Internet Engineering Task Force (IETF) J. Yi Request for Comments: 7985 T. Clausen Updates: 7186 Ecole Polytechnique Category: Informational U. Herberg ISSN: 2070-1721 November 2016
Internet Engineering Task Force (IETF) J. Yi Request for Comments: 7985 T. Clausen Updates: 7186 Ecole Polytechnique Category: Informational U. Herberg ISSN: 2070-1721 November 2016
Security Threats to Simplified Multicast Forwarding (SMF)
简化多播转发(SMF)的安全威胁
Abstract
摘要
This document analyzes security threats to Simplified Multicast Forwarding (SMF), including vulnerabilities of duplicate packet detection and relay set selection mechanisms. This document is not intended to propose solutions to the threats described.
本文分析了简化多播转发(SMF)面临的安全威胁,包括重复数据包检测和中继集选择机制的漏洞。本文件并非针对所述威胁提出解决方案。
In addition, this document updates RFC 7186 regarding threats to the relay set selection mechanisms using the Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP) (RFC 6130).
此外,本文档还更新了RFC 7186关于使用移动自组织网络(MANET)邻域发现协议(NHDP)(RFC 6130)的中继集选择机制的威胁。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。互联网工程指导小组(IESG)已批准将其出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7985.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7985.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. SMF Threat Overview . . . . . . . . . . . . . . . . . . . . . 4 4. Threats to Duplicate Packet Detection . . . . . . . . . . . . 5 4.1. Attack on the Hop Limit Field . . . . . . . . . . . . . . 6 4.2. Threats to Identification-Based Duplicate Packet Detection . . . . . . . . . . . . . . . . . . . . . . . . 7 4.2.1. Pre-Activation Attacks (Pre-Play) . . . . . . . . . . 7 4.2.2. De-activation Attacks (Sequence Number Wrangling) . . 8 4.3. Threats to Hash-Based Duplicate Packet Detection . . . . 9 4.3.1. Attack on the Hash-Assistant Value . . . . . . . . . 9 5. Threats to Relay Set Selection . . . . . . . . . . . . . . . 10 5.1. Common Threats to Relay Set Selection . . . . . . . . . . 10 5.2. Threats to the E-CDS Algorithm . . . . . . . . . . . . . 10 5.2.1. Link Spoofing . . . . . . . . . . . . . . . . . . . . 11 5.2.2. Identity Spoofing . . . . . . . . . . . . . . . . . . 11 5.3. Threats to S-MPR Algorithm . . . . . . . . . . . . . . . 11 5.4. Threats to the MPR-CDS Algorithm . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . 13 7.2. Informative References . . . . . . . . . . . . . . . . . 13 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. SMF Threat Overview . . . . . . . . . . . . . . . . . . . . . 4 4. Threats to Duplicate Packet Detection . . . . . . . . . . . . 5 4.1. Attack on the Hop Limit Field . . . . . . . . . . . . . . 6 4.2. Threats to Identification-Based Duplicate Packet Detection . . . . . . . . . . . . . . . . . . . . . . . . 7 4.2.1. Pre-Activation Attacks (Pre-Play) . . . . . . . . . . 7 4.2.2. De-activation Attacks (Sequence Number Wrangling) . . 8 4.3. Threats to Hash-Based Duplicate Packet Detection . . . . 9 4.3.1. Attack on the Hash-Assistant Value . . . . . . . . . 9 5. Threats to Relay Set Selection . . . . . . . . . . . . . . . 10 5.1. Common Threats to Relay Set Selection . . . . . . . . . . 10 5.2. Threats to the E-CDS Algorithm . . . . . . . . . . . . . 10 5.2.1. Link Spoofing . . . . . . . . . . . . . . . . . . . . 11 5.2.2. Identity Spoofing . . . . . . . . . . . . . . . . . . 11 5.3. Threats to S-MPR Algorithm . . . . . . . . . . . . . . . 11 5.4. Threats to the MPR-CDS Algorithm . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . 13 7.2. Informative References . . . . . . . . . . . . . . . . . 13 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
This document analyzes security threats to Simplified Multicast Forwarding (SMF) [RFC6621]. SMF aims at providing basic Internet Protocol (IP) multicast forwarding in a way that is suitable for wireless mesh and Mobile Ad Hoc Networks (MANET). SMF consists of two major functional components: duplicate packet detection (DPD) and relay set selection (RSS).
本文档分析了简化多播转发(SMF)[RFC6621]的安全威胁。SMF旨在以一种适合于无线网状网和移动自组织网络(MANET)的方式提供基本互联网协议(IP)组播转发。SMF由两个主要功能组件组成:重复数据包检测(DPD)和中继集选择(RSS)。
SMF is typically used in decentralized wireless environments and is potentially exposed to various attacks and misconfigurations. In a wireless environment, some of these attacks and misconfigurations represent threats of particular significance as compared to what they would do in wired networks. [RFC6621] briefly discusses several of these, but does not define any explicit security measures for protecting the integrity of the protocol.
SMF通常用于分散的无线环境,可能会受到各种攻击和错误配置。在无线环境中,与有线网络相比,其中一些攻击和错误配置代表了具有特殊意义的威胁。[RFC6621]简要讨论了其中几个,但没有定义任何明确的安全措施来保护协议的完整性。
This document is based on the assumption that no additional security mechanism, such as IPsec, is used in the IP layer, as not all MANET deployments may be able to support deployment of such common IP protection mechanisms (e.g., because MANET routers may have limited resources for supporting the IPsec stack). It also assumes that there is no lower-layer protection. The document analyzes possible attacks on, and misconfigurations of, SMF and outlines the consequences of such attacks/misconfigurations to the state maintained by SMF in each router.
本文档基于这样的假设,即在IP层中没有使用额外的安全机制,例如IPsec,因为并非所有MANET部署都能够支持此类通用IP保护机制的部署(例如,因为MANET路由器可能具有有限的资源来支持IPsec堆栈)。它还假设没有下层保护。该文件分析了可能对SMF的攻击和错误配置,并概述了此类攻击/错误配置对每个路由器中SMF维护的状态的后果。
In the Security Considerations section of [RFC6621], denial-of-service-attack scenarios are briefly discussed. This document further analyzes and describes the potential vulnerabilities of, and attack vectors for, SMF. While completeness in such analysis is always a goal, no claims of being complete are made. The goal of this document is to be helpful when deploying SMF in a network and for understanding the risks incurred, as well as for providing a reference to and documented experience with SMF as input for possible future developments of SMF.
在[RFC6621]的安全注意事项部分,简要讨论了拒绝服务攻击场景。本文档进一步分析和描述了SMF的潜在漏洞和攻击向量。虽然此类分析的完整性始终是一个目标,但没有提出完整性的主张。本文件的目的是在网络中部署SMF时提供帮助,了解产生的风险,并提供SMF参考和记录经验,作为SMF未来可能发展的输入。
This document is not intended to propose solutions to the threats described. [RFC7182] provides a framework that can be used with SMF, and depending on how it is used, may offer some degree of protection against the threats related to identity spoofing described in this document.
本文件并非针对所述威胁提出解决方案。[RFC7182]提供了一个可与SMF一起使用的框架,根据其使用方式,该框架可提供一定程度的保护,以抵御与本文档中描述的身份欺骗相关的威胁。
This document also updates [RFC7186], specifically with respect to threats to relay set selection (RSS) mechanisms that are using MANET NHDP [RFC6130].
本文档还更新了[RFC7186],特别是关于使用MANET NHDP的中继集选择(RSS)机制的威胁[RFC6130]。
This document uses the terminology and notation defined in [RFC5444], [RFC6130], [RFC6621], and [RFC4949].
本文件使用[RFC5444]、[RFC6130]、[RFC6621]和[RFC4949]中定义的术语和符号。
Additionally, this document introduces the following terminology:
此外,本文件还介绍了以下术语:
SMF router: A MANET router, running SMF as specified in [RFC6621].
SMF路由器:一种MANET路由器,按照[RFC6621]中的规定运行SMF。
Attacker: A device that is present in the network and intentionally seeks to compromise the information bases in SMF routers. It may generate syntactically correct SMF control messages.
攻击者:存在于网络中并有意破坏SMF路由器中信息库的设备。它可以生成语法正确的SMF控制消息。
Legitimate SMF router: An SMF router that is correctly configured and not compromised by an attacker.
合法SMF路由器:正确配置且未被攻击者破坏的SMF路由器。
An SMF router requires an external dynamic neighborhood discovery mechanism in order to maintain suitable topological information describing its immediate neighborhood, and thereby allowing it to select reduced relay sets for forwarding multicast data traffic. Such an external dynamic neighborhood discovery mechanism may be provided by lower-layer interface information, by a concurrently operating MANET routing protocol that already maintains such information (e.g., [RFC7181]) or by explicitly using the MANET Neighborhood Discovery Protocol (NHDP) [RFC6130]. If NHDP is used for both 1-hop and 2-hop neighborhood discovery by SMF, SMF implicitly inherits the vulnerabilities of NHDP discussed in [RFC7186]. As SMF relies on NHDP to assist in network-layer 2-hop neighborhood discovery (no matter if other lower-layer mechanisms are used for 1-hop neighborhood discovery), this document assumes that NHDP is used in SMF. The threats that are NHDP specific are indicated explicitly.
SMF路由器需要外部动态邻域发现机制,以维护描述其直接邻域的适当拓扑信息,从而允许它选择用于转发多播数据流量的减少的中继集。这种外部动态邻域发现机制可以由较低层接口信息、由已经维护这种信息的并发操作的MANET路由协议(例如,[RFC7181])或通过显式使用MANET邻域发现协议(NHDP)[RFC6130]来提供。如果SMF将NHDP用于1-hop和2-hop邻域发现,SMF将隐式继承[RFC7186]中讨论的NHDP漏洞。由于SMF依赖NHDP来协助网络层2-hop邻域发现(无论是否使用其他较低层机制进行1-hop邻域发现),因此本文档假设在SMF中使用NHDP。明确指出了NHDP特定的威胁。
Based on neighborhood discovery mechanisms, [RFC6621] specifies two principal functional components: duplicate packet detection (DPD) and relay set selection (RSS).
基于邻域发现机制,[RFC6621]指定了两个主要功能组件:重复数据包检测(DPD)和中继集选择(RSS)。
DPD is required by SMF in order to be able to detect duplicate packets and eliminate their redundant forwarding. An attacker has two ways in which to harm the DPD mechanisms. Specifically, it can:
SMF需要DPD,以便能够检测重复数据包并消除其冗余转发。攻击者有两种方式来破坏DPD机制。具体而言,它可以:
o "deactivate" DPD, making it such that duplicate packets are not correctly detected. As a consequence, they are (redundantly) transmitted, which increases the load on the network, drains the batteries of the routers involved, etc.
o “停用”DPD,使其无法正确检测重复数据包。因此,它们被(冗余)传输,这会增加网络负载,耗尽相关路由器的电池,等等。
o "pre-activate" DPD, making DPD detect a later arriving (valid) packet as being a duplicate and will, therefore, not be forwarded.
o “预激活”DPD,使DPD将稍后到达的(有效)数据包检测为重复数据包,因此不会转发。
Attacks on DPD can be achieved by replaying existing packets, wrangling sequence numbers, manipulating hash values, etc.; these are detailed in Section 4.
对DPD的攻击可以通过重放现有数据包、争用序列号、操纵散列值等方式实现。;这些在第4节中有详细说明。
RSS produces a reduced relay set for forwarding multicast data packets across a MANET. For use in SMF, [RFC6621] specifies several relay set algorithms including E-CDS (Essential Connected Dominating Set) [RFC5614], S-MPR (Source-Based Multipoint Relay, as known from [RFC3626] and [RFC7181]), and MPR-CDS (Multipoint Relay Connected Dominating Set) [MPR-CDS]. An attacker can disrupt the RSS algorithm, and thereby the SMF operation, by degrading it to classical flooding or by "masking" certain parts of the network from the multicasting domain. Attacks on RSS algorithms are detailed in Section 5.
RSS产生一个简化的中继集,用于在MANET上转发多播数据包。为了在SMF中使用,[RFC6621]指定了几种中继集算法,包括E-CDS(基本连接支配集)[RFC5614]、S-MPR(基于源的多点中继,如[RFC3626]和[RFC7181]所述)和MPR-CDS(多点中继连接支配集)[MPR-CDS]。攻击者可以通过将RSS算法降级为经典洪泛或通过从多播域“屏蔽”网络的某些部分来破坏RSS算法,从而破坏SMF操作。第5节详细介绍了对RSS算法的攻击。
Other than the attacks on DPD and RSS, a common vulnerability of MANETs is "jamming", i.e., a device generates massive amounts of interfering radio transmissions, which will prevent legitimate traffic (e.g., control traffic as well as data traffic) on part of a network. The attacks on DPD and RSS can be further enhanced by jamming.
除了对DPD和RSS的攻击外,MANET的一个常见漏洞是“干扰”,即设备产生大量干扰无线电传输,这将阻止部分网络上的合法通信(例如,控制通信以及数据通信)。干扰可以进一步增强对DPD和RSS的攻击。
Duplicate packet detection (DPD) is required for packet dissemination in MANETs because: (1) packets may be retransmitted via the same physical interface as the one over which they were received, and (2) a router may receive multiple copies of the same packet (on the same or on different interfaces) from different neighbors. DPD is thus used to check whether or not an incoming packet has been previously received.
MANET中的数据包分发需要重复数据包检测(DPD),因为:(1)数据包可以通过与接收它们的物理接口相同的物理接口重新传输,(2)路由器可以从不同的邻居接收相同数据包的多个副本(在相同或不同的接口上)。因此,DPD用于检查是否先前已接收到传入分组。
DPD is achieved by maintaining a record of recently processed multicast packets, and comparing later received multicast packets herewith. A duplicate packet detected is silently dropped and is not inserted into the forwarding path of that router, nor is it delivered to an application. DPD, as proposed by SMF, supports both IPv4 and IPv6 and suggests two duplicate packet detection mechanisms for each: 1) IP packet header content identification-based DPD (I-DPD), in combination with flow state, to estimate temporal uniqueness of a packet, and 2) hash-based DPD (H-DPD), employing hashing of selected IP packet header fields and payload for the same effect.
DPD是通过维护最近处理的多播分组的记录,并据此比较随后接收的多播分组来实现的。检测到的重复数据包会自动丢弃,不会插入到该路由器的转发路径中,也不会发送到应用程序。SMF提出的DPD支持IPv4和IPv6,并为每一种提供了两种重复的数据包检测机制:1)基于IP数据包头内容识别的DPD(I-DPD),结合流状态,以估计数据包的时间唯一性;2)基于哈希的DPD(H-DPD),对选定的IP数据包头字段和有效负载进行哈希处理,以达到相同的效果。
In the Security Considerations section of [RFC6621], a selection of threats to DPD are briefly introduced. This section expands on that discussion and describes how to effectively launch the attacks on DPD -- for example, by way of manipulating jitter and/or the Hash-Assistant Value. In the remainder of this section, common threats to packet detection mechanisms are discussed first; then, the threats to I-DPD and H-DPD are introduced separately. The threats described in this section are applicable to general SMF implementations, regardless of whether NHDP is used.
在[RFC6621]的安全注意事项部分,简要介绍了DPD面临的一些威胁。本节将对该讨论进行扩展,并描述如何有效地对DPD发起攻击——例如,通过操纵抖动和/或哈希助手值。在本节的剩余部分中,首先讨论对数据包检测机制的常见威胁;然后,分别介绍了I-DPD和H-DPD面临的威胁。本节中描述的威胁适用于一般SMF实施,无论是否使用NHDP。
One immediate Denial-of-Service (DoS) attack is based on manipulating the Time-to-Live (TTL, for IPv4) or Hop Limit (for IPv6) field. As routers only forward packets with TTL > 1, an attacker can forward an otherwise valid packet while drastically reducing the TTL hereof. This will inhibit recipient routers from later forwarding the same multicast packet, even if received with a different TTL -- essentially, an attacker can thus instruct its neighbors to block the forwarding of valid multicast packets.
一种即时拒绝服务(DoS)攻击基于操纵生存时间(TTL,对于IPv4)或跃点限制(对于IPv6)字段。由于路由器只转发TTL>1的数据包,攻击者可以转发其他有效数据包,同时大幅降低TTL。这将禁止接收者路由器稍后转发相同的多播数据包,即使是用不同的TTL接收的——本质上,攻击者可以指示其邻居阻止有效多播数据包的转发。
For example, in Figure 1, router A forwards a multicast packet with a TTL of 64 to the network. A, B, and C are legitimate SMF routers, and X is an attacker. In a wireless environment, jitter is commonly used to avoid systematic collisions in Media Access Control (MAC) protocols [RFC5148]. An attacker can thus increase the probability that its invalid packets arrive first by retransmitting them without applying jitter. In this example, router X forwards the packet without applying jitter and reduces the TTL to 1. Router C thus records the duplicate detection value (hash value for H-DPD or the header content of the packets for I-DPD) but does not forward the packet (due to TTL == 1). When a second copy of the same packet, with a non-maliciously manipulated TTL value (63 in this case), arrives from router B, it will be discarded as a duplicate packet.
例如,在图1中,路由器A将TTL为64的多播数据包转发到网络。A、 B和C是合法的SMF路由器,X是攻击者。在无线环境中,抖动通常用于避免媒体访问控制(MAC)协议中的系统冲突[RFC5148]。因此,攻击者可以在不使用抖动的情况下重新传输其无效数据包,从而增加其首先到达的概率。在本例中,路由器X在不应用抖动的情况下转发数据包,并将TTL减少到1。因此,路由器C记录重复检测值(H-DPD的哈希值或I-DPD的分组的报头内容),但不转发分组(由于TTL==1)。当具有非恶意操纵的TTL值(本例中为63)的同一数据包的第二个副本从路由器B到达时,它将作为重复数据包被丢弃。
.---. | X | --'---' __ packet with TTL=64 / \ packet with TTL=1 / \ .---. .---. | A | | C | '---' '---' packet with TTL=64 \ .---. / \-- | B |__/ packet with TTL=63 '---'
.---. | X | --'---' __ packet with TTL=64 / \ packet with TTL=1 / \ .---. .---. | A | | C | '---' '---' packet with TTL=64 \ .---. / \-- | B |__/ packet with TTL=63 '---'
Figure 1
图1
As the TTL of a packet is intended to be manipulated by intermediaries forwarding it, classic methods such as integrity check values (e.g., digital signatures) are typically calculated by setting TTL fields to some predetermined value (e.g., 0) -- for example, the case for IPsec Authentication Headers -- rendering such an attack more difficult to both detect and counter.
由于数据包的TTL拟由转发它的中介机构操纵,诸如完整性检查值(例如,数字签名)之类的经典方法通常通过将TTL字段设置为某个预定值(例如,0)来计算——例如,IPsec身份验证头的情况——使这种攻击更难检测和反击。
If the attacker has access to a "wormhole" through the network (a directional antenna, a tunnel to a collaborator, or a wired connection, allowing it to bridge parts of a network otherwise distant), it can make sure that the packets with such an artificially reduced TTL arrive before their unmodified counterparts.
如果攻击者可以通过网络访问“虫洞”(定向天线、通向合作者的隧道或有线连接,允许其桥接网络中其他距离较远的部分),则攻击者可以确保具有这种人为减少的TTL的数据包在其未修改的对应数据包之前到达。
I-DPD uses a specific DPD identifier in the packet header to identify a packet. By default, such packet identification is not provided by the IP packet header (for both IPv4 and IPv6). Therefore, additional identification headers, such as the fragment header, a hop-by-hop header option, or IPsec sequencing, must be employed in order to support I-DPD. The uniqueness of a packet can then be identified by the source IP address of the packet originator and the sequence number (from the fragment header, hop-by-hop header option, or IPsec). By doing so, each intermediate router can keep a record of recently received packets and determine whether or not the incoming packet has been received.
I-DPD使用分组报头中的特定DPD标识符来识别分组。默认情况下,IP数据包头不提供此类数据包标识(对于IPv4和IPv6)。因此,为了支持I-DPD,必须使用额外的标识头,例如片段头、逐跳头选项或IPsec排序。然后,数据包的唯一性可以通过数据包发起人的源IP地址和序列号(来自片段头、逐跳头选项或IPsec)来识别。通过这样做,每个中间路由器可以保持最近接收的分组的记录,并确定是否已接收到传入分组。
In a wireless environment, or across any other shared channel, an attacker can perceive the identification tuple (source IP address, sequence number) of a packet. It is possible to generate a packet with the same (source IP address, sequence number) pair with invalid content. If the sequence number progression is predictable, then it is trivial to generate and inject invalid packets with "future" identification information into the network. If these invalid packets arrive before the legitimate packets that they are spoofing, the latter will be treated as a duplicate and will be discarded. This can prevent multicast packets from reaching parts of the network.
在无线环境中,或通过任何其他共享通道,攻击者可以感知数据包的标识元组(源IP地址、序列号)。可以生成具有相同(源IP地址、序列号)对且内容无效的数据包。如果序列号进程是可预测的,那么生成带有“未来”标识信息的无效数据包并将其注入网络是很简单的。如果这些无效数据包在它们所欺骗的合法数据包之前到达,后者将被视为重复数据包,并将被丢弃。这可以防止多播数据包到达部分网络。
Figure 2 gives an example of a pre-activation attack. A, B, and C are legitimate SMF routers, and X is the attacker. The line between the routers presents the packet forwarding. Router A is the source and originates a multicast packet with sequence number n. When router X receives the packet, it generates an invalid packet with the source address of A and sequence number n. If the invalid packet arrives at router C before the forwarding of router B, the valid
图2给出了一个激活前攻击的示例。A、 B和C是合法的SMF路由器,X是攻击者。路由器之间的线路表示数据包转发。路由器A是源并发起序列号为n的多播数据包。当路由器X接收到数据包时,它生成一个源地址为A、序列号为n的无效数据包。如果无效数据包在路由器B转发之前到达路由器C,则有效数据包
packet will be dropped by C as a duplicate packet. An attacker can manipulate jitter to make sure that the invalid packets arrive first. Router X can even generate packets with future sequence numbers (if they are predictable), so that the future legitimate packets with the same sequence numbers will be dropped as duplicate ones.
数据包将作为重复数据包被C丢弃。攻击者可以操纵抖动以确保先到达无效数据包。路由器X甚至可以生成具有未来序列号的数据包(如果它们是可预测的),因此具有相同序列号的未来合法数据包将作为重复数据包丢弃。
.---. | X | --'---' __ packet with seq=n / \ invalid packet with seq=n / \ .---. .---. | A | | C | '---' '---' packet with seq=n \ .---. / \-- | B |__/ valid packet with seq=n '---'
.---. | X | --'---' __ packet with seq=n / \ invalid packet with seq=n / \ .---. .---. | A | | C | '---' '---' packet with seq=n \ .---. / \-- | B |__/ valid packet with seq=n '---'
Figure 2
图2
As SMF does not currently have any timestamp mechanisms to protect data packets, there is no viable way to detect such pre-play attacks by way of timestamps. Especially, if the attack is based on manipulation of jitter, the validation of the timestamp would not be helpful because the timing is still valid (but, much less valuable).
由于SMF目前没有任何时间戳机制来保护数据包,因此没有可行的方法通过时间戳来检测此类播放前攻击。特别是,如果攻击基于抖动操纵,则时间戳的验证将没有帮助,因为时间仍然有效(但价值要小得多)。
An attacker can also seek to de-activate DPD by modifying the sequence number in packets that it forwards. Thus, routers will not be able to detect an actual duplicate packet as a duplicate -- rather, they will treat them as new packets, i.e., process and forward them. This is similar to DoS attacks, as each packet that is considered unique will be multicasted: for a network with n routers, there will be n-1 retransmissions. This can easily cause the "broadcast storm" problem discussed in [MOBICOM99]. The consequence of this attack is an increased channel load, the origin of which appears to be a router other than the attacker.
攻击者还可以通过修改DPD转发的数据包中的序列号来解除DPD的激活。因此,路由器将无法将实际的重复数据包检测为重复数据包,而是将其视为新数据包,即处理并转发它们。这类似于DoS攻击,因为每个被认为是唯一的数据包都将是多播的:对于具有n个路由器的网络,将有n-1次重传。这很容易导致[MOBICOM99]中讨论的“广播风暴”问题。此攻击的后果是信道负载增加,其来源似乎是攻击者以外的路由器。
Given the topology shown in Figure 2, on receiving a packet with seq=n, the attacker X can forward the packet with a modified sequence number n+i. This has two consequences: firstly, router C will not be able to detect that the packet forwarded by X is a duplicate packet; secondly, the consequent packet with seq=n+i generated by router A will probably be treated as a duplicate packet and will be dropped by router C.
给定图2所示的拓扑结构,在接收到seq=n的数据包时,攻击者X可以转发具有修改序列号n+i的数据包。这有两个后果:第一,路由器C将无法检测到由X转发的数据包是重复数据包;其次,路由器A生成的seq=n+i的后续数据包可能被视为重复数据包,并将被路由器C丢弃。
When explicit sequence numbers in packet headers is undesired, hash-based DPD can be used. A hash of the non-mutable fields in the header of the data payload can be generated and recorded at the intermediate routers. A packet can thus be uniquely identified by the source IP address of the packet and its hash-value.
当不需要包头中的显式序列号时,可以使用基于哈希的DPD。可以在中间路由器上生成和记录数据有效载荷的报头中的不可变字段的散列。因此,可以通过分组的源IP地址及其散列值来唯一地标识分组。
The hash algorithm used by SMF is being applied only to provide a reduced probability of collision and is not being used for cryptographic or authentication purposes. Consequently, a digest collision is still possible. In case the source router or gateway identifies that it has recently generated or injected a packet with the same hash-value, it inserts a "Hash-Assist Value (HAV)" IPv6 header option into the packet, such that also calculating the hash over this HAV will render the resulting value unique.
SMF使用的哈希算法仅用于降低冲突概率,不用于加密或身份验证目的。因此,仍然可能发生摘要冲突。如果源路由器或网关识别出其最近生成或注入了具有相同散列值的数据包,则它会将“散列辅助值(HAV)”IPv6报头选项插入该数据包中,以便还计算该HAV上的散列将使结果值唯一。
The HAV header is helpful when a digest collision happens. However, it also introduces a potential vulnerability. As the HAV option is only added when the source or the ingress SMF router detects that the incoming packet has digest collision with previously generated packets, it can actually be regarded as a "flag" of potential digest collision. An attacker can discover the HAV header and be able to conclude that a hash collision is possible if the HAV header is removed. By doing so, the modified packet received by other SMF routers will be treated as duplicate packets and will be dropped because they have the same hash value as previously received packets.
HAV头在发生摘要冲突时很有用。然而,它也引入了一个潜在的漏洞。由于HAV选项仅在源或入口SMF路由器检测到传入数据包与先前生成的数据包发生摘要冲突时添加,因此它实际上可以被视为潜在摘要冲突的“标志”。攻击者可以发现HAV头,并得出结论,如果删除HAV头,可能会发生哈希冲突。通过这样做,由其他SMF路由器接收的修改后的分组将被视为重复分组,并且将被丢弃,因为它们具有与先前接收的分组相同的散列值。
In the example shown in Figure 3, routers A and B are legitimate SMF routers; X is an attacker. Router A generates two packets, P1 and P2, with the same hash value h(P1)=h(P2)=x. Based on the SMF specification, a HAV is added to the latter packet P2, so that h(P2+HAV)=x' avoids digest collision. When the attacker X detects the HAV of P2, it is able to conclude that a collision is possible by removing the HAV header. By doing so, packet P2 will be treated as a duplicate packet by router B and will be dropped.
在图3所示的示例中,路由器A和B是合法的SMF路由器;X是一个攻击者。路由器A生成具有相同散列值h(P1)=h(P2)=x的两个分组P1和P2。基于SMF规范,HAV被添加到后一个分组P2,以便h(P2+HAV)=x'避免摘要冲突。当攻击者X检测到P2的HAV时,可以通过删除HAV标头得出可能发生冲突的结论。这样,分组P2将被路由器B视为重复分组,并将被丢弃。
P2 P1 P2 P1 .---. h(P2+HAV)=x' h(P1)=x .---. h(P2)=x h(P1)=x .---. | A |---------------------------> | X | ----------------------> | B | `---' `---' `---'
P2 P1 P2 P1 .---. h(P2+HAV)=x' h(P1)=x .---. h(P2)=x h(P1)=x .---. | A |---------------------------> | X | ----------------------> | B | `---' `---' `---'
Figure 3
图3
A framework for an RSS mechanism, rather than a specific RSS algorithm, is provided by SMF. Relay Set Selection is normally achieved by distributed algorithms that can dynamically generate a topological Connected Dominating Set based on 1-hop and 2-hop neighborhood information. In this section, common threats to the RSS framework are first discussed. Then specific threats to the three algorithms (Essential Connection Dominating Set (E-CDS), Source-Based Multipoint Relay (S-MPR), and Multipoint Relay Connected Dominating Set (MPR-CDS)) explicitly enumerated by [RFC6621] are analyzed. As the relay set selection is based on 1-hop and 2-hop neighborhood information, which rely on NHDP, the threats described in this section are NHDP specific.
SMF提供了RSS机制的框架,而不是特定的RSS算法。中继集选择通常通过分布式算法实现,该算法可以基于1跳和2跳邻域信息动态生成拓扑连通支配集。在本节中,首先讨论RSS框架的常见威胁。然后分析了[RFC6621]明确列举的三种算法(基本连接支配集(E-CDS)、基于源的多点中继(S-MPR)和多点中继连接支配集(MPR-CDS))面临的具体威胁。由于中继集选择基于1-hop和2-hop邻域信息,这依赖于NHDP,因此本节中描述的威胁是NHDP特有的。
Non-algorithm-specific threats to RSS algorithms, including DoS attacks, eavesdropping, message timing attacks, and broadcast storm, are discussed in [RFC7186].
[RFC7186]中讨论了RSS算法的非算法特定威胁,包括DoS攻击、窃听、消息定时攻击和广播风暴。
The "Essential Connected Dominating Set" (E-CDS) algorithm [RFC5614] forms a single CDS mesh for an SMF operating region. This algorithm requires 2-hop neighborhood information (the identity of the neighbors, the link to the neighbors, and the neighbors' priority information), as collected through NHDP or another process.
“基本连通支配集”(E-CDS)算法[RFC5614]为SMF操作区域形成单个CDS网格。该算法需要通过NHDP或其他过程收集的两跳邻居信息(邻居的身份、到邻居的链接以及邻居的优先级信息)。
An SMF router will select itself as a relay, if:
SMF路由器将选择自身作为中继,如果:
o The SMF router has a higher priority than all of its symmetric neighbors, or
o SMF路由器的优先级高于其所有对称邻居,或
o A path from the neighbor with the largest priority to any other neighbor via neighbors with greater priority than the current router does not exist.
o 从具有最大优先级的邻居到任何其他邻居的路径,经由具有比当前路由器更高优先级的邻居不存在。
An attacker can disrupt the E-CDS algorithm by link spoofing or identity spoofing.
攻击者可以通过链接欺骗或身份欺骗破坏E-CDS算法。
Link spoofing implies that an attacker advertises non-existing links to another router (which may or may not be present in the network).
链路欺骗意味着攻击者播发到另一路由器(网络中可能存在也可能不存在)的不存在的链路。
An attacker can declare itself to have high route priority and spoof the links to as many legitimate SMF routers as possible to declare high connectivity. By doing so, it can prevent legitimate SMF routers from selecting themselves as relays. As the "super" relay in the network, the attacker can manipulate the traffic it relays.
攻击者可以声明自己具有高路由优先级,并伪造到尽可能多的合法SMF路由器的链接,以声明高连接性。通过这样做,它可以防止合法的SMF路由器选择自己作为中继。作为网络中的“超级”中继,攻击者可以操纵其中继的流量。
Identity spoofing implies that an attacker determines and makes use of the identity of other legitimate routers, without being authorized to do so. The identity of other routers can be obtained by eavesdropping the control messages or the source/destination address from datagrams. The attacker can then generate control or datagram traffic by pretending to be a legitimate router.
身份欺骗意味着攻击者在未经授权的情况下确定并使用其他合法路由器的身份。其他路由器的身份可以通过从数据报中窃听控制消息或源/目标地址来获得。然后,攻击者可以假装是合法路由器来生成控制或数据报流量。
Because E-CDS self-selection is based on the router priority value, an attacker can spoof the identity of other legitimate routers and declare a different router priority value. If it declares that a spoofed router has a higher priority, it can prevent other routers from selecting themselves as relays. On the other hand, if the attacker declares that a spoofed router has a lower priority, it can force other routers to select themselves as relays to degrade the multicast forwarding to classical flooding.
由于E-CDS自我选择基于路由器优先级值,攻击者可以伪造其他合法路由器的身份并声明不同的路由器优先级值。如果它声明一个伪造的路由器具有更高的优先级,它可以阻止其他路由器选择自己作为中继。另一方面,如果攻击者声明受欺骗的路由器具有较低的优先级,则可以强制其他路由器选择自己作为中继,从而将多播转发降级为经典泛洪。
The S-MPR set selection algorithm enables individual routers, using 2-hop topology information, to select relays from among their set of neighboring routers. MPRs are selected by each router such that a message generated by it, and relayed only by its MPRs, will reach all of its 2-hop neighbors.
S-MPR集合选择算法允许单个路由器使用2跳拓扑信息从其相邻路由器集合中选择中继。MPR由每个路由器选择,这样由其生成并仅由其MPR中继的消息将到达其所有2跳邻居。
An SMF router forwards a multicast packet if and only if:
SMF路由器转发多播数据包的条件是且仅当:
o the packet has not been received before, and
o 之前未收到该数据包,以及
o the neighbor from which the packet was received has selected the router as MPR.
o 接收数据包的邻居已选择路由器作为MPR。
Because MPR calculation is based on the willingness declared by the SMF routers and the connectivity of the routers, it can be disrupted by both link spoofing and identity spoofing. These threats and their impacts have been illustrated in Section 5.1 of [RFC7186].
由于MPR计算基于SMF路由器声明的意愿和路由器的连通性,因此它可能会被链路欺骗和身份欺骗破坏。[RFC7186]第5.1节说明了这些威胁及其影响。
MPR-CDS is a derivative from S-MPR. The main difference between S-MPR and MPR-CDS is that while S-MPR forms a different broadcast tree for each source in the network, MPR-CDS forms a unique broadcast tree for all sources in the network.
MPR-CDS是S-MPR的衍生产品。S-MPR和MPR-CDS之间的主要区别在于,S-MPR为网络中的每个源形成不同的广播树,而MPR-CDS为网络中的所有源形成唯一的广播树。
As MPR-CDS combines E-CDS and S-MPR and the simple combination of the two algorithms does not address the weaknesses; the vulnerabilities of E-CDS and S-MPR that are discussed in Sections 5.2 and 5.3 apply to MPR-CDS also.
由于MPR-CDS结合了E-CDS和S-MPR,而这两种算法的简单组合并不能解决缺点;第5.2节和第5.3节讨论的E-CDS和S-MPR漏洞也适用于MPR-CDS。
This document does not specify a protocol or a procedure. The whole document, however, reflects on security considerations for SMF regarding packet dissemination in MANETs. Possible attacks to the two main functional components of SMF, duplicate packet detection, and relay set selection are analyzed and documented.
本文件未规定协议或程序。然而,整个文档反映了有关MANET中数据包传播的SMF安全考虑。分析并记录了对SMF的两个主要功能组件(重复数据包检测和中继集选择)的可能攻击。
Although neither [RFC6621] nor this document propose mechanisms to secure the SMF protocol, there are several possibilities to secure the protocol in the future and drive new work by suggesting which threats discussed in the previous sections could be addressed.
尽管[RFC6621]和本文件均未提出保护SMF协议的机制,但有几种可能在未来保护该协议,并通过建议可以解决前几节中讨论的威胁来推动新的工作。
For the I-DPD mechanism, employing randomized packet sequence numbers can avoid some pre-activation attacks based on sequence number prediction. If predicable sequence numbers have to be used, applying timestamps can mitigate pre-activation attacks.
对于I-DPD机制,采用随机分组序列号可以避免一些基于序列号预测的预激活攻击。如果必须使用可预测序列号,则应用时间戳可以减轻激活前攻击。
For the H-DPD mechanism, applying cryptographically strong hashes can make the digest collisions effectively impossible, and it can avoid the use of a HAV.
对于H-DPD机制,应用密码学强散列可以使摘要冲突实际上不可能发生,并且可以避免使用HAV。
[RFC7182] specifies a framework for representing cryptographic Integrity Check Values (ICVs) and timestamps in MANETs. Based on [RFC7182], [RFC7183] specifies integrity and replay protection for NHDP using shared keys as a mandatory-to-implement security mechanism. If SMF is using NHDP as the neighborhood discovery protocol, implementing [RFC7183] remains advisable so as to enable integrity protection for NHDP control messages. This can help mitigate threats related to identity spoofing through the exchange of HELLO messages and provide some general protection against identity spoofing by admitting only trusted routers to the network using ICVs in HELLO messages.
[RFC7182]指定了一个框架,用于表示MANET中的加密完整性检查值(ICV)和时间戳。基于[RFC7182],[RFC7183]指定了NHDP的完整性和重播保护,使用共享密钥作为实现安全机制的强制条件。如果SMF使用NHDP作为邻居发现协议,则建议实施[RFC7183],以便为NHDP控制消息启用完整性保护。这有助于通过交换HELLO消息来缓解与身份欺骗相关的威胁,并通过在HELLO消息中仅允许使用ICV的可信路由器进入网络来提供一些针对身份欺骗的一般保护。
Using ICVs does not, of course, address the problem of attackers able to also generate valid ICVs. Detection and exclusion of such attackers is, in general, a challenge that is not unrelated to how [RFC7182] is used. If, for example, it is used with a shared key (as per [RFC7183]), excluding single attackers generally is not aided by the use of ICVs. However, if routers have sufficient capabilities to support the use of asymmetric keys (as per [RFC7859]), part of addressing this challenge becomes one of providing key revocation in a way that does not in itself introduce additional vulnerabilities.
当然,使用ICV并不能解决攻击者也能生成有效ICV的问题。检测和排除此类攻击者通常是一项挑战,与[RFC7182]的使用方式无关。例如,如果它与共享密钥一起使用(根据[RFC7183]),则ICV的使用通常不会帮助排除单个攻击者。但是,如果路由器有足够的能力支持非对称密钥的使用(根据[RFC7859]),那么解决这一挑战的一部分就是以本身不会引入额外漏洞的方式提供密钥撤销。
As [RFC7183] does not protect the integrity of the multicast user datagram, and as no mechanism is specified by SMF for doing so, duplicate packet detection remains vulnerable to the threats introduced in Section 4.
由于[RFC7183]不保护多播用户数据报的完整性,并且SMF没有为此指定任何机制,重复数据包检测仍然容易受到第4节中引入的威胁的影响。
If pre-activation/de-activation attacks and attacks on the HAV of the multicast datagrams are to be mitigated, a datagram-level integrity protection mechanism is desired, by taking consideration of the identity field or HAV. However, this would not be helpful for the attacks on the TTL (or Hop Limit for IPv6) field, because the mutable fields are generally not considered when ICV is calculated.
如果要减轻对多播数据报的HAV的预激活/去激活攻击和攻击,则需要考虑身份字段或HAV的数据报级完整性保护机制。但是,这对TTL(或IPv6的跃点限制)字段上的攻击没有帮助,因为在计算ICV时通常不考虑可变字段。
[RFC6130] Clausen, T., Dearlove, C., and J. Dean, "Mobile Ad Hoc Network (MANET) Neighborhood Discovery Protocol (NHDP)", RFC 6130, DOI 10.17487/RFC6130, April 2011, <http://www.rfc-editor.org/info/rfc6130>.
[RFC6130]Clausen,T.,Dearlove,C.,和J.Dean,“移动自组织网络(MANET)邻域发现协议(NHDP)”,RFC 6130,DOI 10.17487/RFC6130,2011年4月<http://www.rfc-editor.org/info/rfc6130>.
[RFC6621] Macker, J., Ed., "Simplified Multicast Forwarding", RFC 6621, DOI 10.17487/RFC6621, May 2012, <http://www.rfc-editor.org/info/rfc6621>.
[RFC6621]Macker,J.,Ed.,“简化多播转发”,RFC 6621,DOI 10.17487/RFC6621,2012年5月<http://www.rfc-editor.org/info/rfc6621>.
[RFC7186] Yi, J., Herberg, U., and T. Clausen, "Security Threats for the Neighborhood Discovery Protocol (NHDP)", RFC 7186, DOI 10.17487/RFC7186, April 2014, <http://www.rfc-editor.org/info/rfc7186>.
[RFC7186]Yi,J.,Herberg,U.,和T.Clausen,“邻里发现协议(NHDP)的安全威胁”,RFC 7186,DOI 10.17487/RFC7186,2014年4月<http://www.rfc-editor.org/info/rfc7186>.
[MOBICOM99] Ni, S., Tseng, Y., Chen, Y., and J. Sheu, "The broadcast storm problem in a mobile ad hoc network", MobiCom '99 Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking, DOI 10.1145/313451.313525, 1999.
[MobiCom 99]倪,S.,曾,Y.,陈,Y.,和J.Sheu,“移动adhoc网络中的广播风暴问题”,MobiCom'99第五届ACM/IEEE移动计算和网络国际年会论文集,DOI 10.1145/313451.3135251999。
[MPR-CDS] Adjih, C., Jacquet, P., and L. Viennot, "Computing Connected Dominating Sets with Multipoint Relays", Journal of Ad Hoc and Sensor Wireless Networks 2002, January 2002.
[MPR-CDS]Adjih,C.,Jacquet,P.,和L.Vienno,“使用多点中继计算连通支配集”,《自组织和传感器无线网络杂志》,2002年1月。
[RFC3626] Clausen, T., Ed. and P. Jacquet, Ed., "Optimized Link State Routing Protocol (OLSR)", RFC 3626, DOI 10.17487/RFC3626, October 2003, <http://www.rfc-editor.org/info/rfc3626>.
[RFC3626]Clausen,T.,Ed.和P.Jacquet,Ed.,“优化链路状态路由协议(OLSR)”,RFC 3626,DOI 10.17487/RFC3626,2003年10月<http://www.rfc-editor.org/info/rfc3626>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, <http://www.rfc-editor.org/info/rfc4949>.
[RFC4949]Shirey,R.,“互联网安全词汇表,第2版”,FYI 36,RFC 4949,DOI 10.17487/RFC4949,2007年8月<http://www.rfc-editor.org/info/rfc4949>.
[RFC5148] Clausen, T., Dearlove, C., and B. Adamson, "Jitter Considerations in Mobile Ad Hoc Networks (MANETs)", RFC 5148, DOI 10.17487/RFC5148, February 2008, <http://www.rfc-editor.org/info/rfc5148>.
[RFC5148]Clausen,T.,Dearlove,C.,和B.Adamson,“移动自组网(MANET)中的抖动考虑”,RFC 5148,DOI 10.17487/RFC5148,2008年2月<http://www.rfc-editor.org/info/rfc5148>.
[RFC5444] Clausen, T., Dearlove, C., Dean, J., and C. Adjih, "Generalized Mobile Ad Hoc Network (MANET) Packet/Message Format", RFC 5444, DOI 10.17487/RFC5444, February 2009, <http://www.rfc-editor.org/info/rfc5444>.
[RFC5444]Clausen,T.,Dearlove,C.,Dean,J.,和C.Adjih,“通用移动自组网(MANET)数据包/消息格式”,RFC 5444,DOI 10.17487/RFC54442009年2月<http://www.rfc-editor.org/info/rfc5444>.
[RFC5614] Ogier, R. and P. Spagnolo, "Mobile Ad Hoc Network (MANET) Extension of OSPF Using Connected Dominating Set (CDS) Flooding", RFC 5614, DOI 10.17487/RFC5614, August 2009, <http://www.rfc-editor.org/info/rfc5614>.
[RFC5614]Ogier,R.和P.Spagnolo,“使用连接支配集(CDS)泛洪的OSPF移动自组网(MANET)扩展”,RFC 5614,DOI 10.17487/RFC56142009年8月<http://www.rfc-editor.org/info/rfc5614>.
[RFC7181] Clausen, T., Dearlove, C., Jacquet, P., and U. Herberg, "The Optimized Link State Routing Protocol Version 2", RFC 7181, DOI 10.17487/RFC7181, April 2014, <http://www.rfc-editor.org/info/rfc7181>.
[RFC7181]Clausen,T.,Dearlove,C.,Jacquet,P.,和U.Herberg,“优化链路状态路由协议版本2”,RFC 7181,DOI 10.17487/RFC7181,2014年4月<http://www.rfc-editor.org/info/rfc7181>.
[RFC7182] Herberg, U., Clausen, T., and C. Dearlove, "Integrity Check Value and Timestamp TLV Definitions for Mobile Ad Hoc Networks (MANETs)", RFC 7182, DOI 10.17487/RFC7182, April 2014, <http://www.rfc-editor.org/info/rfc7182>.
[RFC7182]Herberg,U.,Clausen,T.,和C.Dearlove,“移动自组网(MANET)的完整性检查值和时间戳TLV定义”,RFC 7182,DOI 10.17487/RFC7182,2014年4月<http://www.rfc-editor.org/info/rfc7182>.
[RFC7183] Herberg, U., Dearlove, C., and T. Clausen, "Integrity Protection for the Neighborhood Discovery Protocol (NHDP) and Optimized Link State Routing Protocol Version 2 (OLSRv2)", RFC 7183, DOI 10.17487/RFC7183, April 2014, <http://www.rfc-editor.org/info/rfc7183>.
[RFC7183]Herberg,U.,Dearlove,C.,和T.Clausen,“邻域发现协议(NHDP)和优化链路状态路由协议版本2(OLSRv2)的完整性保护”,RFC 7183,DOI 10.17487/RFC7183,2014年4月<http://www.rfc-editor.org/info/rfc7183>.
[RFC7859] Dearlove, C., "Identity-Based Signatures for Mobile Ad Hoc Network (MANET) Routing Protocols", RFC 7859, DOI 10.17487/RFC7859, May 2016, <http://www.rfc-editor.org/info/rfc7859>.
[RFC7859]Dearlove,C.,“移动自组网(MANET)路由协议的基于身份的签名”,RFC 7859,DOI 10.17487/RFC7859,2016年5月<http://www.rfc-editor.org/info/rfc7859>.
Acknowledgments
致谢
The authors would like to thank Christopher Dearlove (BAE Systems ATC) who provided detailed review and valuable comments.
作者要感谢Christopher Dearlove(BAE Systems ATC),他提供了详细的评论和宝贵的意见。
Authors' Addresses
作者地址
Jiazi Yi Ecole Polytechnique 91128 Palaiseau Cedex France
家子伊理工学院91128法国塞德克斯宫
Phone: +33 1 77 57 80 85 Email: jiazi@jiaziyi.com URI: http://www.jiaziyi.com/
Phone: +33 1 77 57 80 85 Email: jiazi@jiaziyi.com URI: http://www.jiaziyi.com/
Thomas Heide Clausen Ecole Polytechnique 91128 Palaiseau Cedex France
托马斯·海德·克劳森理工学院91128法国塞德克斯宫
Phone: +33 6 6058 9349 Email: T.Clausen@computer.org URI: http://www.thomasclausen.org/
Phone: +33 6 6058 9349 Email: T.Clausen@computer.org URI: http://www.thomasclausen.org/
Ulrich Herberg
乌尔里希·赫伯格
Email: ulrich@herberg.name URI: http://www.herberg.name/
Email: ulrich@herberg.name URI: http://www.herberg.name/