Re: Explicit measurability in the QUIC wire image (was Re: Packet number encryption)

Kazuho Oku <kazuhooku@gmail.com> Wed, 07 February 2018 11:10 UTC

MIME-Version: 1.0
In-Reply-To: <CAN1APddkFxLFREQQe+0Kqqi+zJeU20ALjzN4R0Muf9FD1BzZUg@mail.gmail.com>
References: <CABkgnnVyo3MmWtVULiV=FJTnR528qfY8-OmKGWAs0bCvri-a_g@mail.gmail.com> <1F7FB3B8-A94C-4354-9944-FB09FB8DB68B@trammell.ch> <CABcZeBMbwdwyC9TxxHBLYaZKfNB-FG2wCGjqUZ_mNR-A1R47FA@mail.gmail.com> <9096e5ec-581e-875a-b1dd-bff0b05206fd@huitema.net> <CABkgnnWRQSAufwPss+qf=xAzCwRYeNNH8XLPm3yFaHxOb+ba4g@mail.gmail.com> <BF80500A-6277-45DC-8525-9C3FE138B76D@tik.ee.ethz.ch> <5A7191E0.6010003@erg.abdn.ac.uk> <5214AD93-8376-4B25-922F-AF5551CC2E95@netapp.com> <F990E064-E6F8-41A3-B791-F776C9955E15@nokia.com> <CAGD1bZab0GaZFsHwC+nw3AxxC4VusxMJ6oDanzk3dSDdWKAXdw@mail.gmail.com> <2C515BE8694C6F4B9B6A578BCAC32E2F83BA1443@MBX021-W3-CA-2.exch021.domain.local> <BY2PR15MB07757473DB9788558B902EB5CDF80@BY2PR15MB0775.namprd15.prod.outlook.com> <6E58094ECC8D8344914996DAD28F1CCD861B7F@DGGEMM506-MBX.china.huawei.com> <e529144067624fcba636fc8c24ee3ff4@usma1ex-dag1mb5.msg.corp.akamai.com> <BY2PR15MB07754D83A1721F2BD742359BCDFE0@BY2PR15MB0775.namprd15.prod.outlook.com> <2CD9DC43-D69B-43F0-8474-DFE798850A52@akamai.com> <CAGD1bZaUuNxqpDkn62B0wWcFD8=mCUWrAwWGG-rAOxH7Mf1=cQ@mail.gmail.com> <CY4PR21MB01334E30C7AF6AE75F58EEFDB6FE0@CY4PR21MB0133.namprd21.prod.outlook.com> <CAGD1bZaxrqzdkk0wxRaULwOTgg6wnrSrXNBK31s4uxdozaACBA@mail.gmail.com> <CAGD1bZbOAaSBcQw4nVtGuwRunaAW8MYHq9yPxNN6DdKHzt5HtQ@mail.gmail.com> <CANatvzx+uDHMV5XS=OuVYBqe_RYX=EmVWAmjuONS8BpNYCPweA@mail.gmail.com> <5233815B-00F3-4961-ABB8-505906258B89@trammell.ch> <CAN1APdcuKSLYw4Odyc4g=+4_+ojsNekeqmM9eYqxykkfxRx3Cg@mail.gmail.com> <CANatvzz3rmGPRgu1Z5+bAHhgjiN3L5OVTDhb4fmpPX+M8o4z3w@mail.gmail.com> <DB6PR10MB17661B9957DF90733FA28EC5ACFD0@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <DB6PR10MB176682C63A91007574BBEAECACFC0@DB6PR10MB1766.EURPRD10.PROD.OUTLOOK.COM> <CAN1APddkFxLFREQQe+0Kqqi+zJeU20ALjzN4R0Muf9FD1BzZUg@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Wed, 07 Feb 2018 20:10:02 +0900
Message-ID: <CANatvzw3RFekoHx_MJWkDY0Q+G2gUNshpocozwkQWpH8sqnnTA@mail.gmail.com>
Subject: Re: Explicit measurability in the QUIC wire image (was Re: Packet number encryption)
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Cc: "Brian Trammell (IETF)" <ietf@trammell.ch>, QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/9g9KMRwz1TSAqkWf_gGei1pnacI>
Precedence: list

2018-02-07 18:10 GMT+09:00 Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>:
> Instead of a static Pi table, an xorshift+ PRNG could be used. It would
> likely be preferable to shorten the cycle such that observers can use hash
> lookups and hamming distance computations against selected segments of the
> sequence.

The pros of using a sequence that randomly distributes 0 and ones
(i.e. PI or xorshift+) is that you can extract good loss / reordering
information if the error rate is low.

OTOH, it is fragile to high error rate or certain patterns of error.
Let me explain two examples.

Consider the case where the packet loss rate is 50%. I doubt if you
could use pattern matching against those sequences to figure out the
loss rate. This is because the power among the sequence is mostly high
frequencies. If you use a sequence that distributes power among lower
frequencies (like square wave or sin wave that I discussed), you can
calculate the loss rate in such cases as well.

Consider another case where the sender uses multiple queues to emit
packets belonging to a single QUIC connection (BTW, I plan to
implement such one). You would see non-neglible amount of reorders. On
the wire, it will look like if two adjacent packets packets were
swapped; it wouldn't have any practical impact on performance. But
such frequent reordering will destroy the observability of a random
sequence.

To summarize, I think that we need a low frequency signal. It could
either be a square wave or sin wave. Using a sin wave might be better
here, since you the bit pattern (which flips a lot) to observe at a
higher precision when the the error rates of loss and reorder are both
low.

>
> https://en.wikipedia.org/wiki/Xorshift#xorshift+
>
> http://xoroshiro.di.unimi.it/xorshift128plus.c
>
> uint64_t s[2];
>
> uint64_t next(void) {
> uint64_t s1 = s[0];
> const uint64_t s0 = s[1];
> const uint64_t result = s0 + s1;
> s[0] = s0;
> s1 ^= s1 << 23; // a
> s[1] = s1 ^ s0 ^ (s1 >> 18) ^ (s0 >> 5); // b, c
> return result;
> }
>
>
> A simpler 32-bit version could also be used since we do not care about long
> cycles.
>
> http://excamera.com/sphinx/article-xorshift.html
>
> uint32_t seed = 7;  // 100% random seed value
>
> static uint32_t random()
> {
>   seed ^= seed << 13;
>   seed ^= seed >> 17;
>   seed ^= seed << 5;
>   return seed;
> }
>
>
> The output would be the bits shifted out of the 32-bit our 64-bit word in
> either MSB or LSB first. I’d prefer LSB because it is slightly simpler to
> test the LSB bit and divide by 2.
>
> On 7 February 2018 at 01.29.18, Mikkel Fahnøe Jørgensen (mikkelfj@gmail.com)
> wrote:
>
> Also note that this approach is insensitive to skipped packet numbers in
> optimistic ACK attack defence. It leaks zero information when the network is
> perfect and if the CID hash is random.
>
> ________________________________
> From: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
> Sent: Wednesday, February 7, 2018 12:58:33 AM
> To: Kazuho Oku
> Cc: Brian Trammell (IETF); QUIC WG
> Subject: Re: Explicit measurability in the QUIC wire image (was Re: Packet
> number encryption)
>
> I actually think a static 1KB table of Pi could work quite well.
>
> A subset of samples could be indexed in a hashtable and yield loss data
> early with some probability. Some samples would miss due to reordering or
> loss. If more exact analysis is wanted the levenshtein distance of a sample
> sequence against Pi from a synced offset would tell a lot about the data. Or
> DNA sequencing. This could be hardware optimized.
>
> Yet, transmission is always just the next bit in the Pi table.
>
> Since Pi is effectively random it will ebentually detect mutations if the
> observed sequence is long enough.
>
> Wrt privacy, the CID may be used as a start offset hash into the Pi table.
>
> There isn’t any need to cover a full RTT worth of Pi bits unless it is used
> for latency detection, but in that case the spin could be a pattern like
> 10101010 and 00001111 injected into the Pi sequence. A separate spin bit
> would be simpler.
>
>
> ________________________________
> From: Kazuho Oku <kazuhooku@gmail.com>
> Sent: Tuesday, February 6, 2018 5:22:35 PM
> To: Mikkel Fahnøe Jørgensen
> Cc: Brian Trammell (IETF); QUIC WG
> Subject: Re: Explicit measurability in the QUIC wire image (was Re: Packet
> number encryption)
>
> 2018-02-06 23:54 GMT+09:00 Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>:
>> This idea can be taken further: You can modulate the signal so you use
>> multiple packets to encode a zero or a one for half the wave duration. For
>> example 1 could be encoded as 0101 over four packets and zero could be
>> encoded as 0011 over four packets.
>> If there is any reordering, it would show up as an unexpected value in the
>> pulse.
>
> That's definitely an option.
>
> Actually, I considered using sin wave (that distributes the error
> among 1-bit samples) as an example instead of the square wave.
>
> The primary reason behind my preference to using a square wave is that
> it is easier to implement; in fact, emitting a square wave with the
> length of 512 packets is as easy as just taking the 9th bit (counting
> from LSB) of the packet number (if we forget about the gaps for a
> moment).
>
>
> --
> Kazuho Oku



-- 
Kazuho Oku

Packet number encryption Martin Thomson
Re: Packet number encryption Ian Swett
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Eric Rescorla
Re: Packet number encryption Christian Huitema
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Mirja Kühlewind
Re: Packet number encryption Gorry Fairhurst
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Eggert, Lars
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Roberto Peon
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Ted Hardie
Re: Packet number encryption Ted Hardie
Re: Packet number encryption Christian Huitema
Re: Packet number encryption Roberto Peon
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Christian Huitema
Re: Packet number encryption Jana Iyengar
RE: Packet number encryption Roni Even (A)
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Roberto Peon
Re: Packet number encryption Roberto Peon
Re: Packet number encryption Martin Duke
Re: Packet number encryption Kazuho Oku
Re: Packet number encryption Christian Huitema
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mirja Kühlewind
Re: Packet number encryption Mirja Kühlewind
Re: Packet number encryption Kazuho Oku
Re: Packet number encryption Dmitri Tikhonov
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge, UK)
Re: Packet number encryption Jana Iyengar
RE: Packet number encryption Piotr Galecki
Re: Re: Packet number encryption alexandre.ferrieux
Re: Packet number encryption Patrick McManus
Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge)
Re: Packet number encryption Stephen Farrell
Re: Packet number encryption Roberto Peon
RE: Packet number encryption Piotr Galecki
RE: Packet number encryption Roni Even (A)
RE: Packet number encryption Lubashev, Igor
RE: Packet number encryption Lubashev, Igor
RE: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Christian Huitema
RE: Packet number encryption Lubashev, Igor
Re: Packet number encryption Stephen Farrell
Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge)
Re: Packet number encryption Fossati, Thomas (Nokia - GB/Cambridge)
Re: Packet number encryption Stephen Farrell
Re: Packet number encryption Willy Tarreau
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Christian Huitema
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Brian Trammell (IETF)
Reducing ossification through protocol design (wa… Brian Trammell (IETF)
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Roberto Peon
Re: Packet number encryption Roberto Peon
Re: Packet number encryption Salz, Rich
Re: Packet number encryption Jana Iyengar
RE: Packet number encryption Roni Even
Re: Packet number encryption Christian Huitema
RE: Packet number encryption Roni Even (A)
Re: Packet number encryption Roberto Peon
Re: Reducing ossification through protocol design… Gorry Fairhurst
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Kazuho Oku
RE: Packet number encryption Roni Even (A)
Re: Reducing ossification through protocol design… Mirja Kühlewind
Re: Reducing ossification through protocol design… Salz, Rich
Re: Reducing ossification through protocol design… Mirja Kühlewind
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mike Bishop
RE: Reducing ossification through protocol design… Mike Bishop
Re: Packet number encryption Jana Iyengar
Re: Packet number encryption Jana Iyengar
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Ted Hardie
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Marten Seemann
RE: Packet number encryption Roni Even (A)
Re: Packet number encryption Marten Seemann
Re: Packet number encryption Brian Trammell (IETF)
Re: Packet number encryption Kazuho Oku
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Gorry Fairhurst
Explicit measurability in the QUIC wire image (wa… Brian Trammell (IETF)
Explicit measurability in the QUIC wire image (wa… Brian Trammell (IETF)
RE: Explicit measurability in the QUIC wire image… Roni Even (A)
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mirja Kühlewind
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Stephen Farrell
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
RE: Packet number encryption Mike Bishop
Re: Packet number encryption Jana Iyengar
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Eric Rescorla
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Packet number encryption Ian Swett
Re: Packet number encryption Christian Huitema
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Martin Thomson
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Christian Huitema
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Christian Huitema
Re: Packet number encryption Marten Seemann
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
Re: Explicit measurability in the QUIC wire image… Martin Thomson
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mirja Kühlewind
Re: Explicit measurability in the QUIC wire image… Mikkel Fahnøe Jørgensen
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
Re: Packet number encryption Brian Trammell (IETF)
RE: Packet number encryption Praveen Balasubramanian
Re: Explicit measurability in the QUIC wire image… Christian Huitema
Re: Explicit measurability in the QUIC wire image… Christian Huitema
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
Re: Explicit measurability in the QUIC wire image… Kazuho Oku
Re: Packet number encryption Victor Vasiliev
Re: Packet number encryption Salz, Rich
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mike Bishop
Re: Packet number encryption Christian Huitema
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mike Bishop
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mikkel Fahnøe Jørgensen
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mikkel Fahnøe Jørgensen
RE: Packet number encryption Mikkel Fahnøe Jørgensen
RE: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Salz, Rich
Re: Packet number encryption Eric Rescorla
Re: Packet number encryption Eric Rescorla
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Eric Rescorla
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Ian Swett
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Salz, Rich
Re: Packet number encryption Ian Swett
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption David Benjamin
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Deval, Manasi
RE: Packet number encryption Deval, Manasi
Re: Packet number encryption Victor Vasiliev
RE: Packet number encryption Mikkel Fahnøe Jørgensen
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: hardware offload (was: Packet number encrypti… Ian Swett
Re: Packet number encryption Ian Swett
Re: Packet number encryption Martin Thomson
Re: Packet number encryption Mikkel Fahnøe Jørgensen
RE: Packet number encryption Praveen Balasubramanian
Re: Packet number encryption Salz, Rich
RE: Packet number encryption Praveen Balasubramanian
RE: hardware offload (was: Packet number encrypti… Praveen Balasubramanian
Re: Packet number encryption Salz, Rich
RE: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Victor Vasiliev
Re: hardware offload (was: Packet number encrypti… Christian Huitema
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: hardware offload (was: Packet number encrypti… Eggert, Lars
RE: Packet number encryption Praveen Balasubramanian
RE: hardware offload (was: Packet number encrypti… Praveen Balasubramanian
RE: Packet number encryption Praveen Balasubramanian
RE: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Victor Vasiliev
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Kazuho Oku
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen
Re: Packet number encryption Mikkel Fahnøe Jørgensen