Re: [tcpinc] [tcpm] TCP Stealth - possible interest to the WG
Jacob Appelbaum <jacob@appelbaum.net> Wed, 20 August 2014 13:43 UTC
Return-Path: <jacob@appelbaum.net>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E64B01A039F for <tcpinc@ietfa.amsl.com>; Wed, 20 Aug 2014 06:43:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnLkwD0eTu30 for <tcpinc@ietfa.amsl.com>; Wed, 20 Aug 2014 06:43:11 -0700 (PDT)
Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E2941A038F for <tcpinc@ietf.org>; Wed, 20 Aug 2014 06:43:11 -0700 (PDT)
Received: by mail-qa0-f42.google.com with SMTP id j15so6915880qaq.15 for <tcpinc@ietf.org>; Wed, 20 Aug 2014 06:43:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=MabwwMyCN+cZ2dCGNPiQnF242wX90JIsmhSQTDvUoCI=; b=TRZ68Xxuodbb3FDtY/boAu6BSqrKorrqeVgh3zNUvSMWV2PHAvKtUGKTLQfXciPn9s L+jG1/4vnFowEhmPY+xCEJeRKBmNYeQZWtrzIA6eAT5DyrPLifCY2/p5aSME/8X5W3NV bVDyEAdU2IgV1eTITocXjhCUn8Ev1pMR8HCLtuSyhqrI/0vrlWunuxYEXsmvowNN5EQ6 Xqvh6/WB4Ju/fiAp0rQhObqCtcHPCIn287jf/6XojcmeT7hEmjO5ACPGQpUphOxIPQny rJfv1rXhzku5b3iSOSUGZpy0rKtULdbfzptCiEF9vuOmsAbExI/KwFUjtNF7ziE01kfI ARew==
X-Gm-Message-State: ALoCoQl5711fL8uRCuXLlcJKognilb6rizHtd6CikpPqYp28hG1UMdORR5sD7N3jWYV2NfUcnltf
MIME-Version: 1.0
X-Received: by 10.224.30.14 with SMTP id s14mr79577491qac.70.1408542188066; Wed, 20 Aug 2014 06:43:08 -0700 (PDT)
Received: by 10.140.91.50 with HTTP; Wed, 20 Aug 2014 06:43:07 -0700 (PDT)
X-Originating-IP: [216.75.21.31]
In-Reply-To: <20140819212351.GB11767@breakpoint.cc>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com> <CAFggDF2jhQPz0Eez=AU9M-k862wD_=VSyVpXtRAjT4zC6H4tgA@mail.gmail.com> <1408397675.299896.154112109.6F69043F@webmail.messagingengine.com> <8c5f6a1e9f2340e48e25dd151406b7d3@hioexcmbx05-prd.hq.netapp.com> <1408401991.317123.154137701.0A30F30C@webmail.messagingengine.com> <CAPh34meB=EtgNu=_eBS6ekB20fRccAqXFWydkCWG+6VKSa98rg@mail.gmail.com> <CAFggDF39L+kLQLmiWJR3q6suPOtYmKJiJUqp0kBv7GjUtNVOjA@mail.gmail.com> <20140819212351.GB11767@breakpoint.cc>
Date: Wed, 20 Aug 2014 13:43:07 +0000
Message-ID: <CAFggDF30285E3eYfUOR-2hwNkdFf7Jh_Q5d8A38MtOT4K_9gsA@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Florian Westphal <fw@strlen.de>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpinc/QJnC_EaHht4AWasvtIJEb33PjHU
Cc: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>, Christian Grothoff <christian@grothoff.org>, Hagen Paul Pfeifer <hagen@jauu.net>, alfiej@fastmail.fm
Subject: Re: [tcpinc] [tcpm] TCP Stealth - possible interest to the WG
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 13:43:13 -0000
On 8/19/14, Florian Westphal <fw@strlen.de> wrote: > Jacob Appelbaum <jacob@appelbaum.net> wrote: >> No. I want to protect my TLS service from implementation exploitation. >> You cannot probe my TLS service for the next heartbleed without a >> shared secret. > > So you won't accept e.g. smtp STARTTLS on your mail server? That is likely a public service that is never going to be restricted with TCP Stealth. > > Also, once this becomes widespread, people will add > --probe-all-isns switch to their port scanners.... > That sounds fantastic - it suggests that a person is willing to send 2^32 packets to a single port. That will stick out like a sore thumb and of course, a system can detect this probing and take reasonable precautions. > It looks to me like this (I apologize In advance if this seems > offensive): > > Q: - I want to run $service, but I don't want anyone to see it! > A: - don't run it. That isn't an option. > > Q: - But I need to access the service sometimes from random locations! > A: - protect it with a password/some other form of secret. > That is exactly what is done here - we protect it with "some other form of secret." > Q: - But then its visible to port scanners! > A: - So what? Defense in depth - we don't need to run faster than the bear, only faster than everyone else. :) > > Q: - But it allows people who have detected service presence > to try running exploits against it! > A: - If you really care, tunnel via ssh perhaps? Using a VPN or something like a VPN is one option, yes. When that edge software has issues, it would be nice to ensure that a casual attacker will not even discover this software is running. > > Q: But I really really want to hide the presence of all services, > i.e. all tcp ports should appear to be closed > > A1: - There are portknock schemes to add obfuscation if you really want > this. > That is exactly what TCP Stealth aims to standardize. > Q: - But I cannot use portknocking because....? > A: - ? > > I tried to find explanation in draft-kirsch-ietf-tcp-stealth-00, > but did not find any. It talks about "pitfalls" of applications > trying to "reimplement tcp in user space". Perhaps there > should be a paragraph as to why ra > ...? > But even assuming that there is a need for portknocking and/or > TCP Stealth: > > - How does this relate to TCP-AO? > (The draft mentions tcp md5sig only, then disregards it as it > doesn't work in NATted environments) > > [ I realize TCP AO has other issues esp. vs. the proposed stealth > scheme, especially wrt. complexity. Anything else? ] > > > Problems I see with the proposal (ignoring the TCP related issues > others pointed out and the "obscurity only" approach), > and a few questions: > > - What about timing? I.e. is response time different regarding > RST-from-closed-port vs. RST-from-stealth port? This will vary by implementation and configuration. At the moment, I think that it is minimal over the internet but I wouldn't be surprised if there was a detectable jitter. I defer to Christian about specifics on this measurement though. Perhaps we can put up a service as a demo? :) > - e.g., are hosts required to perform authentication even for > SYN-to-closed-port, etc? > > - Your adversary may be able to do full passive monitoring of > all network traffic (also compare "replay" above), so whats the purpose > of "avoiding" active scans? > Exactly the purpose - we wish to avoid active scans. The GCHQ/NSA/CSEC do active scans when their full passive monitoring isn't enough. This hampers that angle of information gathering. It also ensures that even if they are monitoring with a passive/active tap - we can authenticate the first bytes of a secure protocol setup. This is good news - it means that even a sniffer can't wait for a sysadmin to ssh into the server and then hijack the session. > - Key Propagation (either your group is very very small, or I can > probably find the secret-secret-word via a web search...) The first is certain for many services, the second assumes a totally public service. There is no reason that the second must be true, even if the first assertion is correct. > > - Seems most services cannot use it since they have to accept > connections from (almost) anyone Huh? > > In fact, this is one of the main problems that I see with the proposal; > its use seems severely limited; up to the point where its unusable in > practice. > > Perhaps it would help to show specific usage examples > of how this would be deployed/where this is usable? I think gnunet.org is a good example of where it is currently deployed. > >> > Another objection: the mechanism help only for a small fraction of use >> > cases. Especially when the server communicate with one or a few >> > clients where the "shared secret" is no problem. But especially in >> > these setups TLS client certificates could be used without any >> > problems. >> > >> >> What happens in your example when there is exploitable code in the >> client certificate parsing code? > > "What happens in your example when there is exploitable code in the > payload protection verification?" > > [ Its rhetoric question. I am aware of complexity difference. The point > is, do your really think its worth to add yet another layer -- which can > have issues both in the specification and the implementation -- rather than > e.g. slim down/fix security transport protocol specs and implementations? ] > > Else, I guess I could argue that running your service via SCTP is "more > secure" since its "less likely to be found in scan..." > There is specific cryptographic complexity in TCP Stealth and that is not the case with SCTP in your example. All the best, Jacob
- [tcpinc] TCP Stealth - possible interest to the WG Scheffenegger, Richard
- Re: [tcpinc] TCP Stealth - possible interest to t… Jacob Appelbaum
- Re: [tcpinc] TCP Stealth - possible interest to t… Alfie John
- Re: [tcpinc] TCP Stealth - possible interest to t… Scheffenegger, Richard
- Re: [tcpinc] TCP Stealth - possible interest to t… Alfie John
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpinc] TCP Stealth - possible interest to t… Yoshifumi Nishida
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpinc] [tcpm] TCP Stealth - possible intere… Alfie John
- Re: [tcpinc] TCP Stealth - possible interest to t… Joe Touch
- Re: [tcpinc] TCP Stealth - possible interest to t… Joe Touch