1、Problem Solvers to the Telecommunications IndustryCommittee T1 -TelecommunicationsTechnical Report No. 40bFebruary 2000Supplement to Technical Report No. 40on Security Requirements forElectronic Bonding between Two TMNsPrepared by T1M1.5Working Group onOAM&P Architecture, Interfaces and ProtocolsCop
2、yright 8 2000 by Alliance for Telecommunications IndustrySolutionsAll rights reserved.Committee T1 is sponsored by the Alliance for TelecommunicationsIndustry Solutions (ATIS) and accredited by the American NationalStandards Institute (ANSI)No part of this publication may be reproduced in any form,i
3、n an electronic retrieval system or otherwise, without theprior written permission of the publisher.Technical Report No. 40bSupplement to Technical Report No. 40on Security Requirements for ElectronicBonding between Two TMNsDocument T1M1/99-075Prepared byT1M1.5Working Group on OAM&P Architecture, In
4、terface and ProtocolsTECHNICAL REPORT NO. 40b- Addendum to Technical Report No. 40Delete and break attackThis Addendum describes a potential attack against the authentication procedure in T1 TechnicalReport No.40 and describes possible countermeasures.BackgroundThe authentication procedure described
5、 in T1 Technical Report No. 40 (TR40) and Addendum 1to TR40 (Technical Report No. 40a) prescribes that the DES key used for authentication shouldbe changed at least once every 24 hours. Thereafter the key is never reused. Such updates wouldprotect the authentication mechanism from intruders that can
6、not break a DES key in less then 24hours. The delete and break attack could allow such intruder to bypass the authenticationprocedure.The delete and break attack assumes that the intruder can intercept and delete EB messages fromthe Manager to the Agent. The intruder intercepts and deletes all messa
7、ges from the Manager tothe Agent using one encryption key, over a period of up to 24 hours. The Agent, therefore, doesnot know that the Manager has used this key. The intruder can spend several days, or weeks,cracking the key (e.g., by brute force cryptanalysis). At any time thereafter the intruder
8、can usethe compromised key to masquerade as the Manager to the Agent for up to 24 hours. During thatperiod the intruder would intercept and delete all messages from the Manager to the Agent andinsert instead any desired bogus messages authenticated with the compromised key.CountermeasuresTwo counter
9、measures can mitigate or thwart the attack, as described below.SequencingIf the encrypted field of the authenticator includes a sequence number (as described in TR4O as a“future step“), then the Agent would detect message deletions. To succeed in the attack theintruder would have to delete all the m
10、essages from the Manager, break all the keys, then insertmessages with correct sequence numbers. This intruder would essentially require a higher codebreaking capability then assumed.Heartbeat messagesThe Manager and the Agent agree that an encryption key will be used for some minimum amountof time,
11、 e.g., 4 hours. The Manager and the Agent further agree that the Manager shall send anauthenticated message with some minimum frequency, e.g., at least once every ten minutes. Themaximum interval between consecutive authenticated messages should be less then the minimumlifetime of the key. If the Manager has no need to send a real operational message then theManager will send a “heartbeat“ message, e.g., requesting the status of a non-existing object. If anintruder attempts the delete and break attack the Agent will detect the extended absence ofmessages.
