IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks

"MORTON, ALFRED C (AL)" <acmorton@att.com> Tue, 10 January 2017 12:58 UTC

Return-Path: <acmorton@att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D07F129C45; Tue, 10 Jan 2017 04:58:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tZR_lnLmAGY9; Tue, 10 Jan 2017 04:58:09 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 453D6129898; Tue, 10 Jan 2017 04:58:09 -0800 (PST)
Received: from pps.filterd (m0049459.ppops.net [127.0.0.1]) by m0049459.ppops.net-00191d01. (8.16.0.17/8.16.0.17) with SMTP id v0ACtbAp048633; Tue, 10 Jan 2017 07:58:08 -0500
Received: from alpi155.enaf.aldc.att.com (sbcsmtp7.sbc.com [144.160.229.24]) by m0049459.ppops.net-00191d01. with ESMTP id 27vyk88h5v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 10 Jan 2017 07:58:07 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v0ACw7BF006537; Tue, 10 Jan 2017 07:58:07 -0500
Received: from mlpi409.sfdc.sbc.com (mlpi409.sfdc.sbc.com [130.9.128.241]) by alpi155.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id v0ACvuhC006438 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 10 Jan 2017 07:57:59 -0500
Received: from clpi183.sldc.sbc.com (clpi183.sldc.sbc.com [135.41.1.46]) by mlpi409.sfdc.sbc.com (RSA Interceptor); Tue, 10 Jan 2017 12:57:40 GMT
Received: from sldc.sbc.com (localhost [127.0.0.1]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id v0ACveZJ011712; Tue, 10 Jan 2017 06:57:40 -0600
Received: from mail-green.research.att.com (mail-green.research.att.com [135.207.255.15]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id v0ACvOxQ011120; Tue, 10 Jan 2017 06:57:25 -0600
Received: from exchange.research.att.com (njmtcas2.research.att.com [135.207.255.47]) by mail-green.research.att.com (Postfix) with ESMTP id E6F5BE033D; Tue, 10 Jan 2017 07:56:46 -0500 (EST)
Received: from njmtexg5.research.att.com ([fe80::b09c:ff13:4487:78b6]) by njmtcas2.research.att.com ([fe80::d550:ec84:f872:cad9%15]) with mapi id 14.03.0319.002; Tue, 10 Jan 2017 07:57:23 -0500
From: "MORTON, ALFRED C (AL)" <acmorton@att.com>
To: Tero Kivinen <kivinen@iki.fi>, "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>
Thread-Topic: Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks
Thread-Index: AQHSavgF3LTCeQELV0WiDyBzECKAhaEx8XyA//+56PA=
Date: Tue, 10 Jan 2017 12:57:22 +0000
Message-ID: <4D7F4AD313D3FC43A053B309F97543CF67BF01@njmtexg5.research.att.com>
References: <970641405.98311.1484019946430.ref@mail.yahoo.com> <970641405.98311.1484019946430@mail.yahoo.com> <22644.52731.787564.284071@fireball.acr.fi>
In-Reply-To: <22644.52731.787564.284071@fireball.acr.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [156.106.228.67]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-01-10_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701100188
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/NsWqfGYsXI9e8WvzXj9fTHP07EY>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-ippm-6man-pdm-option.all@tools.ietf.org" <draft-ietf-ippm-6man-pdm-option.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 12:58:10 -0000

Hi Nalini and Tero,
Allow me to make two editorial suggestions.
(see below)
Al

> -----Original Message-----
> From: Tero Kivinen [mailto:kivinen@iki.fi]
> Sent: Tuesday, January 10, 2017 7:05 AM
> To: nalini.elkins@insidethestack.com
> Cc: iesg@ietf.org; secdir@ietf.org; draft-ietf-ippm-6man-pdm-
> option.all@tools.ietf.org
> Subject: Re: Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing
> Attacks
> 
> nalini.elkins@insidethestack.com writes:
> > Tero,
> >
> > I believe this is the last outstanding issue!  After we reach
> > agreement, I will rewrite the draft to:
> ...
> > 8.4 Timing Attacks
> >
> > The fact that PDM can help in the separation of node processing time
> > from network latency brings value to performance monitoring.  Yet,
> > it is this very characteristic of PDM which may be misused to make
> > certain new type of timing attacks against protocols and
> > implementations possible.
> >
> > That is, in some cases, depending on the nature of the cryptographic
> > protocol used, it may be possible to leak the long term credentials
> > of the device.  For example, if and attacker is able to create an
> attack
> > which causes the enterprise to turn on PDM to diagnose the attack,
> > then the attacker might use PDM during that debugging time to launch
> > a timing attack against the long term keying material used by the
> > cryptographic protocol.
> >
> > An implementation may want to be sure that PDM is enabled only for
> > certain ip addresses, or only for some ports.  Additionally, we
> > recommend that the implementation SHOULD require an explicit
> > restart of monitoring after a certain timeperiod (for example for 1
> hour),
> > to make sure that PDM is not accidently left on after
> > debugging has been done etc.
> >
> > Even so, if using PDM, we introduce the concept of user "Consent to
> > be Measured" as a pre-requisite for using PDM.  Consent is common in
> > enterprises and with some subscription services. So, if with PDM, we
> > recommend that the user SHOULD consent to its use.
> 
> This new text looks good.
> --
> kivinen@iki.fi
[ACM] 
OLD
> That is, in some cases, depending on the nature of the cryptographic 
> protocol used, it may be possible to leak the long term credentials 
> of the device.  For example, if and attacker is able to create an attack
NEW
Depending on the nature of the cryptographic 
protocol used, it may be possible to leak the long term credentials 
of the device.  For example, if an attacker is able to create an attack
                                ^^
...

Thanks for your extensive efforts to resolve these issues!
Al
doc shepherd

v2.29.0 | Report a Bug | By Email | System Status