Re: [babel] Comments about rfc7298bis
Denis Ovsienko <denis@ovsienko.info> Fri, 11 May 2018 07:33 UTC
Return-Path: <denis@ovsienko.info>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6C3B12E867 for <babel@ietfa.amsl.com>; Fri, 11 May 2018 00:33:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ovsienko.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id le9YaNwlb7M1 for <babel@ietfa.amsl.com>; Fri, 11 May 2018 00:33:49 -0700 (PDT)
Received: from sender-of-o51.zoho.com (sender-of-o51.zoho.com [135.84.80.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22BE7127078 for <babel@ietf.org>; Fri, 11 May 2018 00:33:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1526024025; s=zohomail; d=ovsienko.info; i=denis@ovsienko.info; h=Date:From:To:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; l=2681; bh=d2+ii6H9wlLQl7zRSyM5LNsxbpISZfapgz07fspUzPE=; b=aHUn1C9/uqVgqASTPlny/MRzN6BIenCkHbvk86nxeKZ3IPNaq9lJxJf8FAr3S3HN XHWNuFyIen/a1ykpy0lOyRsSq93n+VIg0BjbmMxCrU8TeGfGi1KAeLi1IBq4ITiNYAn UkUX1//hlBIydy6VnKnRRGi8JDLDKaJPd6utzTpg=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1526024025013254.99559567706024; Fri, 11 May 2018 00:33:45 -0700 (PDT)
Date: Fri, 11 May 2018 08:33:45 +0100
From: Denis Ovsienko <denis@ovsienko.info>
To: Babel at IETF <babel@ietf.org>
Message-ID: <1634e1eb3b4.e3d43e1a73477.1851831231495285395@ovsienko.info>
In-Reply-To: <87sh70wg5l.wl-jch@irif.fr>
References: <87fu4huzgj.wl-jch@irif.fr> <1628e298460.cd82970b35329.4945272877112645380@ovsienko.info> <87muyi3eqi.wl-jch@irif.fr> <16296069fec.e13616a29759.8282754479379679955@ovsienko.info> <878ta1y8k0.wl-jch@irif.fr> <87sh7aaqpw.wl-jch@irif.fr> <16322fb2d40.b754c16418709.3274574589997739202@ovsienko.info> <87po2dzntf.wl-jch@irif.fr> <163258f779c.1272194bf35512.5113105590240148496@ovsienko.info> <8736z89zfq.wl-jch@irif.fr> <1632b79a2a7.d0dabacb43120.7322644504922173573@ovsienko.info> <87sh737dci.wl-jch@irif.fr> <1633cc005b2.fb8883bc31563.5518090263169039684@ovsienko.info> <87sh70wg5l.wl-jch@irif.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/9RMAbxpQC8TGH6KgzkKNLC93mX0>
Subject: Re: [babel] Comments about rfc7298bis
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 07:33:51 -0000
---- On Thu, 10 May 2018 00:41:42 +0100 Juliusz Chroboczek wrote ----
>Thanks for the explanation, that helps. I'm going to read 7183 when
>I have time.
>
>> Do you see any ways for this to go wrong?
>
>Probably not, but I'm not quite comfortable yet. Please be patient,
>I probably get the details wrong in the following example.
>
>Suppose that Chloe has captured a large number of packets previously sent
>by alice. Alice left the network, and state relevant to Alice has expired
>at Bob.
(Implied: Alice reuses TS/PC numbers, Bob uses a short enough ANMTimeout.)
>Now Alice joins the network, and sends
>
> A: Hello, TS/PC = 42
>
>Now Chloe sends a replayed packet:
>
> C (spoofing A): Update (::/0, 0), TS/PC = 43
>
>Bob sees this as a route announcement from Alice, so he inserts a default
>route in its route table. Since Alice hasn't sent an IHU yet, the link
>cost is infinite, so the route doesn't get installed.
>
>Bob sends a Hello:
>
> B: Hello, TS/PC = 57
>
>and Alice sends an IHU with the correct TS/PC echo:
>
> A: IHU(TS/PC=57), TS/PC = 43
>
>the IHU gets ignored, due to the obsolete TS/PC (43), but then Alice
>resends the IHU:
>
> A: IHU(TS/PC=57), TS/PC = 44
>
>This packet is correct, so BOB sets its txcost to something finite, and
>bang, the route suddenly is selectable, and Bob installs the route that
>was spoofed by Chloe.
>
>What am I missing?
It looks like this attack would work they way you describe it. To spell the nuances, what 7298-bis would do on top of 7298 is detect packets with incoming IHUs that are not a fresh enough response to the local TS/PC number. Without IHUs it is only the TS/PC+HMAC check, and with reused local TS/PC number the bi-directional exchange is not actually proven. So that's a good point.
Moreover, if Bob reuses his outgoing TS/PC numbers too, it will take to power-cycle A and B at the same time, then record the exchange, and then C will be able to replay a complete (Hello+IHU+Update) protocol exchange to any of those two each time they reboot.
As far as I see after thinking about this new input for a day, the principal way to fix this would be to mandate that TS/PC number must be increasing across the lifetime of a speaker (7298-bis Section 5.1 item (a) goes away, item (c) becomes the recommended default, item (b) refines the requirements for the timestamp source).
A secondary measure would be to have a large ANMTimeout by default (since item (a) no longer applies) and to save ANM table across reboots, this way old replayed Update TLVs will be less likely to produce inactive routes in the absence of new IHU TLVs.
--
Denis Ovsienko
- [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis David Schinazi
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko