IETF Logo Mail Archive

Re: [quicwg/base-drafts] Path Challenge Padding and Amplification Protection (#4257)

Martin Thomson <notifications@github.com> Tue, 27 October 2020 05:53 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747BF3A159F for <quic-issues@ietfa.amsl.com>; Mon, 26 Oct 2020 22:53:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.101
X-Spam-Level:
X-Spam-Status: No, score=-3.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dOzfbzerjwZ2 for <quic-issues@ietfa.amsl.com>; Mon, 26 Oct 2020 22:53:46 -0700 (PDT)
Received: from out-18.smtp.github.com (out-18.smtp.github.com [192.30.252.201]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B233F3A159E for <quic-issues@ietf.org>; Mon, 26 Oct 2020 22:53:46 -0700 (PDT)
Received: from github.com (hubbernetes-node-051747d.va3-iad.github.net [10.48.112.62]) by smtp.github.com (Postfix) with ESMTPA id CEE78340E8C for <quic-issues@ietf.org>; Mon, 26 Oct 2020 22:53:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1603778025; bh=Iw7cBqzh7swEyaIaJeUXRovqfe7Geqno+s6gNYMA10s=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=EPYVgvfuKyrqSg6LfOyo4k3qlcjvZmBhlxKt+1DBDL14XkzSuucPPDVDX8xqX0Ztt UIBSZzN5m1KnrgmiHkEQxc7AaDtTstzcuF+rJd+jFrcJVQZoBZjkpW5z3MEDvtKtTv kQRKMDHlsPcqIFKENsEjtfTFjdl90IQ4dSKKBG4E=
Date: Mon, 26 Oct 2020 22:53:45 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6MKLQ5VWKGUUZYQEF5UOLOTEVBNHHCWUAGFQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/4257/717001767@github.com>
In-Reply-To: <quicwg/base-drafts/issues/4257@github.com>
References: <quicwg/base-drafts/issues/4257@github.com>
Subject: Re: [quicwg/base-drafts] Path Challenge Padding and Amplification Protection (#4257)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f97b5e9ca447_5319b4716bd"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/1SKGVcE9EsO1f2_5pGg3tV5uRjk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2020 05:53:49 -0000

OK, that helps.  I didn't factor in packet headers in my calculations, but I also allow for multiple probes in response to a single non-probing packet.

What I'm concerned about then is considering the cost of the handshake.  To complete the handshake, you need to send one 1200 byte packet and one packet of about 78 bytes.  For an attack on a single host, this changes the dynamic considerably: you send `1220 + (98 + CID) + (41 + CID)` to get `3*1220`, assuming that you send three probes on new paths.  That's lower than our 3x target even if the connection ID is zero length (2.66).

Even if you amortize that setup cost across multiple targets, the amplification factor isn't as bad as I first thought. If a server probes up to 10 paths (which seems high), then you get `3*1200 / ((1318 + CID) / n + 41 + CID)` which for a CID of 8 bytes and 10 paths is 19.8.  That's much worse, but not so bad as it is spread over multiple paths.

We might limit the number of concurrent path validations, but this is not really going to change anything if they are just strung out.  Only the total amount matters if the attacker is even slightly patient.

I think that there might be some clarifications we can add:

1. Point more clearly to the requirement to limit the sending rate on unvalidated paths after migration.

2. Note that this rate limit applies to each path and that it might be necessary to limit the number of paths that are concurrently validated in this way, either per connection or across all connections (perhaps per destination if you are able).

3. Note that multiple path validations in sequence can still be used to use a single connection to attack multiple targets and that it might be necessary to limit the number of total failed path validations.

On this last point, the total exposure is fixed in total to the number of probes in each failed validation attempt (e.g., 3) times the number of failed validations that the endpoint permits (e.g., 10).  Using 3 and 10 gives the ~20x figure above, which is pretty bad, but not so far out of proportion that it couldn't be managed.  Keep in mind that the attacker needs to do all the crypto of a handshake in order to access that, plus all the protocol logic and timers over two round trips.  All that to get that 20x factor.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/4257#issuecomment-717001767

v2.23.0 | Report a Bug | By Email