Re: [secdir] Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks

<nalini.elkins@insidethestack.com> Tue, 10 January 2017 15:35 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 483FE129434 for <secdir@ietfa.amsl.com>; Tue, 10 Jan 2017 07:35:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.755
X-Spam-Level:
X-Spam-Status: No, score=-3.755 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-1.156] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2F1IbCmUqSNg for <secdir@ietfa.amsl.com>; Tue, 10 Jan 2017 07:35:51 -0800 (PST)
Received: from nm24-vm4.bullet.mail.gq1.yahoo.com (nm24-vm4.bullet.mail.gq1.yahoo.com [98.136.217.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A0AE129508 for <secdir@ietf.org>; Tue, 10 Jan 2017 07:35:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1484062550; bh=pD+bi0JXEk83v9xPTrecwfX2X7uij3sLg8DYEKLxhpQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=r/zKta2/G6R6TJiiUQIEvr8aoT+m/3eEXcV2A0RA2k/m5aA25wQnWuJNgXdndmXe26XmC4/7HH+yMeylqlzMo5MkE6JopUPFG1cKY3n1BISpZIS60KeL5AlCjMuUHWrC4tG0q5Hj4b/SpqHjPV2yoTT0rnctLeBcSqX4F2949vPw8pGskmS1uLWlSp90tWCxi6ZRPxpDeRCTViFSjqeITxImfuTpeAi1bOj+ZPPy5JTiMG4SDbo+w+/MpmyAYbFHnGe1FpxLgTh9/iLelL2w9R7m+TaVfNNTq05XUoKigFww4WTjzKXoak19THL9J1Pn9nt2AzNrGwrR57GejEFWTQ==
Received: from [98.137.12.58] by nm24.bullet.mail.gq1.yahoo.com with NNFMP; 10 Jan 2017 15:35:50 -0000
Received: from [98.137.12.236] by tm3.bullet.mail.gq1.yahoo.com with NNFMP; 10 Jan 2017 15:35:50 -0000
Received: from [127.0.0.1] by omp1044.mail.gq1.yahoo.com with NNFMP; 10 Jan 2017 15:35:50 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 217271.49551.bm@omp1044.mail.gq1.yahoo.com
X-YMail-OSG: aNrPtwUVM1mu6ANpN1hbS3ouUASPz0.Mw6.sqZntvDeTy36JAlkk0dOLkTZvBMo Tjz6Cx9oPsOe8is4B3OwYDxDkc7RXmIbLnOpqu7mujfj0H7WmYK6tRT1WTTcJ03mp99X0sNuZ8.y SIV8P445RnzGoiTzQzr9TvI7YMQbnLiM.Yce8ZLTwUGwuvDiBYfDRWf8VkhQcmnHsDOzFtbJnixk qR0PXHaMJQ6COETV7COcZDJQdwYubGoDsiPVXnDn.yDfBhuQdbYN.iqA3uZl1anctNqvBWd_03_y XlkON9yE1RAci.vRV61BmO3bsAoZTiRxbwj8s1_9UC5GCtuCM_7hs8GMwHQRO1UDqugr9BoSsfxn t.QiGvLRKTnuQvtu4iXigy3QvD.QltF_TyuVVpo7IUtV.dIGlG4KElFi66NJDZSAv6k3H9OuMuy2 oNfznWwERFw65PYFH9g4NCxUTs5.LJiG_MxYs10xI6Enr0UClU4WowcuYtefg6Xm_hXiexuOJfi0 PRluEpO23xmazR8gONIvyVxaXBbEfa_TDJBUiy1yLi3oy4e11QELt6a8-
Received: from jws300027.mail.gq1.yahoo.com by sendmailws117.mail.gq1.yahoo.com; Tue, 10 Jan 2017 15:35:49 +0000; 1484062549.802
Date: Tue, 10 Jan 2017 15:35:49 +0000 (UTC)
From: <nalini.elkins@insidethestack.com>
To: "MORTON, ALFRED C (AL)" <acmorton@att.com>, Tero Kivinen <kivinen@iki.fi>
Message-ID: <2005125701.562109.1484062549432@mail.yahoo.com>
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CF67BF01@njmtexg5.research.att.com>
References: <970641405.98311.1484019946430.ref@mail.yahoo.com> <970641405.98311.1484019946430@mail.yahoo.com> <22644.52731.787564.284071@fireball.acr.fi> <4D7F4AD313D3FC43A053B309F97543CF67BF01@njmtexg5.research.att.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_562108_53955821.1484062549430"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/IkqwsT4RtV-qcltmOuVhFuSaz8I>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-ippm-6man-pdm-option.all@tools.ietf.org" <draft-ietf-ippm-6man-pdm-option.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: nalini.elkins@insidethestack.com
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 15:35:53 -0000

Thanks, Al! 
Nalini ElkinsInside Products, Inc.www.insidethestack.com(831) 659-8360 

    On Tuesday, January 10, 2017 4:58 AM, "MORTON, ALFRED C (AL)" <acmorton@att.com> wrote:
 

 Hi Nalini and Tero,
Allow me to make two editorial suggestions.
(see below)
Al

> -----Original Message-----
> From: Tero Kivinen [mailto:kivinen@iki.fi]
> Sent: Tuesday, January 10, 2017 7:05 AM
> To: nalini.elkins@insidethestack.com
> Cc: iesg@ietf.org; secdir@ietf.org; draft-ietf-ippm-6man-pdm-
> option.all@tools.ietf.org
> Subject: Re: Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing
> Attacks
> 
> nalini.elkins@insidethestack.com writes:
> > Tero,
> >
> > I believe this is the last outstanding issue!  After we reach
> > agreement, I will rewrite the draft to:
> ...
> > 8.4 Timing Attacks
> >
> > The fact that PDM can help in the separation of node processing time
> > from network latency brings value to performance monitoring.  Yet,
> > it is this very characteristic of PDM which may be misused to make
> > certain new type of timing attacks against protocols and
> > implementations possible.
> >
> > That is, in some cases, depending on the nature of the cryptographic
> > protocol used, it may be possible to leak the long term credentials
> > of the device.  For example, if and attacker is able to create an
> attack
> > which causes the enterprise to turn on PDM to diagnose the attack,
> > then the attacker might use PDM during that debugging time to launch
> > a timing attack against the long term keying material used by the
> > cryptographic protocol.
> >
> > An implementation may want to be sure that PDM is enabled only for
> > certain ip addresses, or only for some ports.  Additionally, we
> > recommend that the implementation SHOULD require an explicit
> > restart of monitoring after a certain timeperiod (for example for 1
> hour),
> > to make sure that PDM is not accidently left on after
> > debugging has been done etc.
> >
> > Even so, if using PDM, we introduce the concept of user "Consent to
> > be Measured" as a pre-requisite for using PDM.  Consent is common in
> > enterprises and with some subscription services. So, if with PDM, we
> > recommend that the user SHOULD consent to its use.
> 
> This new text looks good.
> --
> kivinen@iki.fi
[ACM] 
OLD
> That is, in some cases, depending on the nature of the cryptographic 
> protocol used, it may be possible to leak the long term credentials 
> of the device.  For example, if and attacker is able to create an attack
NEW
Depending on the nature of the cryptographic 
protocol used, it may be possible to leak the long term credentials 
of the device.  For example, if an attacker is able to create an attack
                                ^^
...

Thanks for your extensive efforts to resolve these issues!
Al
doc shepherd