IETF Logo Mail Archive

Re: [dtn-security] Including fragment offset in the correlator doesn't prevent all fragment collisions.

Elwyn Davies <elwynd@folly.org.uk> Thu, 21 March 2013 01:00 UTC

Return-Path: <elwynd@folly.org.uk>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7976611E8117 for <dtn-security@ietfa.amsl.com>; Wed, 20 Mar 2013 18:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJ3TnGnHJOtA for <dtn-security@ietfa.amsl.com>; Wed, 20 Mar 2013 18:00:06 -0700 (PDT)
Received: from a.painless.aa.net.uk (a.painless.aa.net.uk [IPv6:2001:8b0:0:30::51bb:1e33]) by ietfa.amsl.com (Postfix) with ESMTP id 8888E11E810D for <dtn-security@irtf.org>; Wed, 20 Mar 2013 18:00:06 -0700 (PDT)
Received: from mightyatom.folly.org.uk ([81.187.254.250]) by a.painless.aa.net.uk with esmtp (Exim 4.77) (envelope-from <elwynd@folly.org.uk>) id 1UITrQ-0002ji-Rb; Thu, 21 Mar 2013 01:00:04 +0000
From: Elwyn Davies <elwynd@folly.org.uk>
To: Amy Alford <aloomis@sarn.org>
In-Reply-To: <CAB9rx+_G87R-ZtwBx14jX8YkmX__zjhhVXn8XesZztMaY0vZXg@mail.gmail.com>
References: <CAB9rx+85HHsNj=EhmsqhCdtY5k=S4p1Jgzz4VsmEC+43ERygWA@mail.gmail.com> <20130320011114.1072992195@smtp.mail.me.com> <CAB9rx+_G87R-ZtwBx14jX8YkmX__zjhhVXn8XesZztMaY0vZXg@mail.gmail.com>
Content-Type: text/plain
Organization: Folly Consulting
Date: Thu, 21 Mar 2013 00:56:59 +0000
Message-Id: <1363827420.23866.3526.camel@mightyatom>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3
Content-Transfer-Encoding: 7bit
Cc: dtn-security <dtn-security@irtf.org>
Subject: Re: [dtn-security] Including fragment offset in the correlator doesn't prevent all fragment collisions.
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2013 01:00:07 -0000

Hi, Amy.

I grok the problem properly now (I hope).

Does pushing a metadata block into the bundle with the EID (or if too
long) a short nonce or abbreviated digest of some part of the bundle
(e.g. some part of the PIB) into all the fragments at the node where it
is fragmented help?

Not a very satisfactory solution but it would help tie the two parts of
the PIB together.

/Elwyn


On Wed, 2013-03-20 at 19:36 -0400, Amy Alford wrote:
> A 100 byte bundle is created.  Different nodes independently fragment
> it into 50 byte fragments.  A subsequent node adds PIB and PCB (so we
> have correlated PCB blocks) to each fragment with a security
> destination of the bundle destination.   The correlators can collide.
> (In DTN2, they will collide.)     
> 
> 
> If the fragments are reassembled before the destination, the
> destination has no way to distinguish the PCB blocks that should
> correlate with each other.
> 
> 
> Alternatively, if we assume reassembly only happens at the destination
> (which 5050 doesn't guarantee), we still have a problem if we use a
> two block PIB ciphersuite where one block comes before the payload and
> one comes after.  
> 
> 
> A node creates a 100 byte bundle.  It's independently fragmented into
> 50 byte bundles.  A subsequent node adds a PIB ciphersuite with a
> correlated block trailing the payload.  Again, the correlators
> collide.  Now, each 50 byte fragment is fragmented again.  So, we have
> fragments:
> 
> 
> (I'm numbering the PIB instances so that we can distinguish them in
> the discussion.  The numbers don't correspond to anything identifiable
> in the blocks themselves.)
> 
> 
> PIB 1 with correlator x -> 0-25
> 25-50 -> PIB 1 with correlator x
> PIB 2 with correlator y -> 50-75
> 75-100 -> PIB 2 with correlator y
> 
> 
> PIB 3 with correlator x -> 0-25
> 25-50 -> PIB 3 with correlator x
> PIB 4 with correlator y -> 50-75
> 75-100 -> PIB 4 with correlator y
> 
> 
> The receiving node has no way to realize that that pre-payload PIB 1
> with correlator x doesn't match up to the post-payload PIB 3 with
> correlator x.
> 
> 
> - Amy
> 
> On Tue, Mar 19, 2013 at 9:11 PM, Peter Lovell <plovell@mac.com> wrote:
>         Amy Alford <aloomis@sarn.org> wrote:
>         
>         >A bundle can be fragmented multiple times independently, so a
>         node may
>         >receive multiple fragments with the same offset and length
>         that have
>         >traveled different paths (and accumulated different BSP
>         blocks along the
>         >way).  Collisions in the correlator values once the bundle is
>         reassembled
>         >are inevitable.
>         >- Amy
>         
>         
>         Hi Amy,
>         
>         my thought is that we have covered the problem of
>         multiple-fragmentation and multi-path, but perhaps not.
>         
>         Can you describe a bundle scenario that exemplifies the issue
>         you see, so we can think about it.
>         
>         Thanks.....Peter
>         
> 
> _______________________________________________
> dtn-security mailing list
> dtn-security@irtf.org
> https://www.irtf.org/mailman/listinfo/dtn-security

v2.23.0 | Report a Bug | By Email