Re: quic protection against replayed packets
Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 07 June 2018 07:36 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FD68130E7E for <quic@ietfa.amsl.com>; Thu, 7 Jun 2018 00:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd1bAUY3A9Ay for <quic@ietfa.amsl.com>; Thu, 7 Jun 2018 00:36:01 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4A54130E8F for <quic@ietf.org>; Thu, 7 Jun 2018 00:36:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1528356959; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=PgSaeoFUmP2NYk41EUAXw36y6aUFz4RPah/kbDgEo28=; b=I2eMhKqAd5A0O96DjqxyrTYtLJOGDbXN+LoHMVB88BUaGIwrt/khw/qxZ4NWLdxY B5zvMbgL3bEdmeLO5uCkHv7mXLnOPN9jvL0I4oU07r9CPo6zWvGoy2euLXBUrBVs a8QqHe2lOwJcupE2U11a3hmTDer6T5kTTEXOqU5d7eM=;
X-AuditID: c1b4fb30-f7fff700000002c8-80-5b18e05edecd
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.183.87]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 75.08.00712.E50E81B5; Thu, 7 Jun 2018 09:35:59 +0200 (CEST)
Received: from [147.214.250.97] (153.88.183.153) by smtps.internal.ericsson.com (153.88.183.87) with Microsoft SMTP Server (TLS) id 14.3.382.0; Thu, 7 Jun 2018 09:35:58 +0200
Subject: Re: quic protection against replayed packets
To: quic@ietf.org
References: <CA+tEvRTTyOove9pTfcUx3Z-B1G96Gz960ts4vC4cirx=yJTPxQ@mail.gmail.com> <CAN1APdfioOBXQZTP-ELspW4O-WK1eB5RtwwgHduUijoFnTXkMw@mail.gmail.com> <500105a3-ce68-682f-638c-8ef88b19207e@huitema.net> <CA+tEvRT=J31un_wzD5hf+8eWBjzAL_yJG8JKePwjy=qNaxmLZA@mail.gmail.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <25a2a8c5-a17c-b19f-7970-6b04e43a3baa@ericsson.com>
Date: Thu, 07 Jun 2018 09:35:58 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <CA+tEvRT=J31un_wzD5hf+8eWBjzAL_yJG8JKePwjy=qNaxmLZA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-Originating-IP: [153.88.183.153]
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrELMWRmVeSWpSXmKPExsUyM2J7uG78A4log44uToueBdwOjB5Llvxk CmCM4rJJSc3JLEst0rdL4MpY8novY8FimYrVO28zNzB+E+ti5OCQEDCR6F8U2MXIxSEkcIRR 4vznqawQziZGifXP/rB0MXJyCAuYSmyatYAZxBYREJbYsPAcE0TRZCaJGTfOM4Ik2AQsJG7+ aGQDsXkF7CU+Xb3OBGKzCKhIrO3vBWsWFYiRWL3xMjtEjaDEyZlPwBZwCgRKrD8wC8xmBpoz cz7ETGYBeYnmrbOZIWxxiaYvK1lBbCEBbYmGpg4wW0JASeL6vOssExgFZyEZOwvJqFlIRs1C MmoBI8sqRtHi1OKk3HQjI73Uoszk4uL8PL281JJNjMCQPbjlt8EOxpfPHQ8xCnAwKvHwLrkp ES3EmlhWXJl7iFGCg1lJhDfxkli0EG9KYmVValF+fFFpTmrxIUZpDhYlcV4Lv81RQgLpiSWp 2ampBalFMFkmDk6pBsaeqKNul8rdhRZmO53o7Zp5OtHiWWhGewKv0rsVc49cU0xT+Cpnszrm euzpuDzuzhs7/Bq17v3R8t54z8FE6mfJkd2ht1RMOv+Jb/y6Wen2q2ctSancS78kvt9b3ODu lrpzzc5HW+MfXFg+1UdN/la/7PIVP63XGpv5N21+rZS0qIBryuaoWjclluKMREMt5qLiRABR doi8VQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/7Dt78syS6WMh8ZpaSQhSyOCS6YA>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 07:36:12 -0000
Hi, Yes, there is no text on this in the drafts. There is an issue on this: https://github.com/quicwg/base-drafts/issues/1405 /Magnus Den 2018-06-07 kl. 08:33, skrev Jānis Čoders: > Ok, so it means endpoints have to keep track of received packet > numbers. Just couldn't find that in standard. > At first I thought that all packets with lower PN than last valid must > be dropped, but then saw implementation where also lower packet > numbers are accepted > > On 7 June 2018 at 01:45, Christian Huitema <huitema@huitema.net> wrote: >> On 6/6/2018 2:32 PM, Mikkel Fahnøe Jørgensen wrote: >> >> The first line of defence is that most implementations would filter >> duplicate packets by tracking recently received packets, and dropping >> anything with a packet number older than what is tracked. >> >> >> The packet number filed only contains the lower bits of the packet sequence >> number -- 32, 14 or 6 bits depending on encoding. The higher order bits are >> filled up based on currently expected value. The completed 64 bit number (62 >> bit really) is then used as part of the initialization vector when >> decrypting the packet. If a very old packet is replayed, the receiver fill >> guess the high order bits wrong, the decryption will fail, and the packet >> will be rejected. >> >> If the packet is relatively recent, then most implementations rely on packet >> tracking to detect that this packet is not expected. The tracking data is >> the same data as the "dashboard" that is needed to implement the selective >> ack process. So in practice, one way or another, the duplicate packet will >> be ignored. >> >> The threat analysis envisages a different attack: intercept a packet, >> suppress the original transmission, and resend the same packet from a >> different address. This is one of the reasons why the migration >> specification includes a challenge/response mechanism. >> >> >> >> Assuming duplicates are not filtered: >> >> It depends on the packet content, or frame type more precisely. Some frames >> deliver flow control credits or ACK’s and here the problem is not only >> duplicates but also out of order delivery of same type of content in >> different packets. Here flow control cannot be reduced, so out of date >> content is ignored, and ACK’s cannot be unacked. >> >> For stream frames, each stream keeps track of already received ranges. An >> implementation could replace a range in the receive buffer with same content >> which is harmless, or with different content (for retransmissions done >> badly), but in either the case the application would (normally) only see a >> single coherent range. QUIC must offer that view to the application, but an >> implementation may expose more details and out of order ranges if so >> desired, but that is outside the protocol. >> >> >> Frames can be repeated, not because of a replay attack but because of >> "spurious retransmission", which can happen for a variety of reasons. So >> yes, applications have to be able to tolerate that and not break. >> >> -- Christian Huitema > > -- Magnus Westerlund ---------------------------------------------------------------------- Network Architecture & Protocols, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: quic protection against replayed packets Mikkel Fahnøe Jørgensen
- Re: quic protection against replayed packets Ian Swett
- quic protection against replayed packets Jānis Čoders
- Re: quic protection against replayed packets Christian Huitema
- Re: quic protection against replayed packets Magnus Westerlund
- Re: quic protection against replayed packets Jānis Čoders