IETF Logo Mail Archive

Re: [Masque] Forwarded Mode infinite loops

Ben Schwartz <bemasc@meta.com> Fri, 20 October 2023 16:53 UTC

Return-Path: <prvs=36575d06e7=bemasc@meta.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92573C15108C for <masque@ietfa.amsl.com>; Fri, 20 Oct 2023 09:53:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.803
X-Spam-Level:
X-Spam-Status: No, score=-2.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FcXuvPi4i94 for <masque@ietfa.amsl.com>; Fri, 20 Oct 2023 09:53:26 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADDBBC151084 for <masque@ietf.org>; Fri, 20 Oct 2023 09:53:26 -0700 (PDT)
Received: from pps.filterd (m0109333.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 39KEgK14005922; Fri, 20 Oct 2023 09:53:25 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=s2048-2021-q4; bh=aYpJ7ivUwYQBuR6R+v0ZRN5e9h9N8aTBmiqcK9gQdD4=; b=g08rTK4oGQ7OxA4mEmI7AtbaLcSL4uOYhSq28rbD/U4Zt3dbZqUVA+q/0omMJ1r5V5eK G2CB38ZFzBikalQJFGsG+7sqlD5iL6YK36YOwn/jfhENP/X96CHLv3l62Ds3O2Wla+AQ KOg4hd6qB2Ppo8kn3Ew2YuT/bVDxI24SBqAI7zm3VPxHPMW6yeEdpXCu1haojmQKU7+j xR1tjB7+vDTsoTsV7EHC5VM9p7CwBsdyGKeUoKviq8tI63MIPW2A747xC9SKbGSu6U+R 8RGMxmRWbof45Im/z7WiKkKgCMig/QoYe46dIANyBj3QvuRlkSb3txbl3Bh3Mq6/z+Yz eA==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3tuuhrh00j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Oct 2023 09:53:25 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lbs67uFtofHeh4JnqenWc9zGsA2qlD+OKUaVmi8e5DgnCJof1IybbSDXB1J4XgtIJAwewyHfc3XMZwZ93kzeP9k7pjEFiamHbYzqkne5xA2M3TYtHNWsSgEF4KaNOKbV0Hcz45kdkskAWThMrA/yCqyEn+bQmRhc7q/KhMy4wT6J7lpJHT2hIXgKMUb+mEhUK8Qm9Nt7PN0craAd/oglrr7pucHSDelB+/3URx4Kiyp0Fkp98jZr8v07mMTsX6lfqcb3nhogTVPp0gABsX5m17FUnizkmwMWTBQYxkv+Ive85/DmtEG7UZ1h4Gb9rzRf43WLcmNjLWAhL1BD35i0RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ckZtcCrBD83KScFfY6O6aWjXc89gtN7kH4oPMrCdHp0=; b=G8sEAqwQqSpyrMFAfITb43OLSPke30L+QevLmIovkDN4WeHMu6elO34k3vSwm7VFJHoAT314w54uog4XZd5Pf9uE8583v9xvwxABJ2QzTISissz1Llb+ROkkyJxUZAefmGbz6Zc2BUgWHJibV3GiQyx3FY9iHFz+Af2r01YWCPCO476/QuPm/Eoq4BQbYpPTn2jMsiVSVpksazFnLEUg+Y6fjNM4PK8Gxpvwdl0C/3emUr0++drBvWnxg5crORqOpo457TW19+vXfYYsB4vsWtdHRLJkUSfIy31RJzMxX78LoAEAKY6BOcSDCDz8X5ny2JoOICbtOCk3JcDNm76aWg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from BN8PR15MB3281.namprd15.prod.outlook.com (2603:10b6:408:aa::24) by PH8PR15MB6091.namprd15.prod.outlook.com (2603:10b6:510:253::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.11; Fri, 20 Oct 2023 16:53:22 +0000
Received: from BN8PR15MB3281.namprd15.prod.outlook.com ([fe80::d9e2:fc18:82fa:fd56]) by BN8PR15MB3281.namprd15.prod.outlook.com ([fe80::d9e2:fc18:82fa:fd56%5]) with mapi id 15.20.6863.043; Fri, 20 Oct 2023 16:53:22 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Martin Duke <martin.h.duke@gmail.com>, MASQUE <masque@ietf.org>
Thread-Topic: [Masque] Forwarded Mode infinite loops
Thread-Index: AQHaAgmezUI5C2Jo1kydYUxmv4AKKbBS4ots
Date: Fri, 20 Oct 2023 16:53:22 +0000
Message-ID: <BN8PR15MB3281FF073C549E3A39DD087BB3DBA@BN8PR15MB3281.namprd15.prod.outlook.com>
References: <CAM4esxRzTu=njLp7Uk=4AvObxD5j0FG1fQHKtoyDGFWF7q1jdg@mail.gmail.com>
In-Reply-To: <CAM4esxRzTu=njLp7Uk=4AvObxD5j0FG1fQHKtoyDGFWF7q1jdg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN8PR15MB3281:EE_|PH8PR15MB6091:EE_
x-ms-office365-filtering-correlation-id: cf815a57-3b95-4531-5d45-08dbd18d122e
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dxZ8nMSHtrrPZkhFgKOgDjzORdTLFu2LEzeu7DN1V1vjbywps7vxwGuIJswpBElqBU3MCuj7zFkbf1F0scztzbrNZt5MVqyVrHBhrfd08JgKWYh81hfCMeJ/EuF6cDWFrN5dkHVEQe5/yXo0UHoUjYJONbj74szkFTBhqsSIGjdsxRTnsKgOYKv0py6plzyY6WsFuNpOfBLElF0GJOZsXHrA0x8XtxPkXxhRXNToi7VJmQGQozLDcWnyZGbIikWkzZnLU3d8V7pWBCyQ3QxrpM21Wx5HV33i34MIvOL4OFnMwU0XSfBRxQnuH6gMh7rKPrFKkzceK2AUzjfDGuj04nWpKNRAsIq3lZrrh5CfoJwmJ0TZuW9u0/vJfV4YTsO2R9twgLWUok+UnhWXdDOknmisetCHIxFBBOjteL8YMR5HUK1In2TY63cYUHzY/0C63FLfP3SDxVKeU2u0GJTWs1jO6x0blD0pkGpVxQOe4Z+I03iXFeR6CCo8tw+/UkCrkSi2WkzVhCb9Plvx0LndUfBLipb0pagjxSW3MERd3PbbecvgljOtfouxTNz4Hr4XO84YAsop2yZSPdACJYiy55IezJxa4ywJwKXiVqn3i1jZL2aOX4h38IPrbo+DbLRo
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR15MB3281.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(136003)(39860400002)(366004)(396003)(346002)(376002)(230922051799003)(451199024)(64100799003)(1800799009)(186009)(55016003)(7696005)(6506007)(8936002)(9686003)(71200400001)(53546011)(83380400001)(41300700001)(5660300002)(8676002)(52536014)(2906002)(478600001)(76116006)(66446008)(110136005)(66946007)(64756008)(91956017)(66556008)(66476007)(316002)(122000001)(86362001)(38100700002)(38070700009)(33656002)(19627405001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HKkxfxw/5aHrb9cBs+QPw16riieUKHhXrwX91vTnLP6tCcvPMjtl/s/dCNu95n63zIsaV9pTDospPq6aTPIR3jr4nXe5IjTJQG/ZXzb5NDrGSyUERP7otafXlYxXGpO39+d6+PG5RYGW6lSZgdpCgBKxkZGrt4OrMwj8+CZayrW+Jt7GwlrxDWOi8zUg7HU1xWTVJbAwj0DzPPdhYttpuNsEi/ffHvHrcMlAI2IkP/bkHrJikOCJkj9+CVI1IIkdG2oxc7b64LvcmW51AvLQO9FzYOus/MNDzrMRvkZlJ/TqhOl6KElRRAYoJXfK8W6iSpW/QQDQdMszySZMCHJ/KHPghTu/wI8mnzhcH0E8b1f52Z4ecuofZx+SHGzA5eXgUCHzhpEiVa8MCYhWggDAX5e5+0e/4/vLa5FKG1nA6BXzZNxuVvCFF6kDQtfMEXDRKWQadyhtu6+NM/sTt6pcviV59yTBkFCl8bV0jZN+wB5pwp0xDwXn3ovj5ylo//M09DWXKWOjWD6CzNl4bwpPRsKOXG7PH2VTtMhcfCiMe5LcIWcLexXOQVjjWWvu8Sa1bAYZF//ki/UR+cZ87uiJks4lM+ZxdGM9GzAoA7//oen3cwcVotJVEDy9s2vjhLjBVXVNCXHZNbCWBtj2c07hi+DBTR7knb1FXvQeyIjKg3PhR6ecxsWPhsEAOfJ1oX7cXfKrjQqunu8kUUNMJ0Vb2f2N9ZRWOs/eXl/31iiayu4v8G/y2AL9XMZ4rbP5Xp/d1TAAdTFxGsbav7pdtYJ26MmAx52NHgiw6iGRt7IBovBcRdMh4SQj1FLAv5aFjSnFWtyhRtiI4op4vXkVPez80a51lavfl4DUrqWRpkuT76fk3w8FXVBkzENkso69Ube8CId6b2rXiY4LTD+m3BmzTST4pm/Rc3UtLG6c3z39HmX4T51JdIe7LisMGY8SXsc3V3tpvgKKT6NcCz8ugKGutjE9X2u9b5WQ/80hvbfrzF09MaadXOcE4XYr+U2ZNRrANj77uWUTIcZzTeoNqPQkPajhnPZB1uVSibEG7CtEh+qJ1EvYBxGszJkOa/lXizHwV61ksBRGqi5jOg4DUSfsFKGAFnSCGPmvEpttHJMxItdRJ053epxYYQaMZI8T1ikL3qMhfFOceeKXfp96TEDc+U+5u132ZJDZuHZDvEcCoOmD8yNJ2Cxy5mRMmg09id06jiyth+VyvdXI216XjiYOAfWlqhw2D/3+eR+YVRaq4xXtU7cUO2cDTm8/tC9OIzQDzEWtF1M2OycKjUs2M2xxp6YXXM/uRN9JsrnQePFTBjSBP9hP4ZJ2+u2tVVxjLjFDKOddJt1B9dEJlzvjk4XoePsF3c0UXe7+yFaz7tVQp+O2gK/vuK82xYvdJud7d8Typg/QH/8JFnLBYz1g1aNoh4Yut+EGyS/C8ejAX7E/2VpQy6Hju6CSu2ocHmzYd2l8SRKxo7ZEx6fTGo5Zf9uJsbFa6cxDFYqYELvtAPYd5QdSSfPxICKULyKWR/fcuLhExGxS0PyW8UUPDorpptt5/GbzYQJ5B4Uv/TtrSjfKeBzRYcrVLqOj0lDRqLJXYIwb
Content-Type: multipart/alternative; boundary="_000_BN8PR15MB3281FF073C549E3A39DD087BB3DBABN8PR15MB3281namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR15MB3281.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cf815a57-3b95-4531-5d45-08dbd18d122e
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2023 16:53:22.8514 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LhWxjZarz6LkusDH41Q6xbdC2LCqzKu6+nvoLGqU1tpxBWv/tow+4YX7d4IBfJO+
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR15MB6091
X-Proofpoint-ORIG-GUID: 1xXSXzS2uTDn3XlaV9irRWF6ePmmte-x
X-Proofpoint-GUID: 1xXSXzS2uTDn3XlaV9irRWF6ePmmte-x
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-20_10,2023-10-19_01,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/mtemwvUPtEni3zBxP27r1cm8E6Q>
Subject: Re: [Masque] Forwarded Mode infinite loops
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2023 16:53:30 -0000

Loops!  This is a fun attack.  It seems like there are probably lots of loopy configurations if you have access to two or more proxies.

Most of the encryption discussion for forwarded mode has focused on unauthenticated encryption, which wouldn't help here.

Changing who chooses the Connection IDs could help, but proxy-chosen CIDs are not necessarily high entropy, so there's no clear guarantee.

Ultimately, I'm not sure this matters.  A hostile client can impose pretty much arbitrarily amplified load on the forwarder anyway, e.g. by downloading a large file and forging ACKs to dropped packets so that congestion control ramps up to infinity.  Forwarders will need defenses to rate-limit or cap abusive clients.  That said, it's probably worth fixing if there's an easy solution.

--Ben
________________________________
From: Masque <masque-bounces@ietf.org> on behalf of Martin Duke <martin.h.duke@gmail.com>
Sent: Wednesday, October 18, 2023 5:25 PM
To: MASQUE <masque@ietf.org>
Subject: [Masque] Forwarded Mode infinite loops

Hello MASQUE, (with no hats on) I was playing with some annoying but manageable amplification attacks on CONNECT-UDP forwarding mode. Those will have to wait for another day, because the current draft has a fatal vulnerability, though one that

Hello MASQUE,

(with no hats on)

I was playing with some annoying but manageable amplification attacks on CONNECT-UDP forwarding mode. Those will have to wait for another day, because the current draft has a fatal vulnerability, though one that we can fix pretty easily.

If I've gotten something incorrect, please say so! It wouldn't be the first time.

Recall that for forwarded mode, clients notify the proxy of the connection ID they are advertising to the target, and in the same capsule propose a "virtual connection ID" for use on the proxy-client path. (IIUC, this virtual CID is to prevent association of the packets on either end of the proxy).

I reiterate that we are talking about the CLIENT connection ID and its virtual counterparts, not the target.

Consider the following very stupid topology that a client C could construct to target T via various proxies. Crucially, P2 and P3 are from the same provider and share a VIP.* This wrinkle eliminates some really simple mitigations for what I'm about to describe.

C -> P1 -> P2 -> P1 -> P3 ->  T

An otherwise well-intentioned client would advertise client Connection ID CID0 to T, and via REGISTER_CLIENT_CID capsules might set up the rest like so:

Nodes        C     P1     P2    P1    P3     T
CID on wire    CID4   CID3  CID2  CID1   CID0

So far, so good. A packet that leaves T will be destined for CID0. The destination CID will be rewritten in turn, arriving at C with CID4.

However, a malicious client can register CIDs with the proxies as follows:
Nodes        C     P1            P2      P1      P3     T
CID on wire    CID4   CID3 / CID1    CID2    CID1   CID0

The only change is that P2 is "incorrectly" configured by the client to rewrite incoming CID2 as CID1. As far as P2 is concerned, everything is seems legit unless it is sharing enormous amounts of CID state with its partner P3. Everything else is unchanged.

Thus, a packet leaving T with CID0 will be rewritten to CID1 and routed to P1;  P1 will then route it to P2 with CID2. Then that gets routed back to P1 with CID1, and the P1-P2-P1 loop continues to infinity. The attacker can put as many proxy hops as it likes in that chain.

There are a few pretty simple things that can break this doom loop.
- Do encryption at each MASQUE hop, as previously proposed. This verifies the previous hop of the packet and drops those where the CID does not have the correct origin.
- Have the proxy provide the virtual CID instead of the client. Client control is the root of these problems.
- Eliminate virtual client CIDs and just take the L on linkability in that case

Martin

* Interestingly, this attack requires at least one proxy in the path (P1 in this case) to not be load balanced or have an easily manipulated load balancer, so that two QUIC connection attempts can with high probability go to the same device.

v2.23.0 | Report a Bug | By Email