IETF Logo Mail Archive

Re: AD Evaluation: draft-ietf-6man-predictable-fragment-id

Brian Haberman <brian@innovationslab.net> Mon, 24 August 2015 13:00 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DAA31B345F; Mon, 24 Aug 2015 06:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VlnR--zKHlai; Mon, 24 Aug 2015 06:00:23 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDFDC1B347D; Mon, 24 Aug 2015 06:00:21 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id B8522880F5; Mon, 24 Aug 2015 06:00:21 -0700 (PDT)
Received: from clemson.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 5A393328081A; Mon, 24 Aug 2015 06:00:21 -0700 (PDT)
Subject: Re: AD Evaluation: draft-ietf-6man-predictable-fragment-id
To: Fernando Gont <fgont@si6networks.com>, draft-ietf-6man-predictable-fragment-id@ietf.org, "ipv6@ietf.org" <ipv6@ietf.org>
References: <55D76AFD.2070000@innovationslab.net> <55D7D577.3010301@si6networks.com> <55DB0B87.5030200@innovationslab.net> <55DB1172.9030901@si6networks.com>
From: Brian Haberman <brian@innovationslab.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <55DB155C.5020500@innovationslab.net>
Date: Mon, 24 Aug 2015 09:00:12 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <55DB1172.9030901@si6networks.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="54wmxctvufCc4kGkVVNJ0GAMaXJSFl3xV"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/96SvRhLhaDjCcskwCNcLopXd3B8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 13:00:25 -0000


On 8/24/15 8:43 AM, Fernando Gont wrote:

>>>> * Section 5.3's discussion of a hash-based id generation scheme says
>>>> this in the drawbacks:
>>>>
>>>>    o  Since the Fragment Identification values are predictable by the
>>>>       destination host...
>>>>
>>>> How are the ID values predicted by the destination host?  The source is
>>>> using secret values that presumably are not shared with the destination.
>>>> So how does this prediction work?
>>>
>>> These Frag ID values are predictable because the hash-based approach
>>> leads to a monotonically-increasing sequence (e.g., 1, 2, 3, 4) then
>>> it's easy to predict the sequence *by the destination host*. Of course,
>>> such sequence is not predictable by an off-path attacker.
>>>
>>
>> Monotonically-increasing?  The text in 5.3 clearly says:
>>
>>    With such a scheme, the Fragment Identification value of
>>    each fragment datagram would be selected with the expression...
>>
>> That, to me, indicates that each time a Fragment ID is generated, the
>> hash function is invoked.  How is it monotonically increasing if the
>> hash is invoked for each packet being fragmented?
> 
> A simplified version of the expression in Section 5.3 would be:
> 
>    Identification = F(Src IP, Dst IP, secret1)  +  counter.
> 
> 
> If you're receiviving packets from the same src IP, to your same dst IP,
> those two addresses will be constant. secret1 is also constant. Then the

Where in the text does it say that secret1 is constant?

As I noted in my last comment, it seems like the Fragment ID is
re-generated any time a Fragment Header is needed.  Is there any reason
why secret1 couldn't/shouldn't be changed each time a Fragment Header is
needed?


> expression results in:
> 
>  ID= F() + counter = random_number +  counter
> 
> 
> for each (src IP, dst IP) (whre "counter" is a variable that is
> incremented for each fragmented packet that is sent). Hence successive
> packets will contain monotonically-increasing IDs (say {1, 2, 3..} ,
> {345556, 345557, 345558,..} or whatever ).
> 
> 
> FWIW, the expression in Section 5.3 replaces the "counter" variable
> (from the simplified expression I wrote above) with an array of
> counters, such that we can avoid the use of a single global counter (to
> avoid e.g.  [Sanfilippo1998b] and [Sanfilippo1999])

Right, the counter[] contains 8K elements or more where an element is
randomly selected via a hash function.  If that is the case, how does
the destination know what the next Fragment ID will be?

Regards,
Brian

v2.23.0 | Report a Bug | By Email