Re: [secdir] Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks
Tero Kivinen <kivinen@iki.fi> Tue, 25 October 2016 09:23 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23C712962B; Tue, 25 Oct 2016 02:23:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24mjBEDz2TkM; Tue, 25 Oct 2016 02:23:02 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B003A1295BC; Tue, 25 Oct 2016 02:23:00 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id u9P9MrtZ003973 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 25 Oct 2016 12:22:53 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id u9P9Mrqx019125; Tue, 25 Oct 2016 12:22:53 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22543.9325.442870.538686@fireball.acr.fi>
Date: Tue, 25 Oct 2016 12:22:53 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: nalini.elkins@insidethestack.com
In-Reply-To: <1008310054.1014499.1477313369458@mail.yahoo.com>
References: <22495.62038.771947.984586@fireball.acr.fi> <1264225155.363685.1474644268281@mail.yahoo.com> <22507.60901.665544.878052@fireball.acr.fi> <1130739157.4563724.1475509147203@mail.yahoo.com> <22523.36827.869306.70163@fireball.acr.fi> <1103626655.678358.1476999979368@mail.yahoo.com> <22541.62010.241184.539109@fireball.acr.fi> <1008310054.1014499.1477313369458@mail.yahoo.com>
X-Mailer: VM 8.2.0b under 24.5.1 (x86_64--netbsd)
X-Edit-Time: 7 min
X-Total-Time: 6 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mAXVSqB5xGhWRQ-nddkdyJFa4XU>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-ippm-6man-pdm-option.all@tools.ietf.org" <draft-ietf-ippm-6man-pdm-option.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-ippm-6man-pdm-option-05: Timing Attacks
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 09:23:04 -0000
nalini.elkins@insidethestack.com writes: > > 8.4 Timing Attacks > > > > The fact that PDM can help in the separation of node processing time > > from network latency brings value to performance monitoring. Yet, > > it is this very characteristic of PDM which may be misused to make > > certain new type of timing attacks against protocols and > > implementations possible. Having said that, PDM is more likely to > > be used in response to an attack to find whether there are problems > > in the network or the node rather than its temporary use being > > exploited to mount an attack. The normal use of PDM is likely to be > > for testing and diagnostics. So, this is a short-term opportunity > > for an attacker. > > > > Even so, if using PDM, we introduce the concept of user "Consent to > > be Measured" as a pre-requisite for using PDM. Consent is common in > > enterprises and with some subscription services. So, if with PDM, we > > recommend that the user SHOULD consent to its use. > > > [Tero's comments below] > >I think this text might need bit more text about the attacks. I.e. the > >nature of these attacks is that they can leak out the long term > >credentials of the device. So if attacker is able to make attack, > >which causes the enterprice to turn on PDM to diagnose the attack, > >then the attacker might use PDM during that debugging time to do > >timing attack against the long term keying material used by the crypto > >protocol. Immediately when they get the keying material out, they stop > >the actual attack, which might then cause the defender to think that > >nothing bad happend, and just disable PDM and go on, without realizing > >that their long term keying material got stolen during the attack, and > >that the visible attack was there only to cause them to turn on PDM... > > > > Tero, I am a bit reluctant to be completely specific as I think that > will give people ideas that they might not have had before. Security by obscurity never works. Attackers have much more time to think and plan about attacks than people who are implementing code for something unrelated. If you are too vague, people who are implementing PDM or the crypto protocols, thinks that those attacks are impossible. It is better to spell them out for those implementing those so they can make needed security measures for those. One of those security measures could for example be that PDM is enabled only for certain ip-addresses, or only for some ports. Another would be to enable it for certain timeperiod (for example for 1 hour), so it can be made sure that PDM is not accidently left on after debugging has been done etc. > That is, before I say it, few people might think to launch such > attacks but if I spell it out clearly that such attacks can be > launched, then people who might not even have thought that this was > possible, will now think that they can do it. I think it is better to explain the attacks properly to the PDM implementors, so they understand what kind of things they need to think about when implementing PDM. Same thing for the people implementing crypto protocols. They need to understand that with PDM some things that used to be hard will be easy. If you just give general warnings, that means that quite a lot of implementors think that this text is just general text, not really specific for this. So implementors might think it does not concern them, and ignore the issue. -- kivinen@iki.fi
- [secdir] Secdir review of draft-ietf-ippm-6man-pd… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… MORTON, ALFRED C (AL)
- Re: [secdir] Secdir review of draft-ietf-ippm-6ma… nalini.elkins