Re: [tcpm] WGLC: draft-ietf-tcpm-tcpsecure-10.txt

On Sun, Sep 28, 2008 at 02:03:55PM -0700, Anantha Ramaiah (ananth) wrote:
> 
> Ted,
>   Appreciate the detailed comments. Pl see inline responses.

My pleasure.

> > -----Original Message-----
> > From: Ted Faber [mailto:faber@ISI.EDU] 
> >
> > P13:
> > 
> > "...so the chances of successfully injecting data into a 
> > connection are
> > 1 in (2^32/RCV.WND *2)."  In describing the RST attacks, we 
> > spoke in terms of mean number of tries, and I'd be consistent 
> > here.  Similarly I'd do the math all the way: " ... so the 
> > mean number of tries needed to inject data successfully is  
> > 2*2^32/RWND = 2^33/RCV.WND."
> 
> Sure, it is good to be consistent. But the math which you depict above
> seems incorrect to me. What was said earlier in the document is
> (referenced from Watson's paper ) is :
> 
> ============
>    "[SITW] demonstrated that
>    this assumption was incorrect and that instead of [1/2 * 2^32]
>    packets (assuming a random distribution) [1/2 * (2^32/window)]
>    packets is required.
> 
>    Substituting numbers into this formula we see that for a window size
>    of 32,768, an average of 65,536 packets would need to be transmitted
>    in order to "spoof" a TCP segment that would be acceptable to a TCP
>    receiver.  A window size of 65,535 reduces this even further to
>    32,768 packets.  At today's access bandwidths an attack of that size
>    is feasible.
> 
> ===============
> 
> So for data injection, this should become 2^32/RCV.WND. (i.e, [1/2 *
> 2^32 *2]/window )

The paragraph I'm commenting on reads:

   A third type of attack is also highlighted by both the RST and SYN
   attacks.  It is also possible to inject data into a TCP connection by
   simply guessing a sequence number within the current receive window
   of the victim.  The ACK value of any data segment is considered valid
   as long as it does not acknowledge data ahead of the next segment to
   send.  In other words an ACK value is acceptable if it is ((SND.UNA-
   (2^31-1)) <= SEG.ACK <= SND.NXT).  The (2^31 - 1) in the above
   inequality takes into account the fact that comparisons on TCP
   sequence and acknowledgement numbers is done using the modulo 32 bit
   arithmetic to accommodate the number wraparound.  This means that an
   attacker has to guess two ACK values with every guessed sequence
   number so that the chances of successfully injecting data into a
   connection are 1 in ((2^32 / RCV.WND) * 2).

I'm saying that, assuming the math is correct, that last expression
should be (2^33 / RCV.WND).  I didn't check the math.  If you also
believe the math is wrong, you have a larger edit. :-)

On rereading the argument, it does sound like a data injection attack
should be harder by a factor of 2 and that they multiplied by the wrong
expression (2^32 rather than 2^31).  So I think you're correct about the
math, and if so the final expression would be 2^32 / RCV.WND.

I'd be happier if someone else also looked at this paragraph for
technical accuracy.

-- 
Ted Faber
http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG