Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic

Eric Rescorla <ekr@rtfm.com> Thu, 20 December 2018 12:51 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55727130DF5 for <detnet@ietfa.amsl.com>; Thu, 20 Dec 2018 04:51:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tc8U43c98ZHF for <detnet@ietfa.amsl.com>; Thu, 20 Dec 2018 04:51:55 -0800 (PST)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C6C2131066 for <detnet@ietf.org>; Thu, 20 Dec 2018 04:51:55 -0800 (PST)
Received: by mail-lj1-x233.google.com with SMTP id q2-v6so1435199lji.10 for <detnet@ietf.org>; Thu, 20 Dec 2018 04:51:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ST27cpraRKWMr4Lt1qBqgIQqxFjJvsSF86RM9HiJmUk=; b=c9qoChDkctsW/zcYUyvMVD1lbRUr5Kk7/xqaYhEo+zRlOIuor5dOJchUBPsC96xC2d EwX1MntiKhMlFNuzV6cH451BDgc6LFpnjGy2bh/WARPDUtMJdNEalLxDnsNt0wxVZJ5w qWrsY653F7amtbDDi4Hc8qK4nS5rdAWoaVcUTSWazkGqV6g+rNuA2t8JtPEWpdmoucS/ 9aEo97IXboEFWtC6nLbv+8QKuvYLK7E7v+UMyjwE2Z7iBuuP79kIFWvdLcpSX78o/yzV 6DTW8OOI2XLU3nfHKRUEGZSL4OJwjA3LeMXAA/eI07TOZ71fyHoY6CDpYCeiUgxl8djq Ae9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ST27cpraRKWMr4Lt1qBqgIQqxFjJvsSF86RM9HiJmUk=; b=arHZoBuryPcUt7r5fWMNU+DPmgwh33kZSOMuwPV2USL3HYUB/FvZ2eGXtcaQ3Clwh8 ElH/qoJKTKPvgqy+/SL9sHSkPneuMwBsHzuVBiRJUv3GEIuDNbPClSMStwRFYqEgGd3Q 3LaUUzDguMQDZciqs4eOWxbaqYLI+eqgza8OJYxMgqlr8ZSsENAM2WWB0yTwLFmJxUb7 NQnkSIgmZMEvWeN+M07IM4D7lTHotF7/bUB/x2Z6vYLcw2A5G2JGbbBPFjAkByG6hO54 P97Lhy2kAL02v0XuwTcGUjE68VYHE0rE5RtC0CfVtqZiZvSq52GGKyT27+CG6RtC0oHt yfcw==
X-Gm-Message-State: AA+aEWbhBx3FNpDyz6/Vp7vT232/oshpkxpJmDNuv0Rb2/HBcV2v6eNr CZ0h073aYaNYyUJcaiwyfmh3s5FgEtjkFL2rBhuHtu4CO0M=
X-Google-Smtp-Source: AFSGD/X7SF7VHhq5t6QU9CNyK9uPwbXGeYSWeyW3pgv6GKM9CdU60vVSAodkBm1ow3YOiq2FuZe4/LJtjScUjuKhwWQ=
X-Received: by 2002:a2e:9a84:: with SMTP id p4-v6mr14907550lji.73.1545310313224; Thu, 20 Dec 2018 04:51:53 -0800 (PST)
MIME-Version: 1.0
References: <BY1PR0601MB1403A041DF88D362261DA127C4BF0@BY1PR0601MB1403.namprd06.prod.outlook.com> <CE03DB3D7B45C245BCA0D24327794936303A55D1@MX307CL04.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D24327794936303A55D1@MX307CL04.corp.emc.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 20 Dec 2018 04:51:15 -0800
Message-ID: <CABcZeBNEi5n_aKHJ1QOPGvLo1L-Ef=kkxG1ewACES8GfARZRgA@mail.gmail.com>
To: "Black, David" <David.Black@dell.com>
Cc: "Grossman, Ethan A." <eagros@dolby.com>, "detnet@ietf.org" <detnet@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049b394057d7398f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/NX065W8YArbPmaZGZ9RDJ4vuZQY>
Subject: Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 12:51:58 -0000

Hmm... You actually do need to go to some effort to make symmetric
algorithms constant-time. See for instance:
http://www.isg.rhul.ac.uk/tls/lucky13.html


On Wed, Dec 19, 2018 at 6:47 PM Black, David <David.Black@dell.com> wrote:

> > Good question, for example do such algorithms have deterministic
> execution times?
>
>
>
> Generally, yes, to a first approximation, as the algorithms used to
> encrypt and verify traffic are usually symmetric crypto algorithms such as
> AES and SHA-2 which perform the same computation regardless of input.
> Non-deterministic execution times are associated with asymmetric crypto
> algorithms (e.g., public key algorithms), which are not typically used on a
> packet-by-packet basis - they’re used for session setup, including key
> exchange, from which keys are derived for the symmetric algorithms.
>
>
>
> Thanks, --David
>
>
>
> *From:* detnet [mailto:detnet-bounces@ietf.org] *On Behalf Of *Grossman,
> Ethan A.
> *Sent:* Wednesday, December 19, 2018 7:42 PM
> *To:* detnet@ietf.org
> *Cc:* ekr@rtfm.com
> *Subject:* [Detnet] DetNet Use Cases comment - time properties of
> cryptographic algorithms used to verify traffic
>
>
>
> [EXTERNAL EMAIL]
>
> Hi All,
>
> In going over the remaining IESG review comments, there is this question
> on Sec 11.5 (Security). I don’t think it is worth holding up the Use Cases
> draft for, but it seems worth a conversation on the list.
>
>
>
> Text from Section 11.5:
>
> >      addition to arriving with the data content as intended, the data
> must
>
> >      also arrive at the expected time.  This may present "new" security
>
> >      challenges to implementers, and must be addressed accordingly.
> There
>
> >      are other security implications, including (but not limited to) the
>
> >      change in attack surface presented by packet replication and
>
> >      elimination.
>
>
>
> Reviewer’s Comment:
>
> Do these requirements impose new requirements on the cryptographic
> algorithms used to verify traffic?
>
>
>
> Ethan’s thoughts:
>
> Good question, for example do such algorithms have deterministic execution
> times? Is there a large spread between best- and worst-case execution
> times? Is this a topic for the Security draft? The Architecture draft? Or
> is this a more general matter of network (or network silicon)
> design/implementation/performance, and thus doesn’t get covered in DetNet
> drafts?
>
> --------------------------------------------------
>