Re: [multipathtcp] Fwd: I-D Action: draft-bagnulo-mptcp-attacks-00.txt
Alan Ford <alan.ford@gmail.com> Wed, 31 July 2013 15:01 UTC
Return-Path: <alan.ford@gmail.com>
X-Original-To: multipathtcp@ietfa.amsl.com
Delivered-To: multipathtcp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32ED121F859A for <multipathtcp@ietfa.amsl.com>; Wed, 31 Jul 2013 08:01:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJVOVTGgZjR8 for <multipathtcp@ietfa.amsl.com>; Wed, 31 Jul 2013 08:01:48 -0700 (PDT)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id 68DDA21F8BE6 for <multipathtcp@ietf.org>; Wed, 31 Jul 2013 08:00:56 -0700 (PDT)
Received: by mail-wi0-f177.google.com with SMTP id hq12so764279wib.4 for <multipathtcp@ietf.org>; Wed, 31 Jul 2013 08:00:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ZLN90m79+fr2mI+QK6+i66ToqLIHl8nrbXdr/jOhkW0=; b=kkPRcAkY2IkQxbq5VfaCuESBh0un+l8frP40liRzwMulcZB0u91uZ4pQX1WS6A2Bsp t8JLv8kD3qxVUtvTFIAq9Se/fvc7VqEWVa4MXYSHz7riSY9gSzryyoYXxTG4OsydHDC2 N2Mb56BfikTBVIQ/SY+oHLFrwDUROfK/mWiENO3FKb/lYUuvpDbLS6ex8kWDogYuMbRT j/AjQYQRFRSZqDFvm+u0+s7JpzGYMBvf9VBIjC/kJZZXfHbzS8QxNoYGmy8JabGhij0h WVPkaoNBr5iYsxHBZfYyLjW6ifh0X+JThegQcgFdT53xgI9s8AfxxVoDznMlCnSLLRkW PfMQ==
MIME-Version: 1.0
X-Received: by 10.194.58.239 with SMTP id u15mr49960819wjq.87.1375282855420; Wed, 31 Jul 2013 08:00:55 -0700 (PDT)
Received: by 10.216.20.196 with HTTP; Wed, 31 Jul 2013 08:00:55 -0700 (PDT)
In-Reply-To: <51E4E881.1080206@it.uc3m.es>
References: <20130714200737.6455.95956.idtracker@ietfa.amsl.com> <51E4E881.1080206@it.uc3m.es>
Date: Wed, 31 Jul 2013 16:00:55 +0100
Message-ID: <CAOs_kTa6p95B6DjFpTdKWDE9rynxohy7OcR2_aruFxRFUa-LXg@mail.gmail.com>
From: Alan Ford <alan.ford@gmail.com>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
Content-Type: multipart/alternative; boundary="047d7ba97b94102c9004e2cffe4b"
Cc: Multipath TCP Mailing List <multipathtcp@ietf.org>
Subject: Re: [multipathtcp] Fwd: I-D Action: draft-bagnulo-mptcp-attacks-00.txt
X-BeenThere: multipathtcp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-path extensions for TCP <multipathtcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/multipathtcp>
List-Post: <mailto:multipathtcp@ietf.org>
List-Help: <mailto:multipathtcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/multipathtcp>, <mailto:multipathtcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 15:01:50 -0000
All, If we as a WG feel that this is a sufficiently large risk (and the general feeling I got from the meeting yesterday is that it probably is - although the probabilities do seem small, the impact of a successful attack is large), let's look at the practicalities of the solutions. Taking the two practical options: Option 1: Include token of receiving host (let's call them B) in ADD_ADDR. Costs: * 4 bytes additional Impact: * Requires attacker to have seen an MP_JOIN or MP_CAPABLE packet, or guess a 2^32 number Option 2: Include HMAC(Key-B, New_IP_Addr) Costs: * 8 bytes additional (arbitrarily picked 64-bit truncated HMAC here, like MP_JOIN, but it could be shorter) Impact: * Requires attacker to have seen MP_CAPABLE exchange, or guess as 2^64 number We would (just!) have space for either option in the remaining TCP option space. Option 2 seems to have better security. However, the only thing that worries me about Option 2 is that it means a middlebox cannot legitimately insert an ADD_ADDR if it has not seen the original MP_CAPABLE: say it was a middlebox on a secondary subflow only, it would only know the token. But if it wanted to allow an end host to connect out to another of its addresses, it would not be able to do this. Whether that is a legitimate use case I am not sure yet; right now I can't see it being a huge loss to remove this capability while introducing better security. But for now, this is still an open issue. A minor oversight in 6824, too: we also seem not to have cited RFC5961 directly, but rather via the TCP security survey draft. Hopefully the requirement is nevertheless clear to implementers. Regards, Alan On 16 July 2013 07:30, marcelo bagnulo braun <marcelo@it.uc3m.es> wrote: > Hi, > > We have submitted a new draft discussing some residual attacks we > identified in MPTCP spec. > Comments are welcome. > > Regards, marcelo > > > > -------- Mensaje original -------- Asunto: I-D Action: > draft-bagnulo-mptcp-attacks-00.txt Fecha: Sun, 14 Jul 2013 13:07:37 -0700 De: > internet-drafts@ietf.org Responder a: internet-drafts@ietf.org Para: > i-d-announce@ietf.org > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : Analysis of MPTCP residual threats and possible fixes > Author(s) : Marcelo Bagnulo > Christoph Paasch > Fernando Gont > Olivier Bonaventure > Costin Raiciu > Filename : draft-bagnulo-mptcp-attacks-00.txt > Pages : 16 > Date : 2013-07-14 > > Abstract: > This documents performs an analysis of the residual threats for MPTCP > and explores possible solutions to them. > > > The IETF datatracker status page for this draft is:https://datatracker.ietf.org/doc/draft-bagnulo-mptcp-attacks > > There's also a htmlized version available at:http://tools.ietf.org/html/draft-bagnulo-mptcp-attacks-00 > > > Internet-Drafts are also available by anonymous FTP at:ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing listI-D-Announce@ietf.orghttps://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > _______________________________________________ > multipathtcp mailing list > multipathtcp@ietf.org > https://www.ietf.org/mailman/listinfo/multipathtcp > >
- [multipathtcp] Fwd: I-D Action: draft-bagnulo-mpt… marcelo bagnulo braun
- Re: [multipathtcp] Fwd: I-D Action: draft-bagnulo… Alan Ford