrity protection should include protection
against message deletion and session truncation. Organizations that
have developed EMAs have typically developed remote attestation
protocols that provide these properties (e.g., the Trusted Computing
Group's (TCG's) Platform Trust Service (PTS) Protocol Binding to IF-M
[7]). While the development of lying endpoint detection technologies
is out of scope for NEA, these technologies must be supported by the
NEA protocols. Therefore, the NEA protocols must support
countermeasures against the NEA Asokan Attack.
4. Countermeasures against the NEA Asokan Attack
4.1. Identity Binding
One way to mitigate the Asokan attack is to bind the identities used
in tunnel establishment into a cryptographic exchange at the PA
layer. While this can go a long way to preventing the attack, it
does not bind the exchange to a specific TLS exchange, which is
desirable. In addition, there is no standard way to extract an
identity from a TLS session, which could make implementation
difficult.
Salowey & Hanna Informational [Page 4]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
4.2. Cryptographic Binding
Another way to thwart the NEA Asokan Attack is for the PA exchange to
be cryptographically bound to the PT exchange and to any keying
material or privileges granted as a result of these two exchanges.
This allows the NEA Server to ensure that the PA messages pertain to
the same endpoint as the party terminating the PT exchange and that
no other party gains any access or advantage from this exchange.
4.2.1. Binding Options
This section discusses binding protocol solution options and provides
analysis. Since PT-TLS and PT-EAP involve TLS, this document focuses
on TLS-based solutions that can work with either transport.
4.2.1.1. Information from the TLS Tunnel
The TLS handshake establishes a cryptographic state between the TLS
client and TLS server. There are several mechanisms that can be used
to export information derived from this state. The client and server
independently include this information in calculations to bind the
instance of the tunnel into the PA protocol.
Keying Material Export - RFC 5705 [8] defines Keying Material
Exporters for TLS that allow additional secret key material to be
extracted from the TLS master secret.
tls-unique Channel Binding Data - RFC 5929 [9] defines several
quantities that can be extracted from the TLS session to bind the TLS
session to other protocols. The tls-unique binding consists of data
extracted from the TLS handshake finished message.
4.2.1.2. TLS Cipher Suites
In order to eliminate the possibility of a man-in-the-middle attack
and thwart the Asokan attack when using the keying material export
binding export mechanism, it is important that neither TLS endpoint
be in sole control of the TLS pre-master secret. Cipher suites based
on key transport, such as RSA cipher suites, do not meet this
requirement; instead, Diffie-Hellman Cipher Suites, such as RSA-DHE,
are required when this mechanism is employed.
Salowey & Hanna Informational [Page 5]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
4.2.1.3. Using Additional Key Material from TLS
In some cases, key material is extracted from the TLS tunnel and used
to derive ciphering keys used in another protocol. For example,
EAP-TLS [10] uses key material extracted from TLS in lower-layer
ciphering. In this case, the extracted keys must not be under the
control of a single party, so the considerations in the previous
section are important.
4.2.1.4. EMA Assumptions
The EMA needs to obtain the binding data from the TLS exchange and
prove knowledge of the binding data in an exchange that has integrity
protection, source authentication, and replay protection.
5. Conclusions
The recommendations for addressing the NEA Asokan Attack are as
follows:
1. Protocols should make use of cryptographic binding; in addition,
binding identities of the tunnel endpoints in the EMA may be
useful.
2. In particular, L2 and L3 TLS-based PT transports (e.g., PT-TLS
and PT-EAP) should use the same cryptographic binding mechanism.
3. The preferred approach is to use the tls-unique channel binding
data from [9]. The tls-unique value will be made available to
the EMA that will use it. This approach can utilize any TLS
cipher suite based on a strong cipher algorithm.
6. Security Considerations
This document is primarily concerned with analyzing and proposing
countermeasures for the NEA Asokan Attack. That does not mean that
it covers all the possible attacks against the NEA protocols or
against the NEA Reference Model. For a broader security analysis,
see the Security Considerations section of the NEA Overview [2],
PA-TNC [3], PB-TNC [4], PT-TLS [5], and PT-EAP [6].
Salowey & Hanna Informational [Page 6]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
7. Informative References
[1] Asokan, N., Niemi, V., and K. Nyberg, "Man-in-the-Middle Attacks
in Tunneled Authentication Protocols", Nokia Research Center,
Finland, Nov. 11, 2002, http://eprint.iacr.org/2002/163.pdf.
[2] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. Tardo,
"Network Endpoint Assessment (NEA): Overview and Requirements",
RFC 5209, June 2008.
[3] Sangster, P. and K. Narayan, "PA-TNC: A Posture Attribute (PA)
Protocol Compatible with Trusted Network Connect (TNC)", RFC
5792, March 2010.
[4] Sahita, R., Hanna, S., Hurst, R., and K. Narayan, "PB-TNC: A
Posture Broker (PB) Protocol Compatible with Trusted Network
Connect (TNC)", RFC 5793, March 2010.
[5] Sangster, P., N. Cam-Winget, and J. Salowey, "PT-TLS: A TCP-
based Posture Transport (PT) Protocol", Work in Progress,
October 2012.
[6] Cam-Winget, N. and P. Sangster, "PT-EAP: Posture Transport (PT)
Protocol For EAP Tunnel Methods", Work in Progress, July 2012.
[7] Trusted Computing Group, "TCG Attestation PTS Protocol: Binding
to TNC IF-M", Version 1.0, Revision 27, August 2011.
[8] Rescorla, E., "Keying Material Exporters for Transport Layer
Security (TLS)", RFC 5705, March 2010.
[9] Altman, J., Williams, N., and L. Zhu, "Channel Bindings for
TLS", RFC 5929, July 2010.
[10] Simon, D., Aboba, B., and R. Hurst, "The EAP-TLS Authentication
Protocol", RFC 5216, March 2008.
8. Acknowledgments
The members of the NEA Asokan Design Team were critical to the
development of this document: Nancy Cam-Winget, Steve Hanna, Joe
Salowey, and Paul Sangster.
The authors would also like to recognize N. Asokan, Valtteri Niemi,
and Kaisa Nyberg who published the original paper on this type of
attack and Pasi Eronen who extended this attack to NEA protocols.
Salowey & Hanna Informational [Page 7]
^L
RFC 6813 NEA Asokan Attack Analysis December 2012
Authors' Addresses
Joseph Salowey
Cisco Systems, Inc.
2901 3rd. Ave
Seattle, WA 98121
USA
EMail: jsalowey@cisco.com
Steve Hanna
Juniper Networks, Inc.
79 Parsons Street
Brighton, MA 02135
USA
EMail: shanna@juniper.net
Salowey & Hanna Informational [Page 8]
^L
|