Re: [dtn-security] Including fragment offset in the correlator doesn't prevent all fragment collisions.

Amy Alford <aloomis@sarn.org> Wed, 20 March 2013 23:36 UTC

Return-Path: <aloomis@sarn.org>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 965B121F8DE3 for <dtn-security@ietfa.amsl.com>; Wed, 20 Mar 2013 16:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfBASZtihWDX for <dtn-security@ietfa.amsl.com>; Wed, 20 Mar 2013 16:36:34 -0700 (PDT)
Received: from mail-qa0-f52.google.com (mail-qa0-f52.google.com [209.85.216.52]) by ietfa.amsl.com (Postfix) with ESMTP id 73E9621F8DDF for <dtn-security@irtf.org>; Wed, 20 Mar 2013 16:36:33 -0700 (PDT)
Received: by mail-qa0-f52.google.com with SMTP id bs12so1376535qab.18 for <dtn-security@irtf.org>; Wed, 20 Mar 2013 16:36:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=+kBceYbf1ZLjYVFGIGAZfXXebv3+GcM4xa5AKp/AxSg=; b=ZTMEpMRlBX/9cp7lvwnuS8zLk9z9M1YinpTQhN0WUlJmUc9S0ELVOECRLkwylVn6Z1 oYW99vZjC3xHwXlYMSwtlmZjMzNSxfInyk8bpzMxVOAJHGeBXDvmH0Rvi0qhTlpfsdPG dQN4giRK9UorW3Dv4hqZFvhnYCzaAXCxsMAYM0f+n168CKgD0cKQUsPxQPA3U80MutHD /FVKuneQwPhNuHUsVD2HenE2fdptzX6/TjxoHnRAOnWRWzoP6Vpo0rBLO0GPUK+K0A0I YXTAs5qF3F0TFY6/+rSXU/ha6Ry5F3YygLCBj9lGKJbVsGRPEpq1Hl6kvZ25lfrklZ8y sadw==
MIME-Version: 1.0
X-Received: by 10.229.111.148 with SMTP id s20mr2201437qcp.28.1363822592684; Wed, 20 Mar 2013 16:36:32 -0700 (PDT)
Received: by 10.49.81.199 with HTTP; Wed, 20 Mar 2013 16:36:32 -0700 (PDT)
In-Reply-To: <20130320011114.1072992195@smtp.mail.me.com>
References: <CAB9rx+85HHsNj=EhmsqhCdtY5k=S4p1Jgzz4VsmEC+43ERygWA@mail.gmail.com> <20130320011114.1072992195@smtp.mail.me.com>
Date: Wed, 20 Mar 2013 19:36:32 -0400
Message-ID: <CAB9rx+_G87R-ZtwBx14jX8YkmX__zjhhVXn8XesZztMaY0vZXg@mail.gmail.com>
From: Amy Alford <aloomis@sarn.org>
To: Peter Lovell <plovell@mac.com>
Content-Type: multipart/alternative; boundary=002354471a502cb17404d863b110
X-Gm-Message-State: ALoCoQnXTCYRIODvwKpubiufVsyNsvjWK+eJDFxDqw/+pDoP2pThGVKSXPV4BZwIPfLbYaY5HKsH
Cc: dtn-security <dtn-security@irtf.org>
Subject: Re: [dtn-security] Including fragment offset in the correlator doesn't prevent all fragment collisions.
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2013 23:36:34 -0000

A 100 byte bundle is created.  Different nodes independently fragment it
into 50 byte fragments.  A subsequent node adds PIB and PCB (so we have
correlated PCB blocks) to each fragment with a security destination of the
bundle destination.   The correlators can collide. (In DTN2, they will
collide.)

If the fragments are reassembled before the destination, the destination
has no way to distinguish the PCB blocks that should correlate with each
other.

Alternatively, if we assume reassembly only happens at the destination
(which 5050 doesn't guarantee), we still have a problem if we use a two
block PIB ciphersuite where one block comes before the payload and one
comes after.

A node creates a 100 byte bundle.  It's independently fragmented into 50
byte bundles.  A subsequent node adds a PIB ciphersuite with a correlated
block trailing the payload.  Again, the correlators collide.  Now, each 50
byte fragment is fragmented again.  So, we have fragments:

(I'm numbering the PIB instances so that we can distinguish them in the
discussion.  The numbers don't correspond to anything identifiable in the
blocks themselves.)

PIB 1 with correlator x -> 0-25
25-50 -> PIB 1 with correlator x
PIB 2 with correlator y -> 50-75
75-100 -> PIB 2 with correlator y

PIB 3 with correlator x -> 0-25
25-50 -> PIB 3 with correlator x
PIB 4 with correlator y -> 50-75
75-100 -> PIB 4 with correlator y

The receiving node has no way to realize that that pre-payload PIB 1 with
correlator x doesn't match up to the post-payload PIB 3 with correlator x.

- Amy

On Tue, Mar 19, 2013 at 9:11 PM, Peter Lovell <plovell@mac.com> wrote:

> Amy Alford <aloomis@sarn.org> wrote:
>
> >A bundle can be fragmented multiple times independently, so a node may
> >receive multiple fragments with the same offset and length that have
> >traveled different paths (and accumulated different BSP blocks along the
> >way).  Collisions in the correlator values once the bundle is reassembled
> >are inevitable.
> >- Amy
>
> Hi Amy,
>
> my thought is that we have covered the problem of multiple-fragmentation
> and multi-path, but perhaps not.
>
> Can you describe a bundle scenario that exemplifies the issue you see, so
> we can think about it.
>
> Thanks.....Peter
>
>