Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks
Achim Kraus <achimkraus@gmx.net> Fri, 25 February 2022 16:22 UTC
Return-Path: <achimkraus@gmx.net>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 061343A09E3; Fri, 25 Feb 2022 08:22:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.812
X-Spam-Level:
X-Spam-Status: No, score=-2.812 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQ12Tqbh8ffg; Fri, 25 Feb 2022 08:22:20 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5A853A0C69; Fri, 25 Feb 2022 08:22:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1645806132; bh=mlMSi9NMhWH/A8m807sD2lrU3h+Fz6UDX+tgdNi4ajY=; h=X-UI-Sender-Class:Date:Subject:To:References:Cc:From:In-Reply-To; b=IQtuFyOLCrkwCz4wVXmmSHLAVcOnQ/ciGCoSwtsj6yrHEbHcHZ56jkXoQFGFPsT1V fpaNz7DMRAWxP7MjwS5nI9GARgIzlj5MXTfbAyTJdzW9ci15qYU8nRoi2jtnwyWiAq QxjYIZgvHwG9hVNmzQ9r1AqvGwMVP5mBAWEa52LM=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.10] ([5.146.193.130]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MatRZ-1nv3Il0TTH-00cOdz; Fri, 25 Feb 2022 17:22:12 +0100
Message-ID: <01663e0e-ccb7-84d2-08aa-3792799a783c@gmx.net>
Date: Fri, 25 Feb 2022 17:22:11 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: de-AT-frami
To: supjps-ietf@jpshallow.com
References: <cadf5151-8f7f-9311-6987-de5bf533abe2@ri.se> <28040_1645773815_621883F7_28040_64_1_787AE7BB302AE849A7480A190F8B9330354999C4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <55ce01d82a31$f052c530$d0f84f90$@jpshallow.com>
Cc: mohamed.boucadair@orange.com, 'Marco Tiloca' <marco.tiloca=40ri.se@dmarc.ietf.org>, core@ietf.org
From: Achim Kraus <achimkraus@gmx.net>
In-Reply-To: <55ce01d82a31$f052c530$d0f84f90$@jpshallow.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:JRMs/0dW/+3sPXkU2jJKwn0tz1uxo3zTTHiCTP4m6+904ZVkH2s PHkMA8YTbGjQ0vNQ691tRD0GzqFxTX1hJd/0tp/r8qOk4iQ3Gp5IHyMPpzB3uv5r6nhHMpE sss4OBUaTwo0D4FBYb7Wnq7bmqDBAGAn3e5etH/7H8niM5ERLDniu3S0rjwXBzf6UJwK0kT LLmrHyfw29iu/Ke/YH/3w==
X-UI-Out-Filterresults: notjunk:1;V03:K0:rrJEktq2A6g=:Xi21cKikyRUWAWRvs5jm8K PoLo0chEK6m9txZQN1yTHd72Lu0oyuHMwyi4+t5w+7QER/FzTdORbaOpgzNk3y3tGBCwHikn9 ggxpIHAxwH+bng6Tmdj1mtD7BzsGAgaQTkELoMS9C/h+2CXx0yULg7m4VbjVqHEn/wdapsNG2 q5sNHgJqcvxkN33+Ip+awrlxQq3NsJcastZiPZX2l769/ReTUcJTbOftMihosajd0bBYvur4P rjYUf9tJm9I7ETmBWYRf3yu1dxoPgui2OK8UKj+qobry/1N8RNOTzOuxV0JZeJUWDP/yEiLLG vyYEPVhkGS5DMgkpjuhdXXKMbOMD2mng2bCCwnKiR4KfnvDlG5mckZlnfrYxrOt5LE/M568nK emeg9d3da5JhpLa1QlB4lS/FACe6GL8TR9yr5+Z0rzogw/D724SKoeigb59LaJ6LX0hEFchsr z0lAj7paWZG1F1cNSdb+yyf0hTui77Q9X2S5l3OQK6R/hEn4WLwpY5AMQOI5TBFBYY6YeS8BO VcRjMdxxcPP5BHAl0gtfsxC4teReV9NKzU5EpF8DINLf6vsdqUxCHY0L8LzE+U+DSvurecMzY IzVl0WKlHOT9PZkDD4BpeWjnWudNewzsh9DcHWyfHYtV/T3T5yEskB1NA1K1FcZ6BaS5NQXkK ZNFB0H9k2BDAE4Z5zKjkZNiWPSNCCzherVcj+ahT7ZKQjuuSEVSDXgZcDZQXawbv9hbreBTt0 IH4S8+mLZ6J309VWO3JS89gS+ICXQFl7IikRBJSfYND7chRflkf7DArNbSLxy75mHQ7pbwBEH Zfs5rNPWYMr2H84TiVYnhPDDorSIoLXcxMPQKQaEE3CiUT+kzqnoxqfYOLuYrbC5DVj+ZvRtE ATJpvzOswwE4sED7s3awN5AMpBr7GCkgGdlvX9D1XXVwEGXKCjz4zpmsGL14sbJopU1QoSztP pPOjdfs+1DIUKBLVPQ+O0tBYURSNxvFaFH7R3w8XHAZgM7rie0eF5313svckQIJkk/Hc/RFMe gVtryZDmqDVv1YgpzfVV/WO7ZIjLyEJ3L/o8sS7nZwLuG4Xc9urgpwsrA4yyUUf6Ec9ecGx40 IaClsfk89nq3s0=
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/dvPyvSLnQKpeaRUR3AW5h2tn6yQ>
Subject: Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2022 16:22:25 -0000
Hi Jon, I'm not sure about: > Again using Block-Wise transfers, there has not been consideration for a delay attack causing the server to send back the wrong data in a BLOCK2 response. See https://github.com/core-wg/echo-request-tag/issues/77 . If the attacker delays the first request (which triggers a BLOCK2 response), and then sends it just before/after the second request (also triggering a BLOCK2 response), the request for the next block for, say the second request, from the client may get back the block from either the first or second request. This can only be mitigated using the Request-Tag on each request, even though BLOCK1 is not being used for the request. I think this attack also needs to be included. Does this refer to RFC7959? > may get back the block from either the first or second request. But the response will contain a token, which is used for request-response matching. So, do you assume, that both request are using the same token (maybe then more a unintended violation of the token uniqness)? best regards Achim Am 25.02.22 um 11:24 schrieb supjps-ietf@jpshallow.com: > Hi All, > > I likewise am in favor of this document, but would like to see a few changes / addition. > > Med is actually referring to 2.4, but this made me realize there was a trap of seeing Block and hence thinking RFC7959 for 2.1 - "The Block Attack" which actually has no reference to CoAP blocks. A better section title could be "The Blocking Attack" and s/Block Attack/Blocking Attack/ elsewhere. > > For 2.4, "Fragment" in terms of CoAP blocks is not defined, and is not used in RFC7959 (RFC7959 refers to fragmentation issues outside of the CoAP layer), so is unclear that "fragment" is meant to be referring to a CoAP RFC7959 (or draft-ietf-core-new-block to-be-RFC9177) block. > > Thus, "2.4. The Request CoAP Block Rearrangement Attack" is a step in the right direction for me. Then most of the usage of the word fragment needs to be replaced with block. > > As a note for mitigating 2.4.1, to-be-RFC9177 requires the use of Request-Tag (https://datatracker.ietf.org/doc/html/draft-ietf-core-new-block#section-4.3) and good use of tokens (https://datatracker.ietf.org/doc/html/draft-ietf-core-new-block#section-6). > > The lost blocks recovery mechanisms in to-be-RFC9177 mitigate the risk of the wrong block being processed in a request by the server. > > Again using Block-Wise transfers, there has not been consideration for a delay attack causing the server to send back the wrong data in a BLOCK2 response. See https://github.com/core-wg/echo-request-tag/issues/77 . If the attacker delays the first request (which triggers a BLOCK2 response), and then sends it just before/after the second request (also triggering a BLOCK2 response), the request for the next block for, say the second request, from the client may get back the block from either the first or second request. This can only be mitigated using the Request-Tag on each request, even though BLOCK1 is not being used for the request. I think this attack also needs to be included. > > Regards > > Jon > >> -----Original Message----- >> From: mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] >> Sent: 25 February 2022 07:24 >> To: Marco Tiloca; core@ietf.org WG (core@ietf.org) >> Subject: Re: [core] WG Adoption Call for draft-mattsson-core-coap-attacks >> >> Hi all, >> >> I support adoption. >> >> It would helpful to explicit in Section 2.1 that this is about 7959, not the new >> block (to-be-RFC9177). Assessing the case of the new-block would be useful as >> well. >> >> Thank you. >> >> Cheers, >> Med >> >>> -----Message d'origine----- >>> De : core <core-bounces@ietf.org> De la part de Marco Tiloca >>> Envoyé : jeudi 24 février 2022 17:21 >>> À : core@ietf.org WG (core@ietf.org) <core@ietf.org> >>> Objet : [core] WG Adoption Call for draft-mattsson-core-coap-attacks >>> >>> Dear all, >>> >>> This mail starts a 2 week Working Group Adoption Call for draft- >>> mattsson-core-coap-attacks [1]. >>> >>> Please, provide your feedback by Wednesday, March 10. >>> >>> Best, >>> Marco and Jaime >>> >>> [1] https://datatracker.ietf.org/doc/draft-mattsson-core-coap-attacks/ >>> >>> -- >>> Marco Tiloca >>> Ph.D., Senior Researcher >>> >>> Division: Digital System >>> Department: Computer Science >>> Unit: Cybersecurity >>> >>> RISE Research Institutes of Sweden >>> https://www.ri.se >>> >>> Phone: +46 (0)70 60 46 501 >>> Isafjordsgatan 22 / Kistagången 16 >>> SE-164 40 Kista (Sweden) >> >> >> ___________________________________________________________________ >> ______________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations >> confidentielles ou privilegiees et ne doivent donc >> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce >> message par erreur, veuillez le signaler >> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages >> electroniques etant susceptibles d'alteration, >> Orange decline toute responsabilite si ce message a ete altere, deforme ou >> falsifie. Merci. >> >> This message and its attachments may contain confidential or privileged >> information that may be protected by law; >> they should not be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and delete this >> message and its attachments. >> As emails may be altered, Orange is not liable for messages that have been >> modified, changed or falsified. >> Thank you. >> >> _______________________________________________ >> core mailing list >> core@ietf.org >> https://www.ietf.org/mailman/listinfo/core > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core
- [core] WG Adoption Call for draft-mattsson-core-c… Marco Tiloca
- Re: [core] WG Adoption Call for draft-mattsson-co… Henk Birkholz
- Re: [core] WG Adoption Call for draft-mattsson-co… mohamed.boucadair
- Re: [core] WG Adoption Call for draft-mattsson-co… supjps-ietf
- Re: [core] WG Adoption Call for draft-mattsson-co… Achim Kraus
- Re: [core] WG Adoption Call for draft-mattsson-co… supjps-ietf
- Re: [core] WG Adoption Call for draft-mattsson-co… Marco Tiloca