Protocol Authentication Extensions 61
A speciﬁc security context is identiﬁed in the authentication extension by the security
parameter index (SPI) value. The SPI is a 4-byte value that is conﬁgured as either a
hexadecimal or decimal value. (Unfortunately, this can often lead to confusion because the peer
devices can require the SPI value to be speciﬁed in different formats.) If a security violation is
received on a RRQ, the SPI value is the ﬁrst item that should be veriﬁed, because it identiﬁes
the security context to use in authenticating the message.
Of the over four billion values, the values 0 through 255 are reserved for speciﬁc contexts
deﬁned in IETF standards. The only reserved SPI values currently allocated are the Challenge
Handshake Authentication Protocol (CHAP) and CHAP Hash-based Message Authentication
Code (HMAC), 2 and 3 respectively, which are used in the MN-AAA Authentication Extension.
This is discussed in the section “MN-AAA Authentication,” later in this chapter.
NOTE It is common to use SPI value 100 hex or 256 decimal when conﬁguring the ﬁrst security
context because it is the ﬁrst nonreserved value.
Algorithm and Mode
The authenticator value in the authentication extension is a message authentication code
(MAC), which can be thought of as a ﬁngerprint. For each registration message, a hash
algorithm calculates the unique ﬁngerprint value, which is of smaller total length than the
original message. Thus, given that more possible values exist for the original message than do
unique ﬁngerprint results, the algorithms are designed so that the result is as unique as possible.
The ideal algorithm results in 50 percent of the bits in the hash changing by changing just 1 bit
in the message.
It is difﬁcult to derive a message that would produce the same result. For example, if the
message is the classic sentence “The quick brown fox jumped over the lazy dog,” an algorithm
whose result identiﬁed the message as “containing 36 letters, 3 of which are es” would be less
than ideal. Many sentences would produce the same result, and it is easy to create one. It would
be more secure to say that it “contains 36 letters and at least 1 of each letter in the alphabet.”
Coming up with a sentence to match this identiﬁcation would be much more difﬁcult!
The Mobile IP standard originally deﬁned MD5, as described in Request For Comment (RFC)
1321, as the required algorithm for the Mobile Node-Home Agent and FA-Home Agent
authentication extensions. However, this was later determined to be vulnerable to attack. MD5,
as deﬁned in RFC 1321, is often described as preﬁx-sufﬁx mode. The standard was later
amended to deﬁne HMAC, as described in RFC 2104, as the required algorithm and mode
instead of preﬁx-sufﬁx MD5. HMAC is a method of computing a hash of the message and is