IETF Logo Mail Archive

Re: [quicwg/base-drafts] Handling of duplicate packets (#1405)

Magnus Westerlund <notifications@github.com> Mon, 18 June 2018 11:23 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 605A3130E96 for <quic-issues@ietfa.amsl.com>; Mon, 18 Jun 2018 04:23:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.01
X-Spam-Level:
X-Spam-Status: No, score=-8.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xZpfqwFuhuO for <quic-issues@ietfa.amsl.com>; Mon, 18 Jun 2018 04:23:22 -0700 (PDT)
Received: from out-2.smtp.github.com (out-2.smtp.github.com [192.30.252.193]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C53C124BE5 for <quic-issues@ietf.org>; Mon, 18 Jun 2018 04:23:22 -0700 (PDT)
Date: Mon, 18 Jun 2018 04:23:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1529321001; bh=omLdYLYhFm7V1XNRsW7XFoxX93oTY7B9pJQcxWP204E=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=AC5laH7lnmkqbgplEHFWHIov1F/ucZMOnkLJsL20M8EuU+J4edJgO1nQAf6M3h6+L +eFWzZpBifKQ5u9q7IYa76AN2hts6rKMcITEDZbhU7b/EsFyLOHXlz9WCfiDjLpYRZ RlKLAIsINOHR/oGQf1f7GI+U3IQZSTVW8iBYnabg=
From: Magnus Westerlund <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9ad71e599ba9982c6e8b77aa651e428856af953192cf00000001173f582992a169ce138d6870@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1405/398022746@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1405@github.com>
References: <quicwg/base-drafts/issues/1405@github.com>
Subject: Re: [quicwg/base-drafts] Handling of duplicate packets (#1405)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5b2796294dd8b_78d3ffbaebc0f7c1365c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: gloinul
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/dJ1sp2dY85zXXProKyN1ytbnn9M>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jun 2018 11:23:25 -0000

@mikkelfj I am uncertain if that happens in a way that will prevent this attack. My assumption when this attack would be possible would be a low rate management connection where any rekeying based on number of legit sent packets may occur very infrequently. I don't find what the rekeying frequency requirements are, does someone have pointer? 

The number of tested forges will be dependent on the number of forged duplicate packets the attacker manage to send without raising an alarm that the connection is under attack. But, if there are no such warnings then an attacker could potentially send a large number of attack packets without the target noticing other than it drops a lot of packets due to authentication failure. The attack only consumes PN and thus packets until rekeying when a successful forge has been accomplished. 

To my understanding the protection against this type of attack, is to prevent that a successful forge results in a response. If there are no general duplication protection then using a recently sent packet as attack packet is makes it simpler to cause a response. In fact the response to ECN-CE marks can actually be one thing that provides such a proof if some of the response discussed in #1372 would be allowed. Modifying the payload forging the authentication tag and setting the ECN bits to CE could then trigger an ACK on successful forge. For a connection that mostly idle that ACK will be a good signal for a forge. However, for this type of connection one can likely also target packets with a PING frame. Thus, also getting an ACK response on successful forge.
 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1405#issuecomment-398022746

v2.31.3 | Report a Bug | By Email | System Status