[Babel-users] HMAC routerid->key mappings?

Dave Taht dave.taht at gmail.com
Sat Dec 1 19:52:43 GMT 2018 

in reading over and attempting to deploy the hmac specification, I
think the code, at least, currently misses an optimization, and
perhaps the spec needs a tweak...

as keys (currently) protect each interface, not each router association...

It protects a single domain from (some) internal attacks.
It protects a p2p interchange

consider, instead a case where you are dropping a bunch of networks
into an information interchange (call it "BIX"[1]), where a bunch of
networks have agreed to interconnect, over a single "wire", much like
how BGP network interchanges work today. Key exchange here, in the BGP
world, is on a per-router, not per-interface, basis.

Net  A Net B Net C Net D Net E
   |           |       |         |          |
------------------------------------------
  |        |       |       |          |
 F        G     H    I          J

As per the spec:

"When a node A receives a
   packet over an interface that requires cryptographic protection, it
   independently computes a set of HMACs and compares them to the HMACs
   appended to the packet; if there is no match, the packet is
   discarded."

It is unwise to share one key with all interchangers. Co-ordinating a
key rollover with that many different entities on that wire is hard.

Using specific keys instead for each of the A-F, A-G, A-B, etc,
associations limits the geometric growth and security vulnerabilities.

A) while we can append quite a few HMACs in a hello, at some point,
when an interchange's hmacs grows past the size of a packet, we run
out of space. What happens? Can we resend that hello with even more
HMAC's attached, and win?

B) As an optimization, unicast transfers can just be hmac'd with the
keys defined for that routerid association.

So if the code (in addition to protecting interfaces) could also (or
instead of interfaces) associate keys to routerids, we scale to this
scenario.

Alternatively we could just say:

1) Use BGP instead at large interchanges
2) Use DTLS
3) Use a minimal number for all associations on an interface scaled to
the max size of hello + ihu + hmacs



[1] I have fond memories of the original BIX from byte magazine

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

More information about the Babel-users mailing list