Re: AD Evaluation: draft-ietf-6man-predictable-fragment-id
Fernando Gont <fgont@si6networks.com> Mon, 24 August 2015 13:36 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B176E1A0171; Mon, 24 Aug 2015 06:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iH5C7riEdgVD; Mon, 24 Aug 2015 06:36:16 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [37.72.100.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7659A1A0169; Mon, 24 Aug 2015 06:36:16 -0700 (PDT)
Received: from [186.137.82.224] (helo=[192.168.3.107]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fgont@si6networks.com>) id 1ZTrv2-0008AK-Ah; Mon, 24 Aug 2015 15:36:12 +0200
Message-ID: <55DB1DBF.5060909@si6networks.com>
Date: Mon, 24 Aug 2015 10:35:59 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>, draft-ietf-6man-predictable-fragment-id@ietf.org, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: AD Evaluation: draft-ietf-6man-predictable-fragment-id
References: <55D76AFD.2070000@innovationslab.net> <55D7D577.3010301@si6networks.com> <55DB0B87.5030200@innovationslab.net> <55DB1172.9030901@si6networks.com> <55DB155C.5020500@innovationslab.net>
In-Reply-To: <55DB155C.5020500@innovationslab.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/6b1oD6i2LIVCULeEboXlcn4rAMQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 13:36:18 -0000
Hi, Brian,
On 08/24/2015 10:00 AM, Brian Haberman wrote:
>>> Monotonically-increasing? The text in 5.3 clearly says:
>>>
>>> With such a scheme, the Fragment Identification value of
>>> each fragment datagram would be selected with the expression...
>>>
>>> That, to me, indicates that each time a Fragment ID is generated, the
>>> hash function is invoked. How is it monotonically increasing if the
>>> hash is invoked for each packet being fragmented?
>>
>> A simplified version of the expression in Section 5.3 would be:
>>
>> Identification = F(Src IP, Dst IP, secret1) + counter.
>>
>>
>> If you're receiviving packets from the same src IP, to your same dst IP,
>> those two addresses will be constant. secret1 is also constant. Then the
>
> Where in the text does it say that secret1 is constant?
You're right: we should mention this explicitly.
> As I noted in my last comment, it seems like the Fragment ID is
> re-generated any time a Fragment Header is needed. Is there any reason
> why secret1 couldn't/shouldn't be changed each time a Fragment Header is
> needed?
Frag ID is generated ("Identification" recomputed) for each fragmented
packet. for any given (src, dst), F() will be constant.
So the idea is that F() provides a radom number/offset, which will
remain constant for each pair (src, dst). Since "counter" is a "line",
"Identification" is esentially:
ID = m x + b = counter + F()
i.e. a line with a random offeset.
The reason for using this algorithm is that it results in a sequence
that is not predictable by an off-path attacker. However, since
sbsequent identifications are simply monotonically-increasing numbers
(as a result of counter), the frag id collision rate will be wayyyy
lower than that of simply randmizing the IDs (the collission rate is the
same as that of a global counter).
>> FWIW, the expression in Section 5.3 replaces the "counter" variable
>> (from the simplified expression I wrote above) with an array of
>> counters, such that we can avoid the use of a single global counter (to
>> avoid e.g. [Sanfilippo1998b] and [Sanfilippo1999])
>
> Right, the counter[] contains 8K elements or more where an element is
> randomly selected via a hash function. If that is the case, how does
> the destination know what the next Fragment ID will be?
They are "randomly selected", but, as with F(), for each (src ip, dst
ip), you will always select the same counter. So unless another flow
happens to use the same counter, if you receive one fragmented packet
with a frag ID of "M", the next frag packet will have an ID of "M+1".
(again, the reason for this is as before: reduce the frag id reuse
frequency, so that yu get the same frequency as a global counter, but
without its sec implications).
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- AD Evaluation: draft-ietf-6man-predictable-fragme… Brian Haberman
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Fernando Gont
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Brian Haberman
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Fernando Gont
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Brian Haberman
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Fernando Gont
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Brian Haberman
- Re: AD Evaluation: draft-ietf-6man-predictable-fr… Fernando Gont