Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!unmvax!pprg.unm.edu!cyrus From: cyrus@pprg.unm.edu (Tait Cyrus) Newsgroups: comp.protocols.tcp-ip Subject: Re: Re: IP based authentication of hosts Message-ID: <23795@pprg.unm.edu> Date: 14 Apr 89 23:51:02 GMT References: <376@ists.ists.ca> <29416@bu-cs.BU.EDU> <29455@bu-cs.BU.EDU> <10526@bloom-beacon.MIT.EDU> <29475@bu-cs.BU.EDU> <709@scaup.cl.cam.ac.uk> Reply-To: cyrus@pprg.unm.edu (Tait Cyrus) Organization: U. of New Mexico, Albuquerque Lines: 58 In article <709@scaup.cl.cam.ac.uk> Kent writes: >Kent, how do you propose to stop J R User from unplugging his Sun and >plugging in a PC to run an etherspy? Why go to that trouble. I use a Sun ALL the time to do 'ether' snooping. It is faster than a PC AND I can still get "real-work" done while it is snooping. Since it is unrealistic to assume you can keep every "J R User" from gaining access to your net (either physical access where they can attach a "device" or logical access via an already attached machine (SUN/PC) ) the only way to make sure you have authentication of hosts is some kind of encryption. The question is at what layer. If, and that is a BIG IF, you put your cable in a "special" pressurized conduit, AND you can trust EVERY user that has an account on ALL machines connected to this "special" cable, THEN you have a secure network. As soon as ONE of those users does something they are not supposed to (i.e. run a snooper on a Sun attached to this network), THEN your net security is shot. If you use encryption, you can do some good, but that encryption will have to be below the network layer. If you put it at the network layer, a snooper still knows who is talking to whom and that, in a lot of cases, is enough information to allow "someone" to cause damage to your net or gain information they are not supposed to have access to. Even if you put it at the LLC layer, a snooper still knows who is talking to whom and there is a lot of information in just knowing that. Now you can argue that encryption at the network layer, or above, is sufficient because even if someone "steps into a conversation", they still don't know what the data content is. With the new 10-20 MIP machines available, this would be a trivial task, depending on the method of encryption of course, to break the crypt and gain access to the data. On the extreme case, what if "someone" dumps a conversation to disk for later analysis. If you want to to keep people from being able to break your data, you will have to use such a high level of encryption that just encrypting/decrypting the data will take so long that it would make your network useless. The only way around it is to say that you will use a moderately complicated encryption algorithm (fairly fast for encrypting/decrypting). Even though someone can break this crypt in a day or two, and assuming they store the conversation to disk, the data will be so old that it will not do them much good. You will, of course, have to change keys fairly often (once a day). >-- Steve --- W. Tait Cyrus (505) 277-0806 e-mail: cyrus@pprg.unm.edu University of New Mexico Dept. of Electrical and Computer Engineering Parallel Processing Research Group Albuquerque, New Mexico 87131