IETF Logo Mail Archive

Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)

Martin Thomson <notifications@github.com> Thu, 08 August 2019 04:25 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71ABE120058 for <quic-issues@ietfa.amsl.com>; Wed, 7 Aug 2019 21:25:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8
X-Spam-Level:
X-Spam-Status: No, score=-8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8jlslQMjopbY for <quic-issues@ietfa.amsl.com>; Wed, 7 Aug 2019 21:25:09 -0700 (PDT)
Received: from out-21.smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43D3B12000E for <quic-issues@ietf.org>; Wed, 7 Aug 2019 21:25:09 -0700 (PDT)
Date: Wed, 07 Aug 2019 21:25:08 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1565238308; bh=O30ICfjOFWzIRFgoEqK9lynBgHEJXFr98D/Mc/9KREY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=v0UbMNLtKSTJZPzIOmrDRY0kirp3iCzRrR2X46wnRpot72oWx0CntEuepZyYbuROA c8YMDYEbZmKN2T4Stt2wY36WDZpNTLHWU3HnEURU5bT/nt1tVE+XrGcd3PqNj19dyD Wsqz59joz5wFAHQ8C12j5Za/U/lZbML0XnS7zpfE=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK6QNRLKTF5VCYLLLFF3LDLKJEVBNHHBYGSUE4@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2925/review/272335716@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2925@github.com>
References: <quicwg/base-drafts/pull/2925@github.com>
Subject: Re: [quicwg/base-drafts] Add initial threat model appendix (#2925)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d4ba424600a1_4a8b3f81540cd9641214f4"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/9SkTQXagj66-fhgs4JqkNY1Pcbs>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2019 04:25:12 -0000

martinthomson commented on this pull request.

I'll wait until this is revised before doing the hard stuff.  Some easy comments though to keep things motivated.

> @@ -5753,13 +5753,184 @@ DecodePacketNumber(largest_pn, truncated_pn, pn_nbits):
    return candidate_pn
 ~~~
 
+# Overview of Security Properties {#security-properties}

This is probably better placed as a "Security Considerations" section, with the current text incorporated into this as appropriate (mostly under mitigations).

> +separately.
+
+## Handshake {#handshake-properties}
+
+TBD.
+
+## Short Headers {#short-headers-properties}
+
+TBD.
+
+## Connection Migration {#migration-properties}
+
+Connection Migration ({{migration}}) provides endpoints with the ability to
+transition between IP addresses and ports on multiple paths, using one path at a
+time for sending non-probing frames.  Path validation helps to establish
+bidirectional connectivity with the peer over a new path and prevents source

The purpose of path validation is to establish that a peer is both willing and able to receive packets sent on the path.  This helps reduce the effects of address spoofing, by limiting the number of packets sent to a spoofed address, unless an attacker is able to also receive packets sent to that address.

> +## Handshake {#handshake-properties}
+
+TBD.
+
+## Short Headers {#short-headers-properties}
+
+TBD.
+
+## Connection Migration {#migration-properties}
+
+Connection Migration ({{migration}}) provides endpoints with the ability to
+transition between IP addresses and ports on multiple paths, using one path at a
+time for sending non-probing frames.  Path validation helps to establish
+bidirectional connectivity with the peer over a new path and prevents source
+address spoofing from being used in a denial-of-service attack.  Migration is
+further restricted to be initiated only by QUIC clients.

I think that this is not a security property as much as it is a correctness or simplicity choice we made.  You can drop this sentence.

> +
+An on-path attacker is present between the QUIC client and server, and an
+endpoint is required to send packets through this attacker to establish
+connectivity on a given path.
+
+An on-path attacker can:
+
+- Inspect packets
+- Modify unencrypted packet headers
+- Inject new packets
+- Delay packets
+- Drop packets
+
+An on-path attacker cannot:
+
+- Modify encrypted packet payloads

Mike's point is excellent.  The point is that packets are authenticated.

> +attacks, requiring injection of packets into the network, as described in
+{{?RFC3552}}.
+
+### On-Path Attacker
+
+An on-path attacker is present between the QUIC client and server, and an
+endpoint is required to send packets through this attacker to establish
+connectivity on a given path.
+
+An on-path attacker can:
+
+- Inspect packets
+- Modify unencrypted packet headers
+- Inject new packets
+- Delay packets
+- Drop packets

Another point on capabilities - an on-path attacker can split datagrams that contain multiple packets and merge packets into a single datagram.

> +
+This section describes the intended security properties of connection migration
+when under attack by the following attackers.  These attackers all mount active
+attacks, requiring injection of packets into the network, as described in
+{{?RFC3552}}.
+
+### On-Path Attacker
+
+An on-path attacker is present between the QUIC client and server, and an
+endpoint is required to send packets through this attacker to establish
+connectivity on a given path.
+
+An on-path attacker can:
+
+- Inspect packets
+- Modify unencrypted packet headers

```suggestion
- Modify IP and UDP packet headers
```

> +An on-path attacker can:
+
+- Inspect packets
+- Modify unencrypted packet headers
+- Inject new packets
+- Delay packets
+- Drop packets
+
+An on-path attacker cannot:
+
+- Modify encrypted packet payloads
+
+In the presence of an on-path attacker, QUIC aims to provide the following
+properties.
+
+1. An on-path attacker can interrupt a QUIC connection, causing it to fail if it

The attacker doesn't interrupt the connection as much as it can prevent use of the path for that connection.

There is a special case for connection establishment that needs to be called out separately, in that an attacker can prevent connection establishment with much less interaction (i.e., it doesn't need to disrupt every packet).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2925#pullrequestreview-272335716

v2.30.2 | Report a Bug | By Email | System Status