IETF Logo Mail Archive

Re: [IPsec] Cost-efficient quantum-resistant DoS protection

Yoav Nir <ynir.ietf@gmail.com> Fri, 12 November 2021 07:06 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D943A12F9 for <ipsec@ietfa.amsl.com>; Thu, 11 Nov 2021 23:06:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4g4b-p5uUWEZ for <ipsec@ietfa.amsl.com>; Thu, 11 Nov 2021 23:05:58 -0800 (PST)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 407383A12F5 for <ipsec@ietf.org>; Thu, 11 Nov 2021 23:05:58 -0800 (PST)
Received: by mail-wr1-x42a.google.com with SMTP id d27so13859757wrb.6 for <ipsec@ietf.org>; Thu, 11 Nov 2021 23:05:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=r8F/UPdDwdvJGv/VXz9r9Eo6+v4YLg4Uq7DDK8jquUo=; b=So6w/SyLG+CTQ2uJs0fM0AJzp2X/pmw7ZhHJuuubaQ9DYrPSFDgPG1pwLOXsX+NiMb n9WiZvu0SflYJ8v5U/LNI7DLEutmaPpJiR/HAz+d3eDqyQFrU7Tgnjv+u79MqU8YibHH sJlFmAvxPX9n5zE6OIbwI19sSJnd3e7AlpH/jZrLf/pOJ+KaaiCSvysIJdoZo3lArXYD WFkGUoz4o0c13bmutoP6FEAO5eBQjXXOprzQK23iDH164ja3jQmc5gZjP7P2KUExSKeT PUgzXybXUiUdwcj063c/6CdawrvrO5WqT3XbhI6423sa3t62dgqVeMS6dvF3jeGPHp8/ ohkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=r8F/UPdDwdvJGv/VXz9r9Eo6+v4YLg4Uq7DDK8jquUo=; b=AqnijOyZCb8BQ9t/S0TAtGWFansDp4UeICXTakl6ZdrI3lSG7GR3+8kwopQhsrR44g 4Z4Aflh6QetaFmrbzqxn6n5tyurg0HW0RuGGrL82MYqgrfi5ix29v8aaf31MLdT5wmEn 0TIAZoI8kYjMP/Tv1CWkrjFZK942w84pVohenRr98PwbcQzFxzkm2H8ah6x5T7zEq0IL e+npuyVg+nCdiG9Vw5wXKRnepl2GpzM4mKZ77pQLoWE0ihpXEJXYC+oJQzqo3tuFRHR5 dnf8TlG2kReL/GAVPii03n0EIy66acIPTEd+pehMiwJ4Kk5TC15c+kTS8krqncx6q/XX 5u8A==
X-Gm-Message-State: AOAM533A47QxEABfhTSaXuFhvbqEOCj+N7YqNRElUHltSzVQOS5k+Qb+ HXlfk1t/ArfWZjlNaoXFg3M=
X-Google-Smtp-Source: ABdhPJx40EfPy5OmdMJpQ5JjIVuK+jH5G9JuEtNggOG4xqKiu76FK1dHlb94M0AJ7UF5T4+lBH6lvA==
X-Received: by 2002:a5d:694a:: with SMTP id r10mr15765706wrw.170.1636700755812; Thu, 11 Nov 2021 23:05:55 -0800 (PST)
Received: from smtpclient.apple ([87.69.209.176]) by smtp.gmail.com with ESMTPSA id l15sm4910283wme.47.2021.11.11.23.05.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Nov 2021 23:05:55 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <17699.1636555288@localhost>
Date: Fri, 12 Nov 2021 09:05:53 +0200
Cc: Valery Smyslov <smyslov.ietf@gmail.com>, ipsec@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E27A992-7A0B-4869-9B85-868277A7A573@gmail.com>
References: <935923623769463b80caf7b64bfe430a@genua.de> <07a701d7c500$5c3fdcc0$14bf9640$@gmail.com> <994547d5af7a47b2b4819136af4b29fd@EX13D01ANC003.ant.amazon.com> <CANs=h-XU98=XVZ-1YNsp3_W1_Y3p5UgHnOgH-DPXgAQP7GuBmw@mail.gmail.com> <4d3d0181b23048bb9b57f1c97672c1ea@genua.de> <24956.19843.441109.862288@fireball.acr.fi> <27139.1635707097@localhost> <06fe01d7cf10$b966d6f0$2c3484d0$@gmail.com> <969A6112-B9E4-4D29-9077-094E56AEBD1D@gmail.com> <17699.1636555288@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/z0wpNtqFWuY-UI_MlIHC4CqJQkE>
Subject: Re: [IPsec] Cost-efficient quantum-resistant DoS protection
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2021 07:06:03 -0000


> On 10 Nov 2021, at 16:41, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Yoav Nir <ynir.ietf@gmail.com> wrote:
>>>> Tero Kivinen <kivinen@iki.fi> wrote:
>>>>>> Even without surpassing the 64KB limit, this must be a concern.
>>>>>> IKEv2's cookie mechanism and puzzles try to increase the cost of the
>>>>>> attacker per each connection. Now, an attacker must still accept
>>>>>> these costs but can use one connection to trigger several key
>>>>>> exchanges, all significantly larger than what we had with DH, making
>>>>>> the trade-off way better for them compared to non-pqc IKEv2.
>>>> 
>>>>> No it cannot. Attacker can use cookie only once, and will only get one
>>>>> exchange created by each cookie exchange, thus it needs to do puzzles
>>>>> and cookies again for every single attack packet it wants to send.
>>>> 
>>>> I wonder if anyone has any stats on how often cookie challenge is used, how
>>>> often puzzles are invoked.
>>> 
>>> I've implemented puzzles, but I'm not aware of any other implementation.
>>> 
>>> What about cookies - in stress tests they are used very intensively.
>>> But I don't have any real life stats for them.
>>> 
>>> Regards,
>>> Valery.
> 
>> I also implemented puzzles. So that makes two of us.
> 
> Did you ever interop?

No. Never got to it.

> What is your criteria for enabling them?  Do you do this automatically, or is
> it an operator configuation to demand them?

GUI had three settings: off, cookies, puzzles.  In case of cookies or puzzles, they would activate with a certain number of simultaneous IKE negotiations in progress.

Because of GUI constraints, that setting had to apply to both IKEv1 and IKEv2 (that was s separate set of radio buttons)

Yoav

v2.23.0 | Report a Bug | By Email