IETF Logo Mail Archive

Re: [IPsec] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

Valery Smyslov <svan@elvis.ru> Mon, 30 May 2022 16:21 UTC

Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB8DFC15AAE4; Mon, 30 May 2022 09:21:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C4ZCAclgXBGz; Mon, 30 May 2022 09:21:54 -0700 (PDT)
Received: from akmail.elvis.ru (akmail.elvis.ru [82.138.51.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD83BC15AAE3; Mon, 30 May 2022 09:21:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:CC:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=IpRQ2nr+dKy8Ho4BHMcw5Kv8ZSJSTAQcWNHIhCOLCYA=; b=qKRvhd5WN1QLPNLD7HsTmCgNtO PqY5R9oPRicIUoHN22O7NvQif4dD5GZKcOwFCBd08peBkgD38Vsp6ipm9cgDe60b+jjyvLIUu39a7 xdGWFFTtRQSIcro0rwO9Qt1H+goOA6kg1LD375iAfrVJYxXqdhTS5nu1SKCfoCWH4kCY=;
Received: from kmail.elvis.ru ([93.188.44.208]) by akmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1nvi9M-0007IJ-9X; Mon, 30 May 2022 19:21:48 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1nvi9M-000526-0O; Mon, 30 May 2022 19:21:48 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Mon, 30 May 2022 19:21:47 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Mon, 30 May 2022 19:21:47 +0300
From: Valery Smyslov <svan@elvis.ru>
To: touch@strayalpha.com
CC: 'Christian Huitema' <huitema@huitema.net>, secdir@ietf.org, draft-ietf-ipsecme-rfc8229bis.all@ietf.org, ipsec@ietf.org, last-call@ietf.org
References: <165377251630.6282.16767658545384357479@ietfa.amsl.com> <077301d8741b$c0fe9b40$42fbd1c0$@elvis.ru> <9d37d517-b6ff-6965-40a2-67f5c2a3e476@huitema.net> <183D552C-A06A-4DD4-92B9-6FEF7B9DCED1@strayalpha.com> <07de01d87439$d8889fe0$8999dfa0$@elvis.ru> <63F2C9A3-AB50-4447-853B-AAA2899CFA56@strayalpha.com>
In-Reply-To: <63F2C9A3-AB50-4447-853B-AAA2899CFA56@strayalpha.com>
Date: Mon, 30 May 2022 19:21:48 +0300
Message-ID: <081301d87441$5cb483e0$161d8ba0$@elvis.ru>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0814_01D8745A.8204A210"
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQKKl9px7X7eA1CQ6TUrJpeus4VMBQFqn8/DAZarXSgCJISO6gGTeSJ+ApxrehuriKE/cA==
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/05/30 15:51:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/05/30 10:43:00 #19620716
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/G7NfPDiHxvfz_FR4Y8r_Xjd3RGg>
Subject: Re: [IPsec] [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 May 2022 16:21:59 -0000

 

From: touch@strayalpha.com [mailto:touch@strayalpha.com] 
Sent: Monday, May 30, 2022 7:00 PM
To: Valery Smyslov
Cc: Christian Huitema; secdir@ietf.org; draft-ietf-ipsecme-rfc8229bis.all@ietf.org; ipsec@ietf.org; last-call@ietf.org
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

 

It might be useful to add that most of those injection attacks are similar to the kind of attack possible when IPsec is carried inside IP tunnels or UDP tunnels when IPsec messages are split across tunnel messages. In those cases, the vulnerability depends on the predictability of the fragment identifier, which can be much smaller than the predictability of being within the TCP receive window sequence space, esp. for long-lived TCP connections.

 

          Do you mean that fragmented packets will never be re-assembled at receiving end and thus dropped?

 

          We can add the following sentence after the list in the text below:

 

 

          Note, that data injection attacks are also possible on IP level (e.g. when IP fragmentation is used)

          resulting in DoS attack even if TCP encapsulation is not used.

 

 

          Regards,

          Valery.

 

Joe

 

—

Dr. Joe Touch, temporal epistemologist

www.strayalpha.com





On May 30, 2022, at 8:28 AM, Valery Smyslov <svan@elvis.ru> wrote:

 

Hi Joe, Christian,

 

From:  <mailto:touch@strayalpha.com> touch@strayalpha.com [ <mailto:touch@strayalpha.com> mailto:touch@strayalpha.com] 
Sent: Monday, May 30, 2022 6:21 PM
To: Christian Huitema
Cc: Valery Smyslov;  <mailto:secdir@ietf.org> secdir@ietf.org;  <mailto:draft-ietf-ipsecme-rfc8229bis.all@ietf.org> draft-ietf-ipsecme-rfc8229bis.all@ietf.org;  <mailto:ipsec@ietf.org> ipsec@ietf.org;  <mailto:last-call@ietf.org> last-call@ietf.org
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-ipsecme-rfc8229bis-06

 

On May 30, 2022, at 8:00 AM, Christian Huitema < <mailto:huitema@huitema.net> huitema@huitema.net> wrote:

 

The bar against TCP injection attacks might be lower than you think. An attacker that sees the traffic can easily inject TCP packet with sequence number that fit in the flow control window and are ahead of what the actual sender produced. 

 

It might be useful to be more specific about the issue. Data injection attacks on TCP connections interfere with the IPsec stream in a similar way to IP or UDP fragment attacks on IP or UDP tunnels that use fragmentation. 

 

In all three cases, attackers can corrupt in-transit packets via IP packet attacks, which is not possible with an unfragmented IPsec message.

 

In all three cases, this happens when an injection can overwrite a portion of an IPsec message.

 

Data isn’t injected to the user, though.

 

          I suggest we add the following text to the Security considerations:

 

 

 

   TCP data injection attacks have no effect on application data since

   IPsec provides data integrity.  However, they can have some effect,

   mostly as a DoS attack:

 

   o  if an attacker alters the content of the Length field that

      separates packets, then the receiver will incorrectly identify the

      margins of the following packets and will drop all of them or even

      tear down the TCP connection if the content of the Length field

      happens to be 0 or 1 (see Section 3)

 

   o  if the content of an IKE message is altered, then it will be

      dropped by the receiver; if the dropped message is the IKE request

      message, then the initiator will tear down the IKE SA after some

      timeout, since in most cases the request message will not be

      retransmitted (as advised in Section 6.2) and thus the response

      will never be received

 

   o  if an attacker alters the non-ESP marker then IKE packets will be

      dispatched to ESP and sometimes visa versa, those packets will be

      dropped

 

   o  if an attacker modifies TCP-Encapsulated stream prefix or

      unencrypted IKE messages before IKE SA is established, then in

      most cases this will result in failure to establish IKE SA, often

      with false "authentication failed" diagnostics

 

   An attacker capable of blocking UDP traffic can force peers to use

   TCP encapsulation, thus degrading the performance and making the

   connection more vulnerable to DoS attacks.  Note, that attacker

   capable to modify packets on the wire or to block them can prevent

   peers to communicate regardless of the transport being used.

 

 

 

(The text is still a draft, I’ve been waiting for Tommy to review it).

 

Regards,

Valery.

 

 

Joe

 

 

 

 

-- 
last-call mailing list
 <mailto:last-call@ietf.org> last-call@ietf.org
 <https://www.ietf.org/mailman/listinfo/last-call> https://www.ietf.org/mailman/listinfo/last-call

v2.23.0 | Report a Bug | By Email