IETF Logo Mail Archive

Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Sat, 22 December 2018 08:30 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B02C130DCD for <detnet@ietfa.amsl.com>; Sat, 22 Dec 2018 00:30:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.564
X-Spam-Level:
X-Spam-Status: No, score=-14.564 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IwGlJ8Rk3ajM for <detnet@ietfa.amsl.com>; Sat, 22 Dec 2018 00:29:57 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D38C12F1A6 for <detnet@ietf.org>; Sat, 22 Dec 2018 00:29:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22749; q=dns/txt; s=iport; t=1545467397; x=1546676997; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Vgy/Aclf47U6bWKM6fO9wr443LE4VimuvukHdxf35nI=; b=Hlk7XdTJr6hNbb/lrLbhgBc7IxiroNs2cPL9B2vIghgH2CERABk7KFKV EVh9/u5YKrvp52KWVivZxG/+t0We0pExq3Nv4D6z3/aZMpKEqjLE1IqtF Cqdjm9x1HFhY0lvh4isivgwJ92KBoWpBd0LbbfVe6PCHFleZZvrm0VBhL E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0APAADL9B1c/5JdJa1jGQEBAQEBAQEBAQEBAQcBAQEBAQGBVAEBAQEBAQsBgQ12ZoECJ4N+liKSB4VwgWcDCAEBhGwCF4JXIjcGDQEDAQECAQECbRwMhUoBAQEBAgEjCkwFCwIBCBEBAwEBKAMCAgIwFAMGCAEBBA4FgyIBgR1cCKUHBYE8gS+KKTSJQ3YQgSQeF4FAP4ERJx+BN2cuhE4BCwcBLSgCglAxgiYCiU1+hH+GXopJWgkCkWcYkWaDDpZ0AhEUgSc1ImVxcBU7KgGCQQmCR4Ixi1pBMY02DxeCJwEB
X-IronPort-AV: E=Sophos;i="5.56,383,1539648000"; d="scan'208,217";a="280240818"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Dec 2018 08:29:55 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id wBM8TtfQ028489 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 22 Dec 2018 08:29:55 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 22 Dec 2018 02:29:55 -0600
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1395.000; Sat, 22 Dec 2018 02:29:55 -0600
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "Black, David" <David.Black@dell.com>
CC: "Grossman, Ethan A." <eagros@dolby.com>, "detnet@ietf.org" <detnet@ietf.org>, "ekr@rtfm.com" <ekr@rtfm.com>
Thread-Topic: DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
Thread-Index: AdSX+/sLTp7DPyO1QkG1vyM68OeTlQAEW9GwAAoIQfAAUfnZsAAUxF1s
Date: Sat, 22 Dec 2018 08:29:55 +0000
Message-ID: <8B0117C3-ABCC-4B50-8BAF-5BE1D6D4329F@cisco.com>
References: <BY1PR0601MB1403A041DF88D362261DA127C4BF0@BY1PR0601MB1403.namprd06.prod.outlook.com> <CE03DB3D7B45C245BCA0D24327794936303A55D1@MX307CL04.corp.emc.com> <85ff3ddbde5f498ab1c680e1a7d97641@XCH-RCD-001.cisco.com>, <CE03DB3D7B45C245BCA0D24327794936303A96D2@MX307CL04.corp.emc.com>
In-Reply-To: <CE03DB3D7B45C245BCA0D24327794936303A96D2@MX307CL04.corp.emc.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_8B0117C3ABCC4B508BAF5BE1D6D4329Fciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/YWnD7H_V_fUUevxUDvqJssCxPCg>
Subject: Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Dec 2018 08:30:01 -0000

Hello David

We want every intermediate node to be able to detect bad packets as part of ingress filtering. If we use symmetrical keys then the key must be given to all relays which augments the risk of a leak. And if any relay is compromised or misbehaving it may inject traffic in the flow.

This is why if we could afford it an asymmetrical crypto would be preferable.

Merry Christmas!

Pascal

Le 21 déc. 2018 à 23:53, Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> a écrit :

Hi Pascal,

I would not preclude that, but I would discourage it, as, if I understand what is proposed, it involves checking a digital signature on each packet at arbitrary intermediate points along the flow, which is indeed rather expensive.

If only endpoint checks or checks at a small number of intermediate points are required, a more effective approach is to use asymmetric crypto to authenticate distribution or exchange of a secret key for symmetric crypto – a successful check based on that key provides traffic origin verification as long as the key is kept secret by the participants.  Both TLS and IKE (for IPsec) are examples of this for endpoint checks.

In both cases, origin verification also requires replay detection mechanism as part of the security protocol to prevent an attacker from recording and resending traffic, e.g., as a denial of service attack on flow forwarding resources.

Thanks, --David

From: detnet [mailto:detnet-bounces@ietf.org] On Behalf Of Pascal Thubert (pthubert)
Sent: Thursday, December 20, 2018 2:34 AM
To: Black, David; Grossman, Ethan A.; detnet@ietf.org<mailto:detnet@ietf.org>
Cc: ekr@rtfm.com<mailto:ekr@rtfm.com>
Subject: Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic


[EXTERNAL EMAIL]
Hello David :

Asymmetric is a lot more expensive, I’m hearing, but could be very useful to ensure that the packets in a DetNet flow are from the proper source.
Say that the DetNet flow is associated with a keypair, and that the private key is available to the source of the flow whereas the public key is distributed with the flow information.
We should not preclude that should we? As long as the crypto time is bounded we should be OK.

All the best

pascal

From: detnet <detnet-bounces@ietf.org<mailto:detnet-bounces@ietf.org>> On Behalf Of Black, David
Sent: jeudi 20 décembre 2018 03:47
To: Grossman, Ethan A. <eagros@dolby.com<mailto:eagros@dolby.com>>; detnet@ietf.org<mailto:detnet@ietf.org>
Cc: ekr@rtfm.com<mailto:ekr@rtfm.com>
Subject: Re: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic

> Good question, for example do such algorithms have deterministic execution times?

Generally, yes, to a first approximation, as the algorithms used to encrypt and verify traffic are usually symmetric crypto algorithms such as AES and SHA-2 which perform the same computation regardless of input.   Non-deterministic execution times are associated with asymmetric crypto algorithms (e.g., public key algorithms), which are not typically used on a packet-by-packet basis - they’re used for session setup, including key exchange, from which keys are derived for the symmetric algorithms.

Thanks, --David

From: detnet [mailto:detnet-bounces@ietf.org] On Behalf Of Grossman, Ethan A.
Sent: Wednesday, December 19, 2018 7:42 PM
To: detnet@ietf.org<mailto:detnet@ietf.org>
Cc: ekr@rtfm.com<mailto:ekr@rtfm.com>
Subject: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic


[EXTERNAL EMAIL]

Hi All,

In going over the remaining IESG review comments, there is this question on Sec 11.5 (Security). I don’t think it is worth holding up the Use Cases draft for, but it seems worth a conversation on the list.



Text from Section 11.5:

>      addition to arriving with the data content as intended, the data must

>      also arrive at the expected time.  This may present "new" security

>      challenges to implementers, and must be addressed accordingly.  There

>      are other security implications, including (but not limited to) the

>      change in attack surface presented by packet replication and

>      elimination.



Reviewer’s Comment:

Do these requirements impose new requirements on the cryptographic algorithms used to verify traffic?



Ethan’s thoughts:

Good question, for example do such algorithms have deterministic execution times? Is there a large spread between best- and worst-case execution times? Is this a topic for the Security draft? The Architecture draft? Or is this a more general matter of network (or network silicon) design/implementation/performance, and thus doesn’t get covered in DetNet drafts?
--------------------------------------------------

v2.23.0 | Report a Bug | By Email