Re: [T2TRG] [core] New Version Notification for draft-mattsson-core-coap-attacks-02.txt
Achim Kraus <achimkraus@gmx.net> Fri, 04 February 2022 08:09 UTC
Return-Path: <achimkraus@gmx.net>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132E03A0D7B; Fri, 4 Feb 2022 00:09:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.812
X-Spam-Level:
X-Spam-Status: No, score=-2.812 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 39IBN7yCczg3; Fri, 4 Feb 2022 00:09:38 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88F333A0D5F; Fri, 4 Feb 2022 00:09:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1643962163; bh=ME3ANMaGEKZRLeu1Hkmuuvxf0IkGJKIvLavtJnktYvk=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To; b=jwdF+Klbmul9ZwpNVkBR6svWafz5PuU55p/0U31FNj64fmHuA2Zg/iS0/WTTq1Tp0 Poc1P6dYk50G1x8aU0Dh+lpNGcUUdSXSgP4tEc8mV3inEDhBb5U+T8077LNhxYJAlD 39fM/EZndtRlMJUEo7aHM73s/KuPsQ4/yDnMGCdo=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.10] ([5.146.193.130]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MQe5u-1mtFvp0tlO-00NkZ8; Fri, 04 Feb 2022 09:09:23 +0100
Message-ID: <16853d5f-a795-3a59-f8d9-e5c2652d0d9d@gmx.net>
Date: Fri, 04 Feb 2022 09:09:21 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0
Content-Language: en-US
To: Carsten Bormann <cabo@tzi.org>
Cc: John Mattsson <john.mattsson@ericsson.com>, "t2trg@irtf.org" <t2trg@irtf.org>, "core@ietf.org" <core@ietf.org>
References: <164370592991.14136.4943780498822971831@ietfa.amsl.com> <HE1PR0701MB30500AA57A7DD6F3170BB60F89269@HE1PR0701MB3050.eurprd07.prod.outlook.com> <5AFB6C76-9C15-4050-B478-711832318342@tzi.org> <HE1PR0701MB3050F758474CC029B932112F89279@HE1PR0701MB3050.eurprd07.prod.outlook.com> <9F1343E2-B330-4ED8-8ECB-591A013A51EF@tzi.org> <HE1PR0701MB3050423B37F408F2C9F8B98689279@HE1PR0701MB3050.eurprd07.prod.outlook.com> <bd50b93f-4ecf-f367-0de9-eb49b90c0c15@gmx.net> <0E1DE32A-1762-46D0-B535-730E66FB2714@tzi.org>
From: Achim Kraus <achimkraus@gmx.net>
In-Reply-To: <0E1DE32A-1762-46D0-B535-730E66FB2714@tzi.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:yeWwLQ7/cEomHAzh3cEQQZCTHiW4zzQyIlrQXl6gkOBZx6oHA/D 1q/aLG1aV8v6ejaojtKNvkfHWMtpSl62Yz7hoZcKEvzDFWm/Mivl6ngxKIfyn2bTZERLwx/ 3Q6EFGhiNltPxr3chiK9RNMVEKrB0U9haDpwBbsPmZzzMTMKp3L07A+km1iTcqwkgBmzcgq nIF3Z44IRMXK/pM6tFdTA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:9vrwnmefIbc=:G4aOzuJlQq0nG3TPJHx7Xf FgWtHE0gMX7wlrHUdfHGphgBEY7VIBpVbLE5pFy1AM9RBi8uiHRi4G45m1OitX6+eEawax78i 5/Rh28/sShY++p11FPToVFVwoecjH0gU5hTvMhI3A310B+epmfeCdzmC2N9Ag4Rp+/Ya+w0ko Z3Run9pu0Zimg0J4qoY/zWIgCQPQNJr3SW4HyywOYouViXFFlelYlu8vLCMaW4CQhOBHhbK9H PIQ0Yq5ZuCtNNun5mYf53tCFzYNnZa+A/2E2+ksN0hF93aGJzYR9L9AriYkufwRYh+Wz8AoX6 Eyg65yxeo+kx/QXYR/XFgBsYy2TZ/Vh+LSlLBltoiBDj+PTOHIbK4t5pYb5vh6fCjNIJFgsBO BfSCGhvEY7SKBIi+pyzikNdCmvotZzbKAvYV5oPrOSATBJysPQeudtmEO+OKX8cLqoKFIxPa8 idJUAFFz43Lk1NJZhQmWTVB2oNWC0yB1WvdbtORQgihwnpm1DkKCtvazwiYmlj+BxgCv82dOD bvTJ78hshKZyKubCslviAI6291teTMqXuTE6RMfWf09q8XN5RatyZL1urk7AEP8qMdL/rxtdV lZ2NJERdBsl45Onc9NPMuO4vEJDnYXoB364ZSjnHyBPJ7A1w73KLxUPhzWD+Xs0gPixSK5qII ikpFCwIY3mWuKOwmpbvq7AOa8qxSlwWk+dWEfeKlATGJaSdwv+8AmlZCjXicDvU3xTPuu31nI 8bKtFl/q102wwEGfQ/HyxHd7XLs4E3D/aHlbk+DNRVqlH0ohc/Jrex07uRW+8br1nXcy8wETj Cbt2stoT6Gr4OAekZnXKBQlq4vudXH4r2NDfUFJb/NXf9yIyw3X9oy1mse7M84VDZ0PFyEmuV HCTdiEci3HrqrqX91zRTIbzGT9Wx9M0vQO0ST4BJI0ml0jsjFmGFmU/6aeXhzQEkUdi+WTk/c eLuDHCacIls5PzDhfK1An8HWMzzw+Z9tQ77DnNI/t3atGMTVxs/LHd9R9MJiUJPwUYlimLUqg 4KpJbYbXPgZ/J33R2AHqe/y5etEVbMdechu6J0s/nyW6AgsjO9LW+UKOVupA9l5YkgwhdEAbb xrS63QjG6TUXfc=
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/4ALRDcPd-SislyI315o5qzqJd2s>
Subject: Re: [T2TRG] [core] New Version Notification for draft-mattsson-core-coap-attacks-02.txt
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2022 08:09:40 -0000
Hi Carsten, > That is exactly the issue that makes this so hard. > We need to factor in how attackers are going to behave, so the answers are neither exact nor stable. > If there are better amplification sources, there will be much fewer attacks using public CoAP servers. > But once these go away, CoAP server suddenly seem interesting again. > So the fixes in other protocols and implementations are our enemy here… For the future there may be several ways to go. Amplification attacks: AFAIK requires address spoofing and that seems to get harder. One way is to try to give guidance to use "plain" CoAP in a saver way, the other is to give the guidance to use CoAP over DTLS, which reduces such amplification as well. I'm unfortunately not common with OSCORE, so I don't know, if that changes something in that scope or not. Attacks by "captured" devices: Such attacks don't require spoofing, but the protection against capturing a device have a larger scope than just the protocols. What is required according the protocols, is to harden the implementations. FMPOV, it's again a difference, to focus on CoAP or DTLS. AFAIK, hardening DTLS makes progress, seems that many researches have put an eye on it. At least the open source project received a lot of input to improve (e.g. californium, tinydtls, pion/dtls). In the past years I missed some guidance about protecting the "systems under attack". Years ago, the major general recommendation seems to have been "block UDP at all at the very first firewall". That obviously doesn't work for CoAP over UDP or DTLS. In the scope of Eclipse/Californium I added therefore instruction to use firewall rules for DTLS (see https://github.com/eclipse/californium/wiki/DTLS-1.2-based-firewall), if that is possible (obvious, that mostly isn't possible at the very first firewall, but later on the own machines). For plain CoAP, I don't see, how malicious traffic can be filtered out at that level. (And yes, that protects only from non-DTLS traffic, as explained in the wiki.) For me the question is therefore more: Stick to try to give guidance to use plain CoAP, or start to stronger recommend DTLS. > It seems you have data, and that is what I’d like to collect in the T2TRG effort, together with what went wrong in the specific instances. I setup some time ago https://github.com/eclipse/californium/wiki and update the information there. best regards Achim Kraus Am 02.02.22 um 18:57 schrieb Carsten Bormann: > Just picking one paragraph here: > >> On 2022-02-02, at 18:52, Achim Kraus <achimkraus@gmx.net> wrote: >> >> I'm not sure, if there is a common, realistic understanding of the >> "nature" of such an attack. At least I have much more questions than >> answers. E.g. is amplification only relevant above some threshold? >> Means, if a request with 80 bytes is used and the response has 160, is >> that relevant? Or must the response be above 400 bytes in order to get >> relevant? So, in theory there may be a lot of rules, but I'm afraid, >> that these rules stay theoretical, complicated, and maybe practically wrong. > > That is exactly the issue that makes this so hard. > We need to factor in how attackers are going to behave, so the answers are neither exact nor stable. > If there are better amplification sources, there will be much fewer attacks using public CoAP servers. > But once these go away, CoAP server suddenly seem interesting again. > So the fixes in other protocols and implementations are our enemy here… > > It seems you have data, and that is what I’d like to collect in the T2TRG effort, together with what went wrong in the specific instances. > > Then we need to forge these data into an assessment of the situation and finally rules with a bit harder boundaries than the ones we already have. That will be the BCP. > > Grüße, Carsten >
- Re: [T2TRG] [core] New Version Notification for d… Carsten Bormann
- Re: [T2TRG] [core] New Version Notification for d… John Mattsson
- Re: [T2TRG] [core] New Version Notification for d… Carsten Bormann
- Re: [T2TRG] [core] New Version Notification for d… John Mattsson
- Re: [T2TRG] [core] New Version Notification for d… Achim Kraus
- Re: [T2TRG] [core] New Version Notification for d… Carsten Bormann
- Re: [T2TRG] [core] New Version Notification for d… Achim Kraus
- Re: [T2TRG] [core] New Version Notification for d… John Mattsson