IETF Logo Mail Archive

Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic

"Black, David" <David.Black@dell.com> Thu, 20 December 2018 16:17 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E9212894E for <detnet@ietfa.amsl.com>; Thu, 20 Dec 2018 08:17:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.764
X-Spam-Level:
X-Spam-Status: No, score=-2.764 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=PtREP2fl; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=noqPxG+x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsAe7IA1gHtN for <detnet@ietfa.amsl.com>; Thu, 20 Dec 2018 08:17:04 -0800 (PST)
Received: from esa3.dell-outbound.iphmx.com (esa3.dell-outbound.iphmx.com [68.232.153.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71E9E1274D0 for <detnet@ietf.org>; Thu, 20 Dec 2018 08:17:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1545322611; x=1576858611; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=dyBXgY1CY/yEcjLbkhcB0x19LtzXlRr84QCIXKu94Fw=; b=PtREP2fluedt83ELw+kkRPPhrhDfFkGTTEaJitOSoW1paXtpACr7nW1f +4ZUFdW71unL2qChDH3g7HcWl8iWKhBr+vBP45Uhjoq4qfBO+ft3dZOxa /kkQCf4UC7E9PNj2MzyIgSijhjtt6rgbt7dxTz4QYBu7X0wDcNH4Y7eia Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EHAACdvxtchyeV50NlHAEBAQQBAQcEAQGBUQcBAQsBgQ0jgTlwEicKg3OIGV+NKZdeFIErPAsBASMLhD4CF4J4NAkNAQMBAQIBAQIBAQIQAQEBCgsJCCkjDII2JAEPTS8JMwEBAQEBAQEBAQEBAQEBAQEBARcCFC8TAQEYAQEBAQIBEhEKEx8aAQQLAgEIDgMBAwEBAQodAwICAjAUAwYIAQEEDgUIGoMAAYEdXAgBDpsiPQKBbokGAQEBboEvgn2HIQiJd4EGJn6Bdj6BEUaCHi6CYzALA4EtAQsHASEMKIJSMYImiU1+hHuRH1oDBAICkXuRXYMMlloCBAIEBQIUgUaBHnFwUIJsCYIsG4IxgQeHeoJZQTEBAYwYDxeBCIEfAQE
X-IPAS-Result: A2EHAACdvxtchyeV50NlHAEBAQQBAQcEAQGBUQcBAQsBgQ0jgTlwEicKg3OIGV+NKZdeFIErPAsBASMLhD4CF4J4NAkNAQMBAQIBAQIBAQIQAQEBCgsJCCkjDII2JAEPTS8JMwEBAQEBAQEBAQEBAQEBAQEBARcCFC8TAQEYAQEBAQIBEhEKEx8aAQQLAgEIDgMBAwEBAQodAwICAjAUAwYIAQEEDgUIGoMAAYEdXAgBDpsiPQKBbokGAQEBboEvgn2HIQiJd4EGJn6Bdj6BEUaCHi6CYzALA4EtAQsHASEMKIJSMYImiU1+hHuRH1oDBAICkXuRXYMMlloCBAIEBQIUgUaBHnFwUIJsCYIsG4IxgQeHeoJZQTEBAYwYDxeBCIEfAQE
Received: from mx0a-00154901.pphosted.com (HELO mx0b-00154901.pphosted.com) ([67.231.149.39]) by esa3.dell-outbound.iphmx.com with ESMTP/TLS/AES256-SHA256; 20 Dec 2018 10:16:50 -0600
Received: from pps.filterd (m0090350.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id wBKGDAON139001 for <detnet@ietf.org>; Thu, 20 Dec 2018 11:17:03 -0500
Received: from esa3.dell-outbound2.iphmx.com (esa3.dell-outbound2.iphmx.com [68.232.154.63]) by mx0b-00154901.pphosted.com with ESMTP id 2pgdqs8a8k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <detnet@ietf.org>; Thu, 20 Dec 2018 11:17:02 -0500
From: "Black, David" <David.Black@dell.com>
Received: from mailuogwhop.emc.com ([168.159.213.141]) by esa3.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA256; 20 Dec 2018 22:16:37 +0600
Received: from maildlpprd03.lss.emc.com (maildlpprd03.lss.emc.com [10.253.24.35]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id wBKGGsLd027773 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 20 Dec 2018 11:16:58 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com wBKGGsLd027773
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1545322618; bh=SlvQEfQIhEU/OUDsl/pQ78B/fp0=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=noqPxG+xxCy8TkwEIl9Hg/vngT/SRyzfPubBx55uQar82iPord9BZtHwxp/Wo99JG 7S4Q41HWofhaFXDu5HWIx5Y0YSdI31Vpb6wNjQti5I0al3tCkTM29ZM3MThjDw3GLL Xt5WTsv2NNvRlPvtouek4vjD3dD6qMStCn1LyzAU=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com wBKGGsLd027773
Received: from mailusrhubprd51.lss.emc.com (mailusrhubprd51.lss.emc.com [10.106.48.24]) by maildlpprd03.lss.emc.com (RSA Interceptor); Thu, 20 Dec 2018 11:16:47 -0500
Received: from MXHUB317.corp.emc.com (MXHUB317.corp.emc.com [10.146.3.95]) by mailusrhubprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id wBKGGkcL026806 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Thu, 20 Dec 2018 11:16:47 -0500
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB317.corp.emc.com ([10.146.3.95]) with mapi id 14.03.0399.000; Thu, 20 Dec 2018 11:16:46 -0500
To: Eric Rescorla <ekr@rtfm.com>
CC: "Grossman, Ethan A." <eagros@dolby.com>, "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
Thread-Index: AdSX+/sLTp7DPyO1QkG1vyM68OeTlQAEW9GwAB/L94AAA43SkA==
Date: Thu, 20 Dec 2018 16:16:45 +0000
Message-ID: <CE03DB3D7B45C245BCA0D24327794936303A66C9@MX307CL04.corp.emc.com>
References: <BY1PR0601MB1403A041DF88D362261DA127C4BF0@BY1PR0601MB1403.namprd06.prod.outlook.com> <CE03DB3D7B45C245BCA0D24327794936303A55D1@MX307CL04.corp.emc.com> <CABcZeBNEi5n_aKHJ1QOPGvLo1L-Ef=kkxG1ewACES8GfARZRgA@mail.gmail.com>
In-Reply-To: <CABcZeBNEi5n_aKHJ1QOPGvLo1L-Ef=kkxG1ewACES8GfARZRgA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.21.131]
Content-Type: multipart/alternative; boundary="_000_CE03DB3D7B45C245BCA0D24327794936303A66C9MX307CL04corpem_"
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd51.lss.emc.com
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-20_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812200132
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/Pqb7-wJ69H7Y-EIb5q6_ESq4rj8>
Subject: Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 16:17:07 -0000

Hmm … looking at that reference, I’m tempted to split hairs by observing that the TLS/DTLS computational non-determinism arises from the padding format, which is not exactly a crypto algorithm.

OTOH, what actually matters in detnet context is determinism of the entire computation that verifies the data, which may include decryption, independent of what portions of that computation are viewed as crypto vs. not crypto.  A sentence noting determinism as an important property of the overall security computation could be a useful addition to one of the drafts.

Thanks, --David

From: Eric Rescorla [mailto:ekr@rtfm.com]
Sent: Thursday, December 20, 2018 7:51 AM
To: Black, David
Cc: Grossman, Ethan A.; detnet@ietf.org
Subject: Re: DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic


[EXTERNAL EMAIL]
Hmm... You actually do need to go to some effort to make symmetric algorithms constant-time. See for instance: http://www.isg.rhul.ac.uk/tls/lucky13.html


On Wed, Dec 19, 2018 at 6:47 PM Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> wrote:
> Good question, for example do such algorithms have deterministic execution times?

Generally, yes, to a first approximation, as the algorithms used to encrypt and verify traffic are usually symmetric crypto algorithms such as AES and SHA-2 which perform the same computation regardless of input.   Non-deterministic execution times are associated with asymmetric crypto algorithms (e.g., public key algorithms), which are not typically used on a packet-by-packet basis - they’re used for session setup, including key exchange, from which keys are derived for the symmetric algorithms.

Thanks, --David

From: detnet [mailto:detnet-bounces@ietf.org<mailto:detnet-bounces@ietf.org>] On Behalf Of Grossman, Ethan A.
Sent: Wednesday, December 19, 2018 7:42 PM
To: detnet@ietf.org<mailto:detnet@ietf.org>
Cc: ekr@rtfm.com<mailto:ekr@rtfm.com>
Subject: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic


[EXTERNAL EMAIL]

Hi All,

In going over the remaining IESG review comments, there is this question on Sec 11.5 (Security). I don’t think it is worth holding up the Use Cases draft for, but it seems worth a conversation on the list.



Text from Section 11.5:

>      addition to arriving with the data content as intended, the data must

>      also arrive at the expected time.  This may present "new" security

>      challenges to implementers, and must be addressed accordingly.  There

>      are other security implications, including (but not limited to) the

>      change in attack surface presented by packet replication and

>      elimination.



Reviewer’s Comment:

Do these requirements impose new requirements on the cryptographic algorithms used to verify traffic?



Ethan’s thoughts:

Good question, for example do such algorithms have deterministic execution times? Is there a large spread between best- and worst-case execution times? Is this a topic for the Security draft? The Architecture draft? Or is this a more general matter of network (or network silicon) design/implementation/performance, and thus doesn’t get covered in DetNet drafts?
--------------------------------------------------

v2.23.0 | Report a Bug | By Email