[tcpm] Security concerns with relative timestamp exposure through TCP ISNs

Aaron Rainbolt <arraybolt3@gmail.com> Tue, 29 October 2024 22:00 UTC

Return-Path: <arraybolt3@gmail.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C10BCC17C88A; Tue, 29 Oct 2024 15:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E90aN4xMm6Bl; Tue, 29 Oct 2024 15:00:36 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71148C16943C; Tue, 29 Oct 2024 15:00:36 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id ca18e2360f4ac-83aadcce552so23411539f.3; Tue, 29 Oct 2024 15:00:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730239235; x=1730844035; darn=ietf.org; h=mime-version:message-id:subject:cc:to:from:date:from:to:cc:subject :date:message-id:reply-to; bh=VRVzNeKXPGA5PkM/hc1iUIcztF83OxAivuKjfgZ10YM=; b=Nm0njXf4AluzcJB/JPlELXt+tz5w85BV2Bxin2hU++3F41yydsijtjKuw1ZC3pq6Tm gOA0oGnMN0qsd2XhEHJXhuXMHLynh6nggGa0kM6BV5RaS8lvcSBxkF/77N7L2LT7zMM7 qmXBla0ExtNpoDQUP28wyVzuLP6rDA1fw9cbcCP8+2s0UQ5uNDkSCsOsL/bz8tYL7GQb lwHJ2hJ4yBF8iQnc2PbYXSIDyhTUWJBpArTSSUqEX76AxjzqCpdvmG/3lHuyQKs75ZBH xR3FlQCgUHrYhVcnLNYAYE/3P+DmL87qfc6DGBnrbuAkaixlbK2J50eZmsQS+/VYOhs+ ag0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730239235; x=1730844035; h=mime-version:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=VRVzNeKXPGA5PkM/hc1iUIcztF83OxAivuKjfgZ10YM=; b=lsdVTECMOpZch92gf55sLusWJ+OsswSHQCR8epihLjk2c9aBYoylerHAT88if7QgnH LbXvevvOKCAazfZzV8tRTq+8CHbs9E+BoQg1vr2zpMEjrHPUFl1jDugMBAm9ZzaGP0+X zVFpbTwisiiCk5juVHrHHE8+F1YYHFBiBz3NCDWAGVknpvTfZbfd+foja6EemxnUAuIM tpRm0VL8yH3mNDCDUMiJxnzbhgqt9/ukdLXfk09KTWgIz0GOuvd3lT8oLFddg6CFCRnE E5FsKrzLb6Csq4l7qPMbIrPlGo6A7iosHPT1vl7tMEwA5afoEk/JePnudAXjWpUhEwUW XdaA==
X-Gm-Message-State: AOJu0Ywtnz6VMyqIaJpvzpvFWK8Hiew4eANBrvEyn7xueGJE6O59QZ1h bflTxQLA6K48Mm326cTM9SiUzjIuoCU1YKIqepWri9OmloIQhe58DWN8qg==
X-Google-Smtp-Source: AGHT+IFQLZn/lVOiNGKS+yULnZAb3+hnVZENGdVVdKuOFNy0NgPMsJ6kQnnmxYLKpO+yvQkloZg/7A==
X-Received: by 2002:a05:6e02:1d90:b0:3a2:57d2:3489 with SMTP id e9e14a558f8ab-3a4ed2f0dadmr33450945ab.3.1730239234841; Tue, 29 Oct 2024 15:00:34 -0700 (PDT)
Received: from kf-ir16 ([2607:fb91:759:8d6:5c71:f15e:cc84:d2b8]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4dc72781decsm2609992173.146.2024.10.29.15.00.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 15:00:34 -0700 (PDT)
Date: Tue, 29 Oct 2024 17:00:23 -0500
From: Aaron Rainbolt <arraybolt3@gmail.com>
To: tcpm@ietf.org
Message-ID: <20241029170023.2ed90044@kf-ir16>
X-Mailer: Claws Mail 4.3.0 (GTK 3.24.41; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_/jhA5.7gIOZ1x5CDGcEYueo+"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-MailFrom: arraybolt3@gmail.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tcpm.ietf.org-0
Message-ID-Hash: K6CZXAD53CQR3NKOIKCG3OLYDAOULY62
X-Message-ID-Hash: K6CZXAD53CQR3NKOIKCG3OLYDAOULY62
X-Mailman-Approved-At: Wed, 30 Oct 2024 05:19:56 -0700
CC: protocol-vulnerability@ietf.org, adrelanos@kicksecure.com
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [tcpm] Security concerns with relative timestamp exposure through TCP ISNs
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/FzXQv-QmlQyMi-hbvGpg9uCB5Zs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Owner: <mailto:tcpm-owner@ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Subscribe: <mailto:tcpm-join@ietf.org>
List-Unsubscribe: <mailto:tcpm-leave@ietf.org>

Greetings, and thanks for your time.

I am a developer contributing to the Kicksecure and Whonix projects. As
part of my work, I did some research into potential security issues
related to how TCP Initial Sequence Numbers (ISNs) are generated
according to RFC9293. This is a report of my findings, potential
concerns, and ways in which these concerns may be able to be
alleviated. I've copied the lead Kicksecure developer on this email.

According to RFC9293 section 3.4.1, TCP ISNs must be generated as
follows:

> TCP initial sequence numbers are generated from a number sequence
> that monotonically increases until it wraps, known loosely as a
> "clock". This clock is a 32-bit counter that typically increments at
> least once every roughly 4 microseconds, although it is neither
> assumed to be realtime nor precise, and need not persist across
> reboots. The clock component is intended to ensure that with a
> Maximum Segment Lifetime (MSL), generated ISNs will be unique since
> it cycles approximately every 4.55 hours, which is much longer than
> the MSL. Please note that for modern networks that support high data
> rates where the connection might start and quickly advance sequence
> numbers to overlap within the MSL, it is recommended to implement the
> Timestamp Option as mentioned later in Section 3.4.3.
>
> A TCP implementation MUST use the above type of "clock" for
> clock-driven selection of initial sequence numbers (MUST-8), and
> SHOULD generate its initial sequence numbers with the expression:
>
> ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
>
> where M is the 4 microsecond timer, and F() is a pseudorandom
> function (PRF) of the connection's identifying parameters ("localip,
> localport, remoteip, remoteport") and a secret key ("secretkey")
> (SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or an
> attacker could still guess at sequence numbers from the ISN used for
> some other connection. The PRF could be implemented as a
> cryptographic hash of the concatenation of the TCP connection
> parameters and some secret data.

The algorithm described here provides good reliability without making
it easy for an attacker to guess TCP ISNs. However, it exposes a
relative timestamp to both sides of the connection, data which may seem
non-sensitive but which is likely exploitable in attacks.

Relative timestamp data can, among other things, be used to determine
the relative temperature and system load of a remote machine based on
clock skew measurements. This is described in Steven J. Murdoch's "Hot
or Not: Revealing Hidden Services by their Clock Skew".[1] The
referenced paper describes several methods in which this capability can
be used to an attacker's advantage - the primary issue covered is the
ability to de-anonymize Tor hidden services, however other issues that
are covered include geolocation and data transmission via a covert
channel. The paper relies on TCP timestamps, however as TCP ISNs are
sent both ways by both peers in a connection and can be easily obtained
by opening and closing a new connection, I believe they are a suitable
alternative for TCP timestamps. TCP ISNs are particularly useful in
this context as TCP timestamps can be disabled, but TCP ISNs cannot.

The most obvious way I can think to exploit this is to use it to
distinguish computationally intensive operations from computationally
cheap operations, even if both take the same approximate amount of
time. For instance, an authentication system for a server may run a
computationally intenstive constant-time password hashing algorithm if
a provided username is present on the system, but simply sleep for the
duration of time needed to run that algorithm if a provided username
does not exist on the system. In theory, this would be immune to
timing attacks while reducing resource consumption, however in practice
the ability to extract relative timestamps via TCP ISNs could be used
to subvert this by analyzing the remote system's clock skew. The skew
would be noticeably different for intensive operations than for cheap
operations, which could then be used to determine if the username in
question existed on the remote system. Obviously, a single login
attempt would probably not be enough to change the clock skew of the
victim system enough to matter, so the attacker would likely have to
make many login requests in parallel over a relatively long period of
time to achieve the desired effect. The "hot or not" paper mentions that
the capacity of the covert channel offered by the attack is
approximately 2 to 8 bits per hour, meaning that an attacker could use
this technique to enumerate usernames at a speed of about 2 to 8 users
per hour (possibly higher due to the clock speed used for ISN
generation) assuming the remote server was not put under heavy load by
another influence.[2]

Another way this flaw could be used is for low-speed, hidden data
transfer. A "sender" machine can run any arbitrary TCP server (even one
that does not send or receive any visible data), while the "receiver"
machine can run a simple TCP client that connects to the sender using a
particular localip/localport/remoteip/remoteport combo repeatedly. The
receiver need only record the sender's ISN from each connection and
record it, then it can close the connection. The sender can now
transmit data (albeit very slowly and inefficiently) to the receiver by
modulating its system load. The receiver will be able to observe the
system load patterns based on clock skew, and extract a binary sequence
from that pattern corresponding to the modulated system load of the
sender. In this way a machine could transfer sensitive data to another
machine without having to send visible data through the TCP connection.
Again, the speed of the transfer would only be about 2 to 8 bits per
hour, so this would mostly be useful for exfiltrating things such as
encryption keys from an already compromised server.

Note that I have not actually tested the feasibility of these attacks
yet, however they seem like they would work in theory. I believe I have
the necessary equipment to test these in practice, and can try this if
it would be helpful.

Ultimately, to mitigate this attack method, it is necessary to avoid
embedding any recognizable clock (relative or otherwise) in TCP
transmissions. However, this poses a challenge, as the monotonic nature
of TCP ISN generation is very useful for avoiding confusion between old
and new incarnations of a TCP connection. There are a couple possible
solutions I can think of that may help here:

* RFC6528 mentions that "[s]imple random selection of the TCP ISNs
  would mitigate those attacks that require an attacker to guess valid
  sequence numbers." This would naturally make it unsafe to quickly
  start a new connection after one was just closed however as the new
  ISN has a significant chance of being too close to an already-used
  sequence number to be handled properly (you end up with data from old
  and new connections potentially getting mixed up). However, this
  problem would likely vanish if TCP sequence numbers used a
  significantly larger number of bits than currently. With 256-bit
  sequence numbers, the chances of arbitrarily generating an ISN in the
  same 32-bit neighborhood as another sequence number is 2**224, which
  would make collisions very unlikely. Even if a machine established a
  new connection to a remote machine 1000 times a second for 1000
  years, the chances of even a single sequence number "close call"
  would only be about 1 in 8.55 × 10**62 (in reality it would be a bit
  less than that if there were multiple packets circulating in the
  network at any given time, but this would be of any practical worry
  as far as I can tell). This would incur an additional 28 bytes of
  overhead per packet, however.
* The fact that the ISN generation algorithm necessarily involves a
  secret key means that the first ISN used for any particular
  connection upon device reboot will be effectively equivalent to a
  random 32-bit value. With this in mind, the 64ns clock could be
  replaced with a simple counter, which would increment by one for
  every packet sent in a connection that used a particular
  localip/localport/remoteip/remoteport combo. This counter would not
  be reset after a connection was disconnected, so that in the event of
  rapid reconnections, the new ISNs would still increase monotonically.
  In the event of a reboot, the counter will reset, but so will the
  secret key, so the first ISN generated for each connection will
  appear entirely randomized, just like it is with the current
  specification. To my awareness, a counter-based scheme such as this
  wouldn't be usable for malicious purposes beyond what is already
  possible, as both sides of a TCP connection can simply count packets
  if they want a counter value. Depending on the implementation
  however, it may be possible for some counter values to be skipped,
  which could potentially expose network issues or be used as a covert
  channel. This would also consume additional memory between reboots,
  a problem which could be rectified by occasionally resetting the
  secret key and freeing the memory used by all counters.

Worthy of note, there already exists a Linux kernel module, tirdad[3],
which replaces the TCP ISN generation routines in the Linux kernel with
random number generators. The author of tirdad has their own article on
the rationale behind this.[4] At least on the relatively slow
connection I had when I tested it, and with the very lightweight
workload I used for testing (web browsing), this didn't seem to cause
any serious issues over short periods of time. It is almost certainly
not suitable for all TCP use cases, but it did seem to be "close
enough" for brief basic desktop use.

Thank you for taking the time to read this, and I hope this is helpful.

Sincerely,
Aaron

References:
[1] https://murdoch.is/papers/ccs06hotornot.pdf
[2] The "hot or not" paper mentions the possibility of using TCP
sequence numbers for attacks, but then states that "as the
cryptographic function is re-keyed every 5 minutes, maintaining long
term clock skew figures is non-trivial." I have not been able to find
this rekeying happening for ISN generation in the Linux source code
(looking at the tip of the master branch at the time of this writing),
and when doing testing on Debian 12 with a kernel patched to print ISNs
to the kernel log as they were generated, I did not see any resetting
happening, thus I believe this is a problem with Linux's implementation
at the very least. Even if an implementation did do rekeying for ISN
generation, I believe this is still a spec issue as the spec does not
mandate occasional rotation of the key used in the ISN generation
algorithm.
[3] https://github.com/0xsirus/tirdad/
[4] https://bitguard.wordpress.com/2019/09/03/an-analysis-of-tcp-secure-sn-generation-in-linux-and-its-privacy-issues/