Re: [babel] Comments about rfc7298bis
Denis Ovsienko <denis@ovsienko.info> Mon, 14 May 2018 23:25 UTC
Return-Path: <denis@ovsienko.info>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5417512E8FA for <babel@ietfa.amsl.com>; Mon, 14 May 2018 16:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Level:
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ovsienko.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id abcHlmCOKi9D for <babel@ietfa.amsl.com>; Mon, 14 May 2018 16:25:32 -0700 (PDT)
Received: from sender-of-o51.zoho.com (sender-of-o51.zoho.com [135.84.80.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77A0612E8E7 for <babel@ietf.org>; Mon, 14 May 2018 16:25:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1526340326; s=zohomail; d=ovsienko.info; i=denis@ovsienko.info; h=Date:From:To:Message-ID:In-Reply-To:References:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; l=3211; bh=o2Ct10cSS4MWhlF8SL6fSs7sanYwpVsYqh+SVNb6yLM=; b=b7Kyj+VqN+7MGZOpkxs/+qVNxAvc+uvSWCZUKZ0UIUjW4Zqo8hBcwpRsfKRozPZs d3Eu/4WFU/WqwKgM23NtVMNHHVSK7t4DDr1xAZ2c8s0sUfPgGqHolxPN7M0pZ0vrmpn mLEFLnF3cubjOxxLI2J8yyBNYmCkkPi2yxlUGNt8=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1526340326356310.90299844327694; Mon, 14 May 2018 16:25:26 -0700 (PDT)
Date: Tue, 15 May 2018 00:25:26 +0100
From: Denis Ovsienko <denis@ovsienko.info>
To: Babel at IETF <babel@ietf.org>
Message-ID: <16360f913d2.e0b88593159986.3607378772559997156@ovsienko.info>
In-Reply-To: <87lgcnr75o.wl-jch@irif.fr>
References: <87fu4huzgj.wl-jch@irif.fr> <1628e298460.cd82970b35329.4945272877112645380@ovsienko.info> <87muyi3eqi.wl-jch@irif.fr> <16296069fec.e13616a29759.8282754479379679955@ovsienko.info> <878ta1y8k0.wl-jch@irif.fr> <87sh7aaqpw.wl-jch@irif.fr> <16322fb2d40.b754c16418709.3274574589997739202@ovsienko.info> <87po2dzntf.wl-jch@irif.fr> <163258f779c.1272194bf35512.5113105590240148496@ovsienko.info> <8736z89zfq.wl-jch@irif.fr> <1632b79a2a7.d0dabacb43120.7322644504922173573@ovsienko.info> <87sh737dci.wl-jch@irif.fr> <1633cc005b2.fb8883bc31563.5518090263169039684@ovsienko.info> <87sh70wg5l.wl-jch@irif.fr> <1634e1eb3b4.e3d43e1a73477.1851831231495285395@ovsienko.info> <87lgcnr75o.wl-jch@irif.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/zQDfB_KIv9cBnm7q5-L0iL4G5Yg>
Subject: Re: [babel] Comments about rfc7298bis
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 23:25:34 -0000
---- On Sun, 13 May 2018 14:56:19 +0100 Juliusz Chroboczek wrote ----
>> As far as I see after thinking about this new input for a day, the
>> principal way to fix this would be to mandate that TS/PC number must be
>> increasing across the lifetime of a speaker (7298-bis Section 5.1 item
>> (a) goes away, item (c) becomes the recommended default, item
>> (b) refines the requirements for the timestamp source).
>
>A: Hello, Update(X), TS/PC=42
>
>The packet is captured by C. At this point, A and B simultaneously reboot
>and loose their ANM state.
>
>C spoofing A: Hello, Update(X), TS/PC=42
>
>Since B has lost its ANM state, it accepts this packet as authentic, and
>learns a spoofed route to X through A. At which point, an (authentic)
>Hello/IHU exchange happens:
>
>B: Hello, TS/PC=57
>A: Hello, IHU(B, TS/PC=57), TS/PC=43
>
>B's cost to A becomes finite, and the replayed route is installed.
>
>Note that I'm not sure that this is a serious attack -- C has managed to
>get B to route through A, it has not managed to redirect traffic through
>itself.
Makes sense. The root causes are the same as before -- only the packets with relevant IHU TLVs can be tested for freshness and the main protocol instance actions Update before establishing a 2-way relation with a neighbour.
>> A secondary measure would be to have a large ANMTimeout by default
>> (since item (a) no longer applies) and to save ANM table across reboots,
>
>If we assume that the ANM table is persistent, then a lot of things become
>much easier. Another solution would be to assume that all nodes have
It seems to me it would make sense to recommend a persistent ANM table only if the implementer can do it safely, because trying to write to disk something that changes a few times a second may actually break things on a sudden power cycle. It should do its job even as a purely run-time structure.
>real-time clocks, and require that TS/PC carries a timestamp that's no
>more than 20 seconds in the past.
That's exactly what RFC 7183 defines, but the issue is synchronous offline clocks are either expensive, or unavailable for obvious practical reasons. 7298-bis is supposed to achieve the same effect with TSPCMaxRTT and only requires the clocks to be monotonic. The idea is roughly similar to the RTT Babel extension.
>However, I think a more general fix is possible -- the attack above is due
>to B accepting a (spoofed) packet from A although it has no recent ANM
>state for A.
Not quite, but almost there. As far as I see it, the missing design point is to let only Hello TLVs in before seeing a packet with a proven fresh IHU TLV. This way the replayed packets _before_ the IHU will not affect the main protocol instance. As a consequence, any speaker will be able to discard its ANM table on shutdown safely.
Once again, for this to work the outgoing TS/PC number must be strictly increasing across the lifetime of a speaker, as explained before. This also gets rid of the replayed Updates _after_ authentic IHUs as the freshness proof will actually work. And this is doable in spite of sudden and frequent reboots.
Do you see what I mean?
--
Denis Ovsienko
- [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis David Schinazi
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko
- Re: [babel] Comments about rfc7298bis Juliusz Chroboczek
- Re: [babel] Comments about rfc7298bis Denis Ovsienko