Re: [pcp] The reset middleboxes attack
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Sun, 29 March 2015 02:27 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: pcp@ietfa.amsl.com
Delivered-To: pcp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 781F51A1AC1; Sat, 28 Mar 2015 19:27:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UpyOXYFgeCx; Sat, 28 Mar 2015 19:27:36 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D87701A9135; Sat, 28 Mar 2015 19:27:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3209; q=dns/txt; s=iport; t=1427596055; x=1428805655; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7+0phH6TSQp8vTpRJj6IIiEJ8avw0Og7h7sDY8R0Pno=; b=UokxKVUb+4Ul13j+s6zp0+FdCwf3XIBKYxG8VQ11pw9dmoM8KUb2VA5N MbHoeFTWbn384MTFMcrx+AmLK91NoYNI/kaKXK6Ww1jZ0gJLbU5CsckLK ia5D+G0SsCvPUDenD62kT+G6d6SR68Ca4OUCIekkF7Ip1NJyKGf+3xoiE M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CiBQCUYhdV/5NdJa1cgwZSXATDJYIxCoVzAoEfTAEBAQEBAX2EFAEBAQQBAQFkBwsMBAIBCBEEAQELHQcnCxQJCAEBBAENBQgTiBQNym8BAQEBAQEBAQEBAQEBAQEBAQEBAQEXiymERzEHBoMRgRYFimmFc4Nxh1mSXyKBfwIdgVBvgUR/AQEB
X-IronPort-AV: E=Sophos;i="5.11,486,1422921600"; d="scan'208";a="136324692"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-5.cisco.com with ESMTP; 29 Mar 2015 02:27:35 +0000
Received: from xhc-rcd-x09.cisco.com (xhc-rcd-x09.cisco.com [173.37.183.83]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id t2T2RY7w021732 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 29 Mar 2015 02:27:34 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.80]) by xhc-rcd-x09.cisco.com ([173.37.183.83]) with mapi id 14.03.0195.001; Sat, 28 Mar 2015 21:27:34 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Christian Huitema <huitema@microsoft.com>, "spud@ietf.org" <spud@ietf.org>
Thread-Topic: The reset middleboxes attack
Thread-Index: AdBps0lZieRUM/cCRaqTbV+IIDrJUwAE3IjA
Date: Sun, 29 Mar 2015 02:27:33 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A366D2FB6@xmb-rcd-x10.cisco.com>
References: <DM2PR0301MB0655748F52C0984FB6BF8E93A8F60@DM2PR0301MB0655.namprd03.prod.outlook.com>
In-Reply-To: <DM2PR0301MB0655748F52C0984FB6BF8E93A8F60@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.71.143]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pcp/hsVca3T57H90D1HHHkGZD4-J66A>
Cc: Jana Iyengar <jri@google.com>, Eric Rescorla <ekr@rtfm.com>, "pcp@ietf.org" <pcp@ietf.org>
Subject: Re: [pcp] The reset middleboxes attack
X-BeenThere: pcp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PCP wg discussion list <pcp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pcp>, <mailto:pcp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pcp/>
List-Post: <mailto:pcp@ietf.org>
List-Help: <mailto:pcp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pcp>, <mailto:pcp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2015 02:27:37 -0000
These two problems are already addressed in PCP. PCP authentication http://tools.ietf.org/html/draft-ietf-pcp-authentication-07 ensures that only the authenticated and authorized endpoint can open and close firewall pin-holes. PCP https://tools.ietf.org/html/draft-ietf-pcp-optimize-keepalives-05 can also help reduce the NAT and firewall keepalive messages. -Tiru > -----Original Message----- > From: Spud [mailto:spud-bounces@ietf.org] On Behalf Of Christian Huitema > Sent: Sunday, March 29, 2015 5:47 AM > To: spud@ietf.org > Cc: Jana Iyengar; Eric Rescorla > Subject: [Spud] The reset middleboxes attack > > A key design element out of the SEMI workshop was a request to expose session > "start and stop" to the path. The rationale is that middleboxes could then do a > more efficient state management than the current timer-based solutions. The > hosts would also benefit if they can do away with fewer keep alive packets to > maintain the state open in the middleboxes. > > But there is a big issue. The end systems can distinguish between valid and invalid > headers because the crypto ensures authentication of the clear text header. An > attacker capable of packet injection cannot affect the state of the end systems, > because the injected packets will fail the crypto checksum verification and be > discarded. But if the hosts are protected, the middleboxes are not. They do not > have access to the application credentials, and they cannot perform the crypto > checksum verification. This opens the gates for two attacks. > > The first and obvious attack is the "middlebox reset" attack. An attacker injects a > packet with a "stop" mark. Middleboxes on the path see that, and free the state > associated with the session. NAT mapping disappear and firewall opening are > closed. Even if the hosts are capable of rejecting the fake reset, their connection > is still gone, because further packets will be discarded by the middleboxes. > > One of my coauthors (EKR or Jana, cannot remember) suggested a mitigation, > which reminded me of the old "S-Key" scheme. Suppose that the "open" packet > carries a "hash target" T, composed of an algorithm ID (say SHA256) and a binary > string (32 bytes in the case of SHA256). The middleboxes remember that value as > part of their state. We then require that the "stop" packets carry a "hash result" > R, a binary string of arbitrary size. When the middleboxes on path see a reset > packet, they check that H(R) = T. If it does not, they detect a spoofed reset, and > discard the packet. > > I can see that implementers may not be enthusiastic with the additional > complexity. But we would be naïve to just dismiss the attack. We do see > attackers capable of eavesdropping traffic, and then injecting packets "from the > side." I am sure that these attackers would find good use of a capability to nuke > connections at will. > > -- Christian Huitema > > _______________________________________________ > Spud mailing list > Spud@ietf.org > https://www.ietf.org/mailman/listinfo/spud
- Re: [pcp] The reset middleboxes attack Tirumaleswar Reddy (tireddy)