[rohc] Sigcomp: UDVM security issues
"Dr. Carsten Bormann" <cabo@tzi.org> Wed, 27 February 2002 15:04 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged))
by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25988
for <rohc-archive@odin.ietf.org>; Wed, 27 Feb 2002 10:04:46 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1])
by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA24941;
Wed, 27 Feb 2002 10:02:41 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176])
by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA24913
for <rohc@optimus.ietf.org>; Wed, 27 Feb 2002 10:02:39 -0500 (EST)
Received: from nmh.informatik.uni-bremen.de (root@nmh.informatik.uni-bremen.de
[134.102.224.3]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25920
for <rohc@ietf.org>; Wed, 27 Feb 2002 10:02:35 -0500 (EST)
Received: from cabo3 (nmh.informatik.uni-bremen.de [134.102.224.3])
by nmh.informatik.uni-bremen.de (8.10.1/8.10.1) with SMTP id g1RF2XI26740
for <rohc@ietf.org>; Wed, 27 Feb 2002 16:02:34 +0100 (MET)
From: "Dr. Carsten Bormann" <cabo@tzi.org>
To: <rohc@ietf.org>
Subject: [rohc] Sigcomp: UDVM security issues
Date: Wed, 27 Feb 2002 16:02:33 +0100
Message-ID: <NFBBJFHGMCFINEMHAMBGAEILHHAA.cabo@tzi.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Content-Transfer-Encoding: 7bit
Sender: rohc-admin@ietf.org
Errors-To: rohc-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Robust Header Compression <rohc.ietf.org>
X-BeenThere: rohc@ietf.org
Content-Transfer-Encoding: 7bit
Sigcompers, I've just had a 30-minute chat about the UDVM with Karsten Sohr (if you don't immediately recognize that name, it's quite googleable). While I don't believe in 30-minute security analyses, there were two notable results of this discussion: 1) 6 bytes (48 bits) is too little. If we assume that a busy proxy can hold a million states, it looks like we need 9 bytes (72 bits) for a reasonable collision (im)probability. 2) One significant aspect of the DoS invulnerability of the UDVM is the assignment of effort values for the instructions. We have to make sure that the complexity of the implementation of each instruction is at least in the right class with respect to the nominal effort. While this is trivial for most of the instructions, we should have another close look at the table. Karsten will continue to look at the UDVM and its security issues; he hopes to have a more serious security analysis done within the next two weeks or so. Gruesse, Carsten _______________________________________________ Rohc mailing list Rohc@ietf.org https://www1.ietf.org/mailman/listinfo/rohc
- [rohc] Sigcomp: UDVM security issues Dr. Carsten Bormann