Re: [Cfrg] Analysis of ipcrypt?

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 22 February 2018 23:59 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C0201270AC for <cfrg@ietfa.amsl.com>; Thu, 22 Feb 2018 15:59:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0ZA8z6oi8ZR for <cfrg@ietfa.amsl.com>; Thu, 22 Feb 2018 15:59:26 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01684126C26 for <cfrg@irtf.org>; Thu, 22 Feb 2018 15:59:26 -0800 (PST)
Received: from fifthhorseman.net (cpe-76-91-54-61.socal.res.rr.com [76.91.54.61]) by che.mayfirst.org (Postfix) with ESMTPSA id 80A66F99A; Thu, 22 Feb 2018 18:58:53 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id DADC020269; Thu, 22 Feb 2018 18:58:49 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Russ Housley <housley@vigilsec.com>, Paul Hoffman <paul.hoffman@icann.org>
Cc: Samuel Neves <sneves@dei.uc.pt>, IRTF CFRG <cfrg@irtf.org>
In-Reply-To: <D13E3BE0-45AB-481B-885A-35853EFE2A86@vigilsec.com>
References: <18C83761-E442-45D9-BDBF-71DC7F751007@icann.org> <CAHmME9r3awwZxjEU-HWnOCyARhBx54VOcUOFJB4opmneKdZsyA@mail.gmail.com> <D13E3BE0-45AB-481B-885A-35853EFE2A86@vigilsec.com>
Date: Thu, 22 Feb 2018 15:58:49 -0800
Message-ID: <87a7w0h8zq.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/NehYLvdmbncSDDz_hnorcc6JGXU>
Subject: Re: [Cfrg] Analysis of ipcrypt?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2018 23:59:27 -0000

On Thu 2018-02-22 18:30:36 -0500, Russ Housley wrote:
>
> It sounds like you want a simple and straightforward way to obfuscate IPv4 addresses.
>
> AES is very widely implemented.  You can find libraries for every platform.  So, something like this may do it for you:
>
> 	k = rand()  /* 128 bits; fresh key for each dataset */
>
> 	for each ipv4addr in dataset:
> 		plain = ipv4addr || ipv4addr || ipv4addr || ipv4addr
> 		obfuscated_ipv4addr = trunc32(AES_128_Encrypt(k, plain))

This approach doesn't allow inverting the address if needed.  aiui, the
use case for ipcrypt and other format-preserving encryption is attack
detection and mitigation via anomaly detection, based on packet
captures, but with phased destruction of the IP addresses.

In this case, it's possible that the pcaps will persist for a while
longer (e.g. as inputs to statistical processing that provides baselines
for anomaly detection) than the IP address itself will need to be
available (e.g. for identifing a current attacking address).

            --dkg