[secdir] Re: Secdir early review of draft-pignataro-eimpact-icmp-02

Shawn M Emery <shawn.emery@gmail.com> Fri, 17 May 2024 05:16 UTC

Return-Path: <shawn.emery@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5E42C14F6AB; Thu, 16 May 2024 22:16:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMekO_KG8bcG; Thu, 16 May 2024 22:16:17 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D33BC14F6BE; Thu, 16 May 2024 22:16:17 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id ca18e2360f4ac-7e1c93c0b0dso8034939f.0; Thu, 16 May 2024 22:16:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715922976; x=1716527776; darn=ietf.org; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=hdxDh1kwWgqeOZ/7UdCUA36VHZFpUKROzDv2/5YHpho=; b=lSkf+9/K3fhorXIuF95DLKyVnhscvrW1MTlGVQjtU7jmilvEegy/g3yEnw2WZqPmcW EYy37g2wD8agRM7gf6tuQHgXLgHqg604PFbvvCXXC67w6qyYED1ZjrkBX2hSlJoDB55z nHyviqCFiNop5hfwrCk5rOj97ctiz3km5lzpjys5lblfM9VnoAgS1VOgq5xFZeO4rV9/ TuqJvHpakfu6zDtT0DGSXiuz2kDrE60uaBIJJGHnsPTlU/QvaH7abLOYT6AessXD3Qfa Kg57mpTnffEx398ijT1iHssSe9F1CmWAMG/2VBb5CQ1OgYai1ImBzhFB4b5u0Yl7D1IZ lZXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715922976; x=1716527776; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hdxDh1kwWgqeOZ/7UdCUA36VHZFpUKROzDv2/5YHpho=; b=fmZE+/LDd4L3f/caMI0cD5zXs7jXYunzizyokaU7tG5qKMR2T62XQXz3r23wdjSlkd /cTgNFz+G5gyE7E1Dg+i8HLqMRmfcpg3dZLQmqYvMDiZDInm6s0LyHrxYFUHlZyqR4sw ovg6Tywa1W1xYVKKJX1zfRE7HAySBpOjZ3Wv7amLZ8Wcntn9wyZ4q1j1DpQcWJ4y1eYY Gfep7lEicj5+hBeV+aFot9lPXSA8CTMM5OdZMCbBnnQ/ECYK9yIoQq3loRjDer1qru0U 1m4sP83QAb5gOvNkMFUCBKZfzl5B8IZzDzUsEyGnOaMgbgMXkBSbow1M9wMYPvZPxFdq GJEQ==
X-Forwarded-Encrypted: i=1; AJvYcCUoK+cQoFPS4y1xQWmLBLVZf8HwLjg9miemqeRKoaZ+oISPBqf/8KbJvSMwTUlgD7AhZ0whRsHq1AmsHQAPPos=
X-Gm-Message-State: AOJu0YzzbkwnvBVrgbpYxglaSHuiBGO0kPBtz/m14clgnPrHx6rHXfgL Qikr26QuQPSt1VXSWNzcRSPPqbHCm0MOGnEM2723eSdKbsgjM0zQ
X-Google-Smtp-Source: AGHT+IGgNxVwIuZsmPL4siw7Cyy0FGDILTDpafoKqWJb6sEz6wqRINZynonrkIkb1wxVXe4LB/boSw==
X-Received: by 2002:a05:6602:81c:b0:7e2:1556:738a with SMTP id ca18e2360f4ac-7e21556754emr360617639f.3.1715922976487; Thu, 16 May 2024 22:16:16 -0700 (PDT)
Received: from [192.168.0.49] (75-166-62-170.hlrn.qwest.net. [75.166.62.170]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4895a5bb8d6sm3979404173.118.2024.05.16.22.16.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 May 2024 22:16:16 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------wJ2NZQ6KCPwAqgXH8pXrZq0U"
Message-ID: <cc0d93cc-8569-47cd-a085-7b929651fe35@gmail.com>
Date: Thu, 16 May 2024 23:16:15 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Shawn M Emery <shawn.emery@gmail.com>
To: Carlos Pignataro <cpignata@gmail.com>, Michael Welzl <michawe@ifi.uio.no>
References: <171417174965.64289.3398737354645398983@ietfa.amsl.com> <CACe62M=oSq5Z=80=i=7KEGA0jQP7=X3isWif5imp9d8WKKmRng@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CACe62M=oSq5Z=80=i=7KEGA0jQP7=X3isWif5imp9d8WKKmRng@mail.gmail.com>
Message-ID-Hash: IWUBZBLWIMFFHUIGVVPE5LU7KGMLE44U
X-Message-ID-Hash: IWUBZBLWIMFFHUIGVVPE5LU7KGMLE44U
X-MailFrom: shawn.emery@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-pignataro-eimpact-icmp.all@ietf.org, secdir@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir early review of draft-pignataro-eimpact-icmp-02
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/uckYTTzLWkm5prsOAi13gUQj_yk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Hi Carlos,

Comments begin with SME.

On 5/12/24 4:41 PM, Carlos Pignataro wrote:
> Hi 👋🏼 Shawn,
>
> Many thanks for this very useful review!!! Very useful!
SME: Of course.
> We have been thinking about your review comments, tracked at
> https://github.com/cpignata/eimpact-icmp/issues/27 , and have some 
> follow up questions for you (leaving only the relevant part of the review)
>
> 1. For DPA (as in differential power analysis), an attacker would need 
> a “continuous” Current / Power over time curve while the crypto algo 
> is executed. Would the fact that this is getting a single value (not a 
> time series) be a fair high level counter measure?
SME: This countermeasure is still susceptible to divide-and-conquer 
attacks, where different parts of the secret key are learned over time.
> 2. Do these elements typically have DPA protection as in injecting 
> noise? Should we in the results?
SME: Ideally yes, but this depends on individual 
component/system/software design and therefore could not assume one way 
or the other that this type of mitigation has been employed on any given 
device.
> 3. Could you please share a reference to DPA we could use to add text? 
> And really welcome textual suggestions!!! 😉

SME: Hmmm, this is an area of ongoing research, where promising 
countermeasures include a holistic approach, such as software flagging 
sensitive data for the hardware to treat this data with algorithmic 
noise, i.e., undifferentiated power consumption based on input.  So if 
this type of mitigation was a MUST in this draft then how many network 
nodes could currently meet this requirement?  If that answer is "very 
few to none" then this draft, IMO, would not be an appropriate source to 
provide guidance on how to counter remote side-channels attacks.  What 
is the granularity of voltage that would be meaningful as a 
sustainability metric?

> Thanks again, Shawn!

SME: NP

Regards,

Shawn.

--

> On Fri, Apr 26, 2024 at 18:49 Shawn Emery via Datatracker 
> <noreply@ietf.org> wrote:
>
>     Reviewer: Shawn Emery
>     Review result: Has Issues
>
> […]
>
>
>     However, one attack vector that I could
>     think of is a high-fidelity reporting of power draw for the
>     targeted node's
>     memory, cache, or HSM component then an attacker could perform a
>     remote
>     side-channel attack (i.e., using DPA) during cryptographic
>     operations in order
>     to extract the associated secret key.
>
>     General comments:
>
>     Thank you for the use-case section.
>
>     Editorial comments:
>
>     None.
>
>