IETF Mulling Changes to Secure TCP

A plan by the Internet Engineering Task Force (IETF) to upgrade security in the widely used Transmission Control Protocol (TCP) could prove costly because of Cisco’s patents.

After an IETF working group submitted a draft document proposing changes to the way TCP handles inbound segments, the network and routing giant reminded the group that the TCP security technology involves its patents, according to documents posted on the IETF’s Web site.

“Cisco is the owner of one or more pending patent applications relating to the subject matter of ‘Transmission Control Protocol security considerations.’ If technology in this document is included in a standard adopted by IETF and any claims of any Cisco patents are necessary for practicing the standard, any party will be able to obtain a license from Cisco to use any such patent claims under
reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard,” according to a note from Cisco’s worldwide patent counsel Robert Barr.

Barr did not provide details on Cisco’s patent applications. He could not be reached at press time to expand on the note.

The IETF recommendations follow last month’s warnings that a security flaw in the TCP protocol could allow an attacker to shut down parts of the Internet.

The U.K. National Infrastructure Security Coordination (NISCC) discovered the flaw in systems that rely on persistent TCP connections and warned that remote attackers could fully terminate network sessions.

At the time, Cisco also issued a blanket
with patches for products affected by the TCP flaw. Affected Cisco products included non-ISO based switches, routers, content delivery managers, intrusion detection systems, VoIP phones and wireless access points.

According to the IETF, the proposed protocol tweaks would seek to
eliminate the threats or at least minimize them to a more acceptable level.

TCP is one of the main protocols for end-to-end data communication. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.

When the protocol was defined 20 years ago, network threats and malicious hacker attacks were almost non-existent. According to the IETF, the protocol changes are necessary to deal with serious threats that can pose new methods for both denial-of-service scenarios and data injection by blind attackers.

The Task Force’s working group said most of the proposed changes would violate some of the handling procedures for DATA, RST and SYN’s as originally defined but made it clear that they won’t cause interoperability issues.

“The authors feel that many of the changes proposed in this document would, if TCP were being standardized today, be required to be in the base TCP document and the lack of these procedures is more an artifact of the time when TCP was developed than any strict requirement of the protocol,” according to the draft document posted on the IETF Web site.

News Around the Web