IETF Logo Mail Archive

Re: Security of coalesced packets

Kazuho Oku <kazuhooku@gmail.com> Thu, 12 July 2018 08:32 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 380A812F1A2 for <quic@ietfa.amsl.com>; Thu, 12 Jul 2018 01:32:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EgO11ra4Jfcu for <quic@ietfa.amsl.com>; Thu, 12 Jul 2018 01:32:19 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F5EC130ED0 for <quic@ietf.org>; Thu, 12 Jul 2018 01:32:19 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id l7-v6so27452434ioj.1 for <quic@ietf.org>; Thu, 12 Jul 2018 01:32:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KDxGf6HxZ5GIxNQDd0gSp9o9bwiU3UC67L1dZyX3Q8c=; b=Pv6Vyas3E7kEtqkKPhVeSIFmRl0QdRTnFXENyluq6qw8QqT5Ocx3ptTcK6UkaJHqNo YeaL+oz4XIzTAz+dxn6uLXQ7pNH7c3A0RqaXBfQ/CytTy3UJ1ukWtfA8DtnpYhmly0gd XRer6XqJwlDopunBxm1slfXbpDaCmHAx9TR6JQnIum3mAXhwJkSCMc5GxgVwhVn+/Vi/ OEmtsftJZdPl4VHx7i/zJM5vIffMbXCT0h+GQ0JY5066S57TNGqajXd8wsR5FB6LwDnG 87vRfspalGi+6BeVzjh2Rvk8ZQHkhcqITVVrp+8E1t5s6wzsBCNJtgy4lQGsgGhztglZ DBjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KDxGf6HxZ5GIxNQDd0gSp9o9bwiU3UC67L1dZyX3Q8c=; b=f5ugY8z3+Jrui/RwbkQN1Q+T3h6VF9nbBT5MIbDLw9jiOfWCBf2z7c1RkGMXRv1euH nEvfBOghULXnxGvXZ8XjOF31HYmG895nFVI7ohBmVWsuSBWPzUXAK2scb2D+/bn6LRSY I79Vo/yH/xFsrWPcNOOLorM5gWhFAsZSAtHJXJBd3u4Sw5R/LdXSdO+H0JVtzeYHNn5H 4C9I+mVdda4hjiOKdUztq0EFNtdVBZetrAtRVCP7J8lwjVWxRSpOq9pOyGenCgevZIyp Mw5rAwRGrY/q9lCmbULhunPADlGQggAK8U90dljrvl/k8ltnR8Y/ATGpXVtFVTDcbPHt WBhA==
X-Gm-Message-State: APt69E0gZYN//801i+c+a1qRthFx8uT0Re7AyJzTcyXHNPFCzR09jO+d HJItOT5AEHny6zEtMXGaPvVxJbDo
X-Google-Smtp-Source: AAOMgpdyAMqEpB5zEnkw6infnugZKorwPhs4NeAwAsKcJMuVrp/pIEcuWdLksJ8Fx8bshk6wLOhmsQ==
X-Received: by 2002:a6b:84c6:: with SMTP id o67-v6mr26434794ioi.119.1531384338396; Thu, 12 Jul 2018 01:32:18 -0700 (PDT)
Received: from ?IPv6:2400:4050:2c40:1700:c9ed:d102:b5ef:b579? ([2400:4050:2c40:1700:c9ed:d102:b5ef:b579]) by smtp.gmail.com with ESMTPSA id g10-v6sm6608240ioq.87.2018.07.12.01.32.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Jul 2018 01:32:17 -0700 (PDT)
From: Kazuho Oku <kazuhooku@gmail.com>
X-Google-Original-From: Kazuho Oku <KAZUHOOKU@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-929ED041-D567-4E5E-965C-B369847E5C26"
Mime-Version: 1.0 (1.0)
Subject: Re: Security of coalesced packets
X-Mailer: iPhone Mail (15F79)
In-Reply-To: <CAN1APdc2bLn-C3Udy4g3FyNdfcmAD3RH-TeOrC5gmW=E7+DH+Q@mail.gmail.com>
Date: Thu, 12 Jul 2018 17:32:14 +0900
Cc: IETF QUIC WG <quic@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <5E1464AF-9AA8-48D0-9007-2B1CC764AEA2@gmail.com>
References: <CAN1APdfrjbZvvJj33taJpYCc2utTuHwZx8O6_um-nB7OLpFx5Q@mail.gmail.com> <CANatvzyrfvjnZ3Y4FKiW0fRVahmArXyaJk9gt2NrZPgaOX-WaQ@mail.gmail.com> <CAN1APddC_-pjZ4Gs-fh56e7KbwyvWxGoAASxAsV+toYZz33rZg@mail.gmail.com> <CAN1APdc2bLn-C3Udy4g3FyNdfcmAD3RH-TeOrC5gmW=E7+DH+Q@mail.gmail.com>
To: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/bQZ6WQUYw6roEFpds6SXiAYCb_U>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 08:32:22 -0000

2018/07/12 16:52、Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>のメール:

> 
>> On 12 July 2018 at 09.50.51, Mikkel Fahnøe Jørgensen (mikkelfj@gmail.com) wrote:
>> 
>> To me the situation seems indifferent to on-path devices sending 
>> additional packet using the 5-tuple when it sees a packet belonging to 
>> the QUIC connection. 
> 
> 
> It is different because if the source is a NAT home router, or a compromised mobile phone, it does not matter how you migrate, or change connection ID, you would still end the same cookie. 
> 

Thank you for elaborating.

I think that the attacks you describe can be mounted *without* using coalesced packets.

A malicious device (could be a router or a compromised mobile phone) can observe the TCP/UDP packets being transmitted, craft a new packet that has the same 5-tuple (and possibly also the first few octets that contain the packet header) and emit them. An observer will observe those crafted packets to track the connection.

v2.23.0 | Report a Bug | By Email