Return-Path: X-Sieve: cmu-sieve 2.0 Return-Path: Received: from osgood.ece.cmu.edu (OSGOOD.ECE.CMU.EDU [128.2.129.25]) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id h5CIpS311567 for ; Thu, 12 Jun 2003 14:51:28 -0400 (EDT) Received: by osgood.ece.cmu.edu (Postfix, from userid 953) id ED4B2C5; Thu, 12 Jun 2003 14:51:27 -0400 (EDT) Received: from sos.ece.cmu.edu (SOS.ECE.CMU.EDU [128.2.129.27]) by osgood.ece.cmu.edu (Postfix) with ESMTP id 18C5CC9; Thu, 12 Jun 2003 14:51:26 -0400 (EDT) Received: by sos.ece.cmu.edu (Postfix) id 744CB8950; Thu, 12 Jun 2003 14:51:11 -0400 (EDT) Received: from hazard.ece.cmu.edu (HAZARD.ECE.CMU.EDU [128.2.129.24]) by sos.ece.cmu.edu (Postfix) with ESMTP id 68275894F for ; Thu, 12 Jun 2003 14:51:11 -0400 (EDT) Received: by hazard.ece.cmu.edu (Postfix) id 39BD4FD; Thu, 12 Jun 2003 14:51:11 -0400 (EDT) Received: by hazard.ece.cmu.edu (Postfix, from userid 953) id 1280AFF; Thu, 12 Jun 2003 14:51:11 -0400 (EDT) Received: from sos.ece.cmu.edu (SOS.ECE.CMU.EDU [128.2.129.27]) by hazard.ece.cmu.edu (Postfix) with ESMTP id 44E5FFD for ; Thu, 12 Jun 2003 14:51:09 -0400 (EDT) Received: by sos.ece.cmu.edu (Postfix, from userid 363) id 1B6E689D7; Thu, 12 Jun 2003 14:51:09 -0400 (EDT) X-Original-To: ips@sos.ece.cmu.edu Received: from bache.ece.cmu.edu (BACHE.ECE.CMU.EDU [128.2.129.23]) by sos.ece.cmu.edu (Postfix) with ESMTP id 69F86894F for ; Thu, 12 Jun 2003 14:51:07 -0400 (EDT) Received: by bache.ece.cmu.edu (Postfix) id C4E4C8C8; Thu, 12 Jun 2003 14:51:06 -0400 (EDT) Delivered-To: ips@ece.cmu.edu Received: by bache.ece.cmu.edu (Postfix, from userid 953) id A95F396A; Thu, 12 Jun 2003 14:51:06 -0400 (EDT) Received: from emulex.emulex.com (emulex.emulex.com [138.239.112.1]) by bache.ece.cmu.edu (Postfix) with ESMTP id A26A0960 for ; Thu, 12 Jun 2003 14:51:03 -0400 (EDT) Received: from xbl.ad.emulex.com (xbl.ma.emulex.com [172.16.12.11]) by emulex.emulex.com (8.12.9/8.12.8) with ESMTP id h5CIoSLW004947 for ; Thu, 12 Jun 2003 11:50:38 -0700 (PDT) Received: by xbl.ma.emulex.com with Internet Mail Service (5.5.2653.19) id ; Thu, 12 Jun 2003 14:50:28 -0400 Message-ID: <3356669BBE90C448AD4645C843E2BF289B90A8@xbl.ma.emulex.com> From: "Williams, Jim" To: "'ips@ece.cmu.edu'" Subject: Question on iSCSI security Date: Thu, 12 Jun 2003 14:50:27 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-ips@ece.cmu.edu Precedence: bulk X-Spam-Status: No, hits=-6.6 required=5.0 tests=BAYES_01 version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) I am not up to speed on security and IPSec, so there is probably a simple answer to this. I would be curious to know what it is. Scenario: A is an unwitting initiator, B is a malicious target, and C is a victim target. A attempts to log into B using IPSec. B establishes IPSec SA with C. B is honest to IKE about its identity. After establishing SA, B attempts to log into C, but lies to the iSCSI layer and claims to be A. B uses classic man-in-the-middle technique to get A to respond to C's login challenge. If this works, then B has successfully logged into C as A. There are a number of similar scenarios with the common thread that the attacker is truthful about his identity to the IPSec layer, but lies about his identity to the iSCSI layer. These attacks are easily defeated if the iSCSI layer cross checks remote end's identity with the IPSec layer. But it is not clear how this is done and whether it will be done or is required to be done. If the IPSec layer verifies that the IP address INSIDE the tunnel really belongs to B, and iSCSI verifies that the IP address it sees really belongs to A, and the data consulted for the verification is secure, then one of these checks should fail, but this seems like a stretch. But perhaps I am missing something simple.