Re: [DNA] Ordering Hash-based RAs

[Erik Nordmark <erik.nordmark@sun.com>]

Greg Daley wrote:
> Dear DT,
> 
> I really like the hash based RA scheme indicated in the
> document draft-pentland-dna-protocol-00.
> 
> I think there's an issue with its robustness to false
> or hijacking routers, which may limit its usefulness though.
> 
> The text presented allows a particular router to select an
> interface identifier such that its SHA-1 hash will XOR with
> the solicitor's received IID to provide the fastest ranked
> response with high likelihood?

Greg,

I'm not sure I understand the attack and the impact of it.
Are you saying that an attacker on the link can pretend to be a DNA 
router and select its IID so that it is more or less guaranteed to be 
the router ranked first?
Then the "attack" is that this router will just ignore the RAs, with the 
impact being that the hosts have to wait a few tens of milliseconds 
until the next ranked router responds?

That doesn't sound like a serious attack, given that an attacker on the 
link can cause all sorts of havoc (listed in the SeND threats RFC).

However, it seems like the algorithm in the draft doesn't do a good job 
of spreading which router will respond first, since as you point out, 
the first bits of the IID of the host are the same for EUI-64 based IIDs.
So I think we need to fix this for reasons other than security.


> Two alternatives which overcome this issue are:
> 
> 1) Perform the XOR comparison with the low order bytes of the IID
>    first (either reverse the XORed bit strings, or do bytewise
>    comparisons starting at the 16th byte).
> 
> 2) Ensure that the solicitors' input values are well distributed,
>    perhaps using a hash.
> 
> I'd lean towards 1).  It's probably fastest computationally, and
>   was easy to implement in 16th-to 1st byte comparison form.

#1 sounds good to me.

    Erik