IETF Logo Mail Archive

[Spud] The reset middleboxes attack

Christian Huitema <huitema@microsoft.com> Sun, 29 March 2015 00:17 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B7071A90CE for <spud@ietfa.amsl.com>; Sat, 28 Mar 2015 17:17:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GoDKYgeZXaI3 for <spud@ietfa.amsl.com>; Sat, 28 Mar 2015 17:17:24 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0109.outbound.protection.outlook.com [65.55.169.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 326951A90D4 for <spud@ietf.org>; Sat, 28 Mar 2015 17:17:21 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (25.160.96.17) by DM2PR0301MB0656.namprd03.prod.outlook.com (25.160.96.18) with Microsoft SMTP Server (TLS) id 15.1.118.21; Sun, 29 Mar 2015 00:17:19 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) with mapi id 15.01.0118.022; Sun, 29 Mar 2015 00:17:19 +0000
From: Christian Huitema <huitema@microsoft.com>
To: "spud@ietf.org" <spud@ietf.org>
Thread-Topic: The reset middleboxes attack
Thread-Index: AdBps0lZieRUM/cCRaqTbV+IIDrJUw==
Date: Sun, 29 Mar 2015 00:17:18 +0000
Message-ID: <DM2PR0301MB0655748F52C0984FB6BF8E93A8F60@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [24.16.156.113]
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0656;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(87936001)(62966003)(76576001)(66066001)(54356999)(77156002)(50986999)(2656002)(102836002)(40100003)(86362001)(86612001)(122556002)(92566002)(99286002)(2900100001)(229853001)(2501003)(74316001)(46102003)(2351001)(33656002)(110136001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0656; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <DM2PR0301MB0656CD02C1866D8097F60EA4A8F60@DM2PR0301MB0656.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:DM2PR0301MB0656; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0656;
x-forefront-prvs: 0530FCB552
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2015 00:17:18.6186 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0656
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/6sXBaZSFiwRcF6IKAxEsTH7VUt4>
Cc: Jana Iyengar <jri@google.com>, Eric Rescorla <ekr@rtfm.com>
Subject: [Spud] The reset middleboxes attack
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Mar 2015 00:17:26 -0000

A key design element out of the SEMI workshop was a request to expose session "start and stop" to the path. The rationale is that middleboxes could then do a more efficient state management than the current timer-based solutions. The hosts would also benefit if they can do away with fewer keep alive packets to maintain the state open in the middleboxes. 

But there is a big issue. The end systems can distinguish between valid and invalid headers because the crypto ensures authentication of the clear text header. An attacker capable of packet injection cannot affect the state of the end systems, because the injected packets will fail the crypto checksum verification and be discarded. But if the hosts are protected, the middleboxes are not. They do not have access to the application credentials, and they cannot perform the crypto checksum verification. This opens the gates for two attacks.

The first and obvious attack is the "middlebox reset" attack. An attacker injects a packet with a "stop" mark. Middleboxes on the path see that, and free the state associated with the session. NAT mapping disappear and firewall opening are closed. Even if the hosts are capable of rejecting the fake reset, their connection is still gone, because further packets will be discarded by the middleboxes.

One of my coauthors (EKR or Jana, cannot remember) suggested a mitigation, which reminded me of the old "S-Key" scheme. Suppose that the "open" packet carries a "hash target" T, composed of an algorithm ID (say SHA256) and a binary string (32 bytes in the case of SHA256). The middleboxes remember that value as part of their state. We then require that the "stop" packets carry a "hash result" R, a binary string of arbitrary size. When the middleboxes on path see a reset packet, they check that H(R) = T. If it does not, they detect a spoofed reset, and discard the packet.

I can see that implementers may not be enthusiastic with the additional complexity. But we would be naïve to just dismiss the attack. We do see attackers capable of eavesdropping traffic, and then injecting packets "from the side." I am sure that these attackers would find good use of a capability to nuke connections at will. 

-- Christian Huitema

v2.8.7 | Report a Bug | By Email