IETF Logo Mail Archive

RE: draft-tiesel-quic-unreliable-streams-01 - comments

Ingemar Johansson S <ingemar.s.johansson@ericsson.com> Wed, 08 November 2017 07:15 UTC

Return-Path: <ingemar.s.johansson@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8656D1314D5 for <quic@ietfa.amsl.com>; Tue, 7 Nov 2017 23:15:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bc8ll_OXcecl for <quic@ietfa.amsl.com>; Tue, 7 Nov 2017 23:15:12 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE1651314F0 for <quic@ietf.org>; Tue, 7 Nov 2017 23:14:46 -0800 (PST)
X-AuditID: c1b4fb30-759ff70000007d10-61-5a02aee46a73
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 1E.9F.32016.4EEA20A5; Wed, 8 Nov 2017 08:14:45 +0100 (CET)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.36) with Microsoft SMTP Server (TLS) id 14.3.352.0; Wed, 8 Nov 2017 08:14:44 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=B3Rxf0Z8LTcGdo8BhnRvXzMQOJgu5gy+SeJEj/5+J58=; b=TThVJjlW7GqYOfW4WflparF5g3/ELyZD3hiTihyh5QPKWgIzmsMOS1Lc5VprpAu9+J3jzVYakFr2A89kSZQ97d/9Dst1eQr2h2p1J7D3spVcI/RuK1cvVo9cNh7hZH+XL93sxE/iNDtHlKvtoae3F6D1I/K0Hl0gu3Rve+Fyyh0=
Received: from DB4PR07MB348.eurprd07.prod.outlook.com (10.141.234.148) by DB4PR07MB345.eurprd07.prod.outlook.com (10.141.234.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.6; Wed, 8 Nov 2017 07:14:42 +0000
Received: from DB4PR07MB348.eurprd07.prod.outlook.com ([fe80::d067:33bc:7c46:c8c9]) by DB4PR07MB348.eurprd07.prod.outlook.com ([fe80::d067:33bc:7c46:c8c9%13]) with mapi id 15.20.0218.005; Wed, 8 Nov 2017 07:14:42 +0000
From: Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
To: "Philipp S. Tiesel" <phils@in-panik.de>
CC: Roni Even <roni.even@huawei.com>, QUIC WG <quic@ietf.org>
Subject: RE: draft-tiesel-quic-unreliable-streams-01 - comments
Thread-Topic: draft-tiesel-quic-unreliable-streams-01 - comments
Thread-Index: AQHTVznzaxwXVQFObkG5Q8JOBDTpHqMIg0wwgABLYwCAADCkgIAAIq6AgADxZlA=
Date: Wed, 08 Nov 2017 07:14:42 +0000
Message-ID: <DB4PR07MB348CA1B22253E29FFF40BB7C2560@DB4PR07MB348.eurprd07.prod.outlook.com>
References: <6E58094ECC8D8344914996DAD28F1CCD82A735@DGGEMM506-MBS.china.huawei.com> <FBF9665E-15CE-437B-A575-25AEA7C88073@in-panik.de> <6E58094ECC8D8344914996DAD28F1CCD832288@DGGEMM506-MBX.china.huawei.com> <B814D19D-2FD6-42B6-867E-8A26C7475E0F@in-panik.de> <DB4PR07MB34899FCFC336AE2F0B72A6CC2510@DB4PR07MB348.eurprd07.prod.outlook.com> <6E58094ECC8D8344914996DAD28F1CCD8351F8@DGGEMM506-MBX.china.huawei.com> <DB4PR07MB348012BC630A37881C3852CC2510@DB4PR07MB348.eurprd07.prod.outlook.com> <7A7BC718-CA7C-4DF1-87DC-EB7C48B48C56@in-panik.de>
In-Reply-To: <7A7BC718-CA7C-4DF1-87DC-EB7C48B48C56@in-panik.de>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.176.1.92]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB4PR07MB345; 6:r/4dOSg6MKXtJSNCfzGgD5gNvZB3owbEV0OtRBejpdsNZXXI4ZKS0K9vidR3I5HpT2jgOV8ZwJb/R+kYccIN67/Dk2/I++otSvNHiB18aYHdcxcGXBEAgxkiw11U0NAyaWS6+EXl+eH+n8/4sTq4ornEN44fRAYFsmGs532f2L2r4Wro1KdkxO0M7xq73FuhGemdBn6LMwBHnNdY1KMH5CAl6gKUQQOZSf6o4uIHienWCDJhN+lS6qxbYpJq+OvTnb/DTSsIQAP320DBytws6ZjFA5PQ7ChPmyWrN8GiKgmEPppABBuxmBUPJpCtwbFABlrwe+Mqh5m/FMqeWbaJKkynkMwisoEhfp409C/MjTY=; 5:4Mdjv3JXQCoXL7Ukd6d+sJmjGIZTJ8En1tdJnCqwtxzllYraIca8HVux8w5GJkVI0CD4IFLymqsQ/xpt0EWlYEisLXIc/XINMCIXVlKSzMHrfC7w7s1koqdrel1vEq5GReXiWhV/pb0PTlyN9JH8ugftrSA6j5RkieGTsi28hp4=; 24:6WUY3JMGmrI9/yEZVIhR9w2jyGYN7ATdXIWiaEKKBuA2oVktsP7KvsVzmGtAMLg41syRxE5IltEA0iT4svooxUG+csv3WdPgKWx3PC28b4Q=; 7:SElgtUiWNFlJzEVGhFUpka0hYwn4wlhYzBsEamqje6sGbaOTjU6AJyn2nQnBTiXQH6w7H7AXP7qAGzrHsseEvFfSJ65Oj7PlDEZ2MrL0DTW4JpivBFoN8JNTI/LIKL9P2324c/5a79Dcsadnla4jMnOjIYkTszl60l5cH2AM8kXqr7mYV7zkc2xHi4LDVrI31aE5dbHnJNIX4Dozz3QwTQJdVaz9iPdjFKdVHKzN6IH2eq34fh96vBxgNKBnOvmk
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 6a84fe8b-5e9a-45d0-a613-08d526786230
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603249); SRVR:DB4PR07MB345;
x-ms-traffictypediagnostic: DB4PR07MB345:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ingemar.s.johansson@ericsson.com;
x-exchange-antispam-report-test: UriScan:(37575265505322)(20558992708506)(278428928389397)(192374486261705)(50582790962513)(21748063052155)(17755550239193);
x-microsoft-antispam-prvs: <DB4PR07MB34586BF981E4F8FF206D1C8C2560@DB4PR07MB345.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(3002001)(3231021)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB4PR07MB345; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB4PR07MB345;
x-forefront-prvs: 0485417665
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(39860400002)(189002)(24454002)(199003)(106356001)(189998001)(2906002)(14454004)(478600001)(6506006)(55016002)(33656002)(68736007)(5660300001)(6246003)(50986999)(54356999)(74316002)(101416001)(6916009)(2950100002)(230783001)(25786009)(6306002)(54896002)(53546010)(229853002)(606006)(2900100001)(9686003)(6436002)(7696004)(105586002)(76176999)(236005)(53386004)(3660700001)(8676002)(19609705001)(3280700002)(81156014)(81166006)(6116002)(790700001)(3846002)(102836003)(97736004)(86362001)(54906003)(8936002)(99286004)(53936002)(316002)(93886005)(66066001)(7736002)(5250100002)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:DB4PR07MB345; H:DB4PR07MB348.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB4PR07MB348CA1B22253E29FFF40BB7C2560DB4PR07MB348eurprd_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a84fe8b-5e9a-45d0-a613-08d526786230
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2017 07:14:42.6204 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR07MB345
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0iTYRTHfd7L9m41epyKR0uq4Qe1vKQRQmb6obCgCESQFeR0Lzqam2xm KhgSmqUtzSnN5XKQYWooaV4zcyuNPojhklDSpSleSDS7qCnStneB337n/P/nORcehhS/oP0Z hSqb1ahkSglPSNUkdwWGzrUQ0oiqO8LokoYWIvqeeU/02tAIFUcmFL1bphPq6zeJhKJPXpdI qTBGzioVOawmPDZFmKEfm0BZA1VE7sJSA1GIzDqiFAkYwMdhovMnXYqEjBi/RWCZXuJxwXsE k539lDOgsI6E6ld6glOqCegdf+qqF+OvCEaa5U7m4RhotK4jJ3vjIzBgfOJghiHxKVidkjrT Xvg0GIyDNGeJg8/FNorji/BwbtBlp3AgdPVGOtMiLIXtsmaKa/uMgta/i65ageOd4XIT38kI B4B9fcr1Dol9YWK2zr0ahvq+EZJjH1j8tkNzfAi2R2d4HAfAaF0ZcjYAbOGDfXrHLYRBx4Nl xPEF2KiuIjmTAUFP72O3EAwzFRskN0UarI3r3B1qHabfARwrwHzXzuOKR2morflFO9cEfADK F1IrUKhx1+Acq2FOv0MaXRfwhA81s5TRdcdgaO0N5yyHoapsms9xEBTXmvi782bEb0I+Wlab mpkeGRnGahRpWq1aFaZis9uQ4yNZXm5FdKPF+XgrwgyS7BXlGgipmJblaPMyrQgYUuItUl52 pERyWV4+q1Ff1VxXslor2s9QEl9RfP/HZDFOl2Wz11g2i9X8VwlG4F+IKu0pOR5+BWNBvqYh wfmzBUNpz/PnozpSjzbObrLnKkvC55LwSb2HhfLrSWz3NHX02DyqI07EXek+mGi1hfT5B7+2 GZZWfsRF6aRfBodXZ+TStTPSWDv/fsa+7yusxHj71qPSzqn8GZN3TNOfwK22yST25kroDf0b hUHdbqQDJJQ2Q3YshNRoZf8ATXJqV0QDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Gu8dzeu8MpMaKt3S_DLvVNUufbY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 07:15:14 -0000

OK, then I understand.
Another example of a possible attack vector is needed then, if there is any credible example.

/Ingemar

From: Philipp S. Tiesel [mailto:phils@in-panik.de]
Sent: den 7 november 2017 17:48
To: Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
Cc: Roni Even <roni.even@huawei.com>; QUIC WG <quic@ietf.org>
Subject: Re: draft-tiesel-quic-unreliable-streams-01 - comments

Hi,

the whole point came up in the security considerations of the draft:

              If one uses unreliable streams as-a-message to cut down
              delay, it is also necessary to send them out right away
              and don’t wait unit a MTU-sized packet is full.

              Despite encryption, this allows an attacker to learn about message
              sizes and, assuming the protocol within the QUIC connection is known,
              might allow guessing what messages were used.

              One _example_ for such an attack was an hypothetical streaming protocol
              which an attacker can drop delivery reports for and thus could influence
              rate adaption.

I came to the conclusion this was not the best example for the message guessing attack.


On 7. Nov 2017, at 15:47, Ingemar Johansson S <ingemar.s.johansson@ericsson.com<mailto:ingemar.s.johansson@ericsson.com>> wrote:

Hi

OK, then I understand, maybe.. Still don’t get it, sorry. If you are about to selectively discard ACK packets, then the ACK spacing will become larger and the ACK clocking will be degraded. The end effect is that also the media (or whatever) that constitute the large packets will also get a degraded performance ?

I assume that we will still be running one congestion control for the connection ?

/Ingemar

From: Roni Even [mailto:roni.even@huawei.com]
Sent: den 7 november 2017 12:50
To: Ingemar Johansson S <ingemar.s.johansson@ericsson.com<mailto:ingemar.s.johansson@ericsson.com>>; Philipp S. Tiesel <phils@in-panik.de<mailto:phils@in-panik.de>>
Cc: QUIC WG <quic@ietf.org<mailto:quic@ietf.org>>
Subject: RE: draft-tiesel-quic-unreliable-streams-01 - comments

Hi Ingemar,
It is not CCM the attacker just does heuristics to understand that this is not media but report (RTCP or ACK frames) and drops it, BTW: audio packets may also be small.
This is an example. The claim is that you can use heuristics to drop “selected” frames even though you do not know what is in the packet.
Roni



From: Ingemar Johansson S [mailto:ingemar.s.johansson@ericsson.com]
Sent: יום ג 07 נובמבר 2017 09:41
To: Philipp S. Tiesel; Roni Even
Cc: QUIC WG
Subject: RE: draft-tiesel-quic-unreliable-streams-01 - comments

Hi Philip and Roni

I assume that by reception reports is meant the RTCP CCM messages such as TMMBR or ?

So.. unless I misunderstood it completely.
I am not at all convinced that media rate/congestion control in QUIC should rely on TMMBR.
SCReAM for instance, specified in the RMCAT WG for instance does not depend on TMMBR as it is ACK clocked, the media transmission is reduced to a very low rate if the ACKs are discarded by an attacker.

I would say that it is more straightforward to use a multipurpose congestion control in QUIC, this is perhaps based on BBR, but SCReAM style is not excluded. In any case this means that it is not possible to prevent rate adaptation.

/Ingemar


From: Philipp S. Tiesel [mailto:phils@in-panik.de]
Sent: den 6 november 2017 10:15
To: Roni Even <roni.even@huawei.com<mailto:roni.even@huawei.com>>
Cc: QUIC WG <quic@ietf.org<mailto:quic@ietf.org>>
Subject: Re: draft-tiesel-quic-unreliable-streams-01 - comments



On 5. Nov 2017, at 08:32, Roni Even <roni.even@huawei.com<mailto:roni.even@huawei.com>> wrote:
From: Philipp S. Tiesel [mailto:phils@in-panik.de]
On 1. Nov 2017, at 14:03, Roni Even <roni.even@huawei.com<mailto:roni.even@huawei.com>> wrote:
In the security section “ An active, on path attacker can drop selected
frames “ . What does it mean selected frames, the whole payload is
encrypted.
This is a little complicated:
- Assume having “stream-as-a-message” streams with two different kins of
messages sized A,B
- Assume each message fits into one packet, but two messages will not fit
- Assume one doesn't want to split packets to fill packets to MTU due to
latency constrains  => If an attacker know the inside protocol, the attacker
can distinguish from the packet length wether it is an A or B kind message

To avoid this, one has to pad all packets… I should clarify this.
[Roni Even] I understand this case but what does selected frames mean, I assume that the attacker does not know what is in each stream in order to select a specific one, so why will he just drop one and not the other or why not both?

Assuming the attacker _knows the protocol_, the attacker would also know the sizes of all kinds of messages and may use this knowledge to recover protocol state or selectively drop messages.

For a protocol like HTTP, the attack vector is rather small.
If one uses this against video conferencing applications, an attacker could prevent rate adaption  by dropping reception reports (larger than a pure QUIC ACK, smaller than a video frame).
If one uses this on IoT control stuff, an attacker might be able to learn a lot about the system state by observing sizes and timings.

This is nothing we can fix within QUIC without massive scarifies, but application developers must keep in mind.


AVE!
  Philipp S. Tiesel / phils…
--
   {phils}--->---(phils@in-panik.de<mailto:phils@in-panik.de>)--->---(http://phils.in-panik.de<http://phils.in-panik.de/>)----,
      wenn w eine   aube ist dn      man au dran dre en                   |
           o     Schr        an muss     hc         h   (Kurt Schwitters) |
:wq!  <----(phone: +49-179-6737439)---<---(jabber: phils@in-panik.de<mailto:phils@in-panik.de>)----'

AVE!
  Philipp S. Tiesel / phils…
--
   {phils}--->---(phils@in-panik.de<mailto:phils@in-panik.de>)--->---(http://phils.in-panik.de)----,
      wenn w eine   aube ist dn      man au dran dre en                   |
           o     Schr        an muss     hc         h   (Kurt Schwitters) |
:wq!  <----(phone: +49-179-6737439)---<---(jabber: phils@in-panik.de<mailto:phils@in-panik.de>)----'

v2.23.0 | Report a Bug | By Email