IETF Logo Mail Archive

[quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)

MikkelFJ <notifications@github.com> Wed, 30 January 2019 22:41 UTC

Return-Path: <bounces+848413-a050-quic-issues=ietf.org@sgmail.github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CF01130EBD for <quic-issues@ietfa.amsl.com>; Wed, 30 Jan 2019 14:41:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.149
X-Spam-Level:
X-Spam-Status: No, score=-6.149 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JfgMaxXnrKdu for <quic-issues@ietfa.amsl.com>; Wed, 30 Jan 2019 14:41:43 -0800 (PST)
Received: from o1.sgmail.github.com (o1.sgmail.github.com [192.254.114.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A201130EAE for <quic-issues@ietf.org>; Wed, 30 Jan 2019 14:41:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=DNGKoFufGuvESgpqts8lbXMCCUs=; b=pVIQIx0QxxEJ0D8k 23EvNgHDOo7OrM48dfQ9nRNfV6I75GppPCeMSWLHtGQvghNs8wJUEZNN00Ogb50z 0zIr5AsNs6ZuFRrNrkPWcH9UQw3Q7z3VtXskLsAlm4BXetHe0KTPhLlXpm3HIt9c M/LVC0z9Ak5cZV33BC2pvw724lI=
Received: by filter1188p1las1.sendgrid.net with SMTP id filter1188p1las1-8994-5C522826-2 2019-01-30 22:41:42.062240255 +0000 UTC m=+87373.218615856
Received: from github-lowworker-56a5eb2.cp1-iad.github.net (unknown [192.30.252.33]) by ismtpd0009p1iad2.sendgrid.net (SG) with ESMTP id I_059JXMSDCylG8IP8cXOA for <quic-issues@ietf.org>; Wed, 30 Jan 2019 22:41:42.175 +0000 (UTC)
Received: from github.com (localhost [127.0.0.1]) by github-lowworker-56a5eb2.cp1-iad.github.net (Postfix) with ESMTP id F1B7EC11AB for <quic-issues@ietf.org>; Wed, 30 Jan 2019 14:41:41 -0800 (PST)
Date: Wed, 30 Jan 2019 22:41:42 +0000
From: MikkelFJ <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4abb772684d4eeb88a8ef239dfe1aca5d55f6db5fd992cf000000011869ea2592a169ce1823c7c2@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/2394@github.com>
Subject: [quicwg/base-drafts] Spoofed retry token attack on IP authentication (#2394)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c522825f0735_528d3fdf818d45b41914dc"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
X-SG-EID: l64QuQ2uJCcEyUykJbxN122A6QRmEpucztpreh3Pak2KNiRu6K6kk9SmryKYj1YMGbshOVJ76ozzNk 9B5uzho6+FaX93mpDkbVwqg9nhqo4caaM0aVLzLmjd7w5P+Di6T1y4OwwA4hgzy7lIsXUrJs0VgPWs jESXXc2s3ttD7Lq2euDgle78ByI5M8z6gmCB34EvkrmCKR1lE/3hbE9SbA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/CNEhp1CcRWiRBmDsanSeVsVBurE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2019 22:41:44 -0000

If a Man on the Side attacker (A) is able to observe a Retry token from server (S) intended for a legitimate client (C), then (A) can either race (C) to use the token, or hope that the token can be reused within a limited time frame and use the token if if (C) has already done so.

(A) can now start a new apparently legitimate connection by spoofing the source address to that of (C) since it can observe packets sent to that address.

If (S) issued the Retry token in the hope of verifying that it speaks to a trusted machine on the network, then (A) might be able escalate privilege to that of (C).

The defence would be for (S) to not authenticate (C) based solely on its IP, but the Retry facility might lead some operators to believe that a Retry is a reasonably safe identity mechanism.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/2394

v2.23.0 | Report a Bug | By Email