Re: Pseudorandom Flow Labels

Shane Amante <shane@castlepoint.net> Wed, 06 April 2011 21:43 UTC

Return-Path: <shane@castlepoint.net>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8560528B797 for <ipv6@core3.amsl.com>; Wed, 6 Apr 2011 14:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.561
X-Spam-Level:
X-Spam-Status: No, score=-2.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLEpVTELKJCC for <ipv6@core3.amsl.com>; Wed, 6 Apr 2011 14:42:50 -0700 (PDT)
Received: from dog.tcb.net (dog.tcb.net [64.78.150.133]) by core3.amsl.com (Postfix) with ESMTP id 489803A67E3 for <ipv6@ietf.org>; Wed, 6 Apr 2011 14:42:50 -0700 (PDT)
Received: by dog.tcb.net (Postfix, from userid 0) id 13EAF26803D; Wed, 6 Apr 2011 15:44:34 -0600 (MDT)
Received: from host2.tcb.net (64.78.235.218 [64.78.235.218]) (authenticated-user smtp) (TLSv1/SSLv3 AES128-SHA 128/128) by dog.tcb.net with SMTP; Wed, 06 Apr 2011 15:44:34 -0600 (MDT) (envelope-from shane@castlepoint.net)
X-Avenger: version=0.7.8; receiver=dog.tcb.net; client-ip=64.78.235.218; client-port=51228; data-bytes=0
Subject: Re: Pseudorandom Flow Labels
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Shane Amante <shane@castlepoint.net>
In-Reply-To: <4D9CAF52.9050805@gont.com.ar>
Date: Wed, 6 Apr 2011 15:44:33 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <87F2B923-3FC6-4879-8C81-B9C283AC5EA0@castlepoint.net>
References: <BD901061-96AC-4915-B7CE-2BC1F70861A5@castlepoint.net> <201104052036.p35KaoHV019253@cichlid.raleigh.ibm.com> <4D9CAF52.9050805@gont.com.ar>
To: Fernando Gont <fernando@gont.com.ar>
X-Mailer: Apple Mail (2.1084)
Cc: Thomas Narten <narten@us.ibm.com>, 6man List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2011 21:43:08 -0000

Fernando, Thomas,

On Apr 6, 2011, at 12:22 MDT, Fernando Gont wrote:
> Thomas,
> 
> On 05/04/2011 05:36 p.m., Thomas Narten wrote:
>> Case in point about how we are being *extremely* loose in using the
>> term "pseudo random".
> [....]
>> Part of my objection to the term "pseudo random" is that the term has
>> not been defined within the context of the Flow Label.
> 
> You raise a very good point, indeed. For instance, when we talk about
> e.g. "port randomization", we're really talking about "producing port
> numbers that are unpredictable by off-path attackers".
> 
> To make this terminology issue worse, it has been argued a few times (by
> some mathematician IETFers) that the properties that we need for the
> "hash" functions in the hash-based algorithms are really that of PRFs
> (Pseudo Random Functions) (i.e., hash functions being a specific example).
> 
> In summary, I agree with the terminology issue that you've raised. I'd
> probably argue that the best way to go is to specify which properties we
> want for Flow Labels, such as they have been specified for port numbers
> in RFC 6056. Namely:
> 
> * We want Flow Labels that unpredictable by off-path attackers (history
> has taught us that this is a good proactive measure)
> * We want an algorithm for generating FL that produces FLs that do not
> repeat with a high frequency (i.e., they are distributed normally)

I like your (attempt at) a more precise definition that Thomas has been asking for.

I would think another desirable property of (host-generated?) flow-labels might be that, by default, they strive to preserve privacy of the transmitter.  IOW, flow-labels cannot be used to track individuals (over time), because they are traceable back to a particular implementation or, worse, a specific device.


> One possible algorithm for achieving these properties is calling a
> random()-like function. But there are others, such as the hash-based
> algorithms specified in draft-gont-6man-flowlabel-security.

Right.

-shane


> Thanks,
> -- 
> Fernando Gont
> e-mail: fernando@gont.com.ar || fgont@acm.org
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> 
> 
> 
>