[ippm] Mitigating replay threat in draft-ietf-ippm-asymmetrical-pkts

Greg Mirsky <gregimirsky@gmail.com> Tue, 23 July 2024 23:03 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ABF9C151553 for <ippm@ietfa.amsl.com>; Tue, 23 Jul 2024 16:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXFNDcq_H7FP for <ippm@ietfa.amsl.com>; Tue, 23 Jul 2024 16:03:14 -0700 (PDT)
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2D5CC14F5F8 for <ippm@ietf.org>; Tue, 23 Jul 2024 16:03:14 -0700 (PDT)
Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-661d7e68e89so2993447b3.0 for <ippm@ietf.org>; Tue, 23 Jul 2024 16:03:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721775794; x=1722380594; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=khpYOOiacOUOBiJO1zBM+XimBl+NjcHN/d9vD2fbAd0=; b=In1QTrOYEVXx/BncqTnpKnxkbRIU72UPidMmhaNoRFMPwRQNTylhOD+egR9gbIlnbz PCJ55zNPWBJ/+SL8qTY+3ghJFjTFYHE0D7hQyh1RJFOHfXxtWQB94QY5j/NA6G+6kvKL hqPw8HM8F1p72ZNnJnu755aZtjHCP8w1So+cSS8mJYTaejLBN34naaJ3rAcpmonNGjmA FKmuB0uBovXpyCxpdS/vl2K33JPmf6qFrhM7vlv4WB5Q3aRyuqAbheq/mp6BVrDaXslT 3mxwQZOsu9pkQAg2Qr67O7Uvq6ftLdjYHDlRU5CeMdI3hlxeUlhiYI64G9QYWvw3AYLR Om+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721775794; x=1722380594; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=khpYOOiacOUOBiJO1zBM+XimBl+NjcHN/d9vD2fbAd0=; b=tteM937UKiiUcpxgzT9PgJOi7v8bXL2hjrLKexwCjhnRGCQrD2pB/IdA0+GutwaFsI u073DeXXhjYGtDQc9QY4o0jaZ/YQ/ykWaGp9nXW1kKYEyAbURz1fwvGFzRuTxsw2Rmvo LSupiHAeBOed/fCYEr8WgMZqHhAaReWtOtJ3EFSdtGCtuh7Wuo+x47e09nFGSU4WhH2b NAFleZHjmhZOqrtONCmQ42eAOIE2qwF3D0A0+eO8nErMKsEvDgqJA3457HiEZ2dqcei3 yfDcTG1MxnNBH63IiddhsK3p03iFV5t3s74Wa5aIO/KHdloOP1mLha2kF8bsoB4dq5Nl Gj7g==
X-Forwarded-Encrypted: i=1; AJvYcCX4V3MBLpgpRNJS+cSWoQl0tbLCF3mNaVlqs8aseJBQDJeX09KpaY9Us06wv7978JKu0Ma1oZikZpqpsy63
X-Gm-Message-State: AOJu0YwbChYJsqt3oomo+hYGUe2iI+gfd1Bt34IcWIo+eP9+3+37wQHY kqw2ySHmaJbdNlHW9EjBxdWfVrd8Lgt23ZmmYZWj2zt4eL2UyQjfn8eVljZF8M9f7vTBrzSfVxw tmSGJRbe9FqYuHiEpDN2EO+7u2txt43hqUdg=
X-Google-Smtp-Source: AGHT+IEnEg4ldK3nAqz42rO/g7EVd4QD5VsLcF1YF1beV/2MUEaJC4kdEJc1auYbFgR9+/AXzIiqTMI/zAt264s4F14=
X-Received: by 2002:a05:690c:dcd:b0:66a:bf53:e077 with SMTP id 00721157ae682-672be25d716mr686817b3.16.1721775793798; Tue, 23 Jul 2024 16:03:13 -0700 (PDT)
MIME-Version: 1.0
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 23 Jul 2024 16:03:03 -0700
Message-ID: <CA+RyBmV84T0tTxTqx1k+-pLzRS7cpFsvHndCceNHoSeD4dxzAg@mail.gmail.com>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000928845061df22a25"
Message-ID-Hash: F35ZBJUIYKCIGRUE2F5GSHNWIU76DUSD
X-Message-ID-Hash: F35ZBJUIYKCIGRUE2F5GSHNWIU76DUSD
X-MailFrom: gregimirsky@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ippm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [ippm] Mitigating replay threat in draft-ietf-ippm-asymmetrical-pkts
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/9wQIVUgY6Mp-MyFv_LCHgT60pXI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Owner: <mailto:ippm-owner@ietf.org>
List-Post: <mailto:ippm@ietf.org>
List-Subscribe: <mailto:ippm-join@ietf.org>
List-Unsubscribe: <mailto:ippm-leave@ietf.org>

Hi Tal,
thank you for your thoughtful question that prompted consideration of the
possible replay attack even in the presence of the HMAC TLV. One of the
useful mechanisms to mitigate the replay attack is having monotonically
increasing counter that can be compared to the previously received value. RFC
8762 <https://datatracker.ietf.org/doc/rfc8762/> is capable to measure
packet loss by using the Sequence Number maintained by the Session-Sender.
As a result, the Session-Reflector can use the value of the Sequence Number
field in the received STAMP test packet to detect potential replay attack.
Of course, the replay attack may be mistaken for the packet
re-ordering condition. Taking that into consideration, I propose the
following update to the Security Considerations:
OLD TEXT:
   Considering the potential number of reflected packets that can be
   generated by a single test packet sent to a Multicast address, when
   sending such messages a Session-Sender SHOULD sign packets using the
   HMAC TLV.
NEW TEXT:
   Considering the potential number of reflected packets that can be
   generated by a single test packet sent to a multicast address, a
   Session-Sender SHOULD sign packets using the HMAC TLV when sending
   such messages.  But even with the HMAC TLV, the Reflected Test Packet
   Control TLV could be exploited for the replay attack.  To mitigate
   that risk, a STAMP Session-Reflector SHOULD use the value of Sequence
   Number field [RFC8762] of the received STAMP test packet.  If that
   value compared to the received in the previous test packet of the
   same STAMP test session is not increasing, then the Session-Reflector
   MUST respond with a single reflected packet, setting the U flag to 1
   [RFC8972].

What are your thoughts?

Regards,
Greg