Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions
Matthew Van Gundy <mvangund@cisco.com> Thu, 01 March 2018 23:40 UTC
Return-Path: <mvangund@cisco.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5956D12FB0D; Thu, 1 Mar 2018 15:40:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BN0qqJdvOSG8; Thu, 1 Mar 2018 15:40:48 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C304D12FACC; Thu, 1 Mar 2018 15:40:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1866; q=dns/txt; s=iport; t=1519947647; x=1521157247; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=Zg+8BYN4Aom8cG/lcHWllXuQIygmkqdUUmmfenlmcWk=; b=TKUHxQyHyZ57fWShUgSsZOePli8HLa9RQYhQor8bwNJo9kYrapRw6PNZ jCKPnm4GRa/YcMpfpV0GikTbaipN9BFTJnAR0gbMtRVeXTaqIoTIslL/C iIHM2Gjd35kZeG8oW/GZGSe6lifqPX//gb49uaHsdKa/8X/oLbNqXMD+t g=;
X-Files: signature.asc : 269
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AmAQD0jpha/4MNJK1dGQEBAQEBAQEBAQEBAQcBAQEBAYNQZnCOH3SNBYICgRaULIIVBwMjhQ0Cgl4hNBgBAgEBAQEBAQJrJ4UkAQV5EAsOCgklDwVJhS4QrE+Ia4ImBYUiBIIngz2DLYMuAQECAYFSg1eCMgSOaYtvCYZSihuPA4l7h1iBLh44gVIzGggbFYJ+gi8CG4IZjUkBAQE
X-IronPort-AV: E=Sophos;i="5.47,409,1515456000"; d="asc'?scan'208";a="144567392"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Mar 2018 23:40:46 +0000
Received: from saucy.localdomain (saucy.cisco.com [64.100.220.11]) by alln-core-1.cisco.com (8.14.5/8.14.5) with SMTP id w21NekE9003880; Thu, 1 Mar 2018 23:40:46 GMT
Received: from mvangund-retina.ddns.asig.cisco.com (mvangund-retina.ddns.asig.cisco.com [64.100.220.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by saucy.localdomain (Postfix) with ESMTPS id 3zsppQ0wq6zFpZq; Thu, 1 Mar 2018 18:40:46 -0500 (EST)
Date: Thu, 01 Mar 2018 18:40:45 -0500
From: Matthew Van Gundy <mvangund@cisco.com>
To: Hal Murray <hmurray@megapathdsl.net>
Cc: ntp@ietf.org, tictoc@ietf.org
Message-ID: <20180301234045.GE41820@mvangund-retina.ddns.asig.cisco.com>
References: <20180301070636.2CFDF40605C@ip-64-139-1-69.sjc.megapath.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="o0ZfoUVt4BxPQnbU"
Content-Disposition: inline
In-Reply-To: <20180301070636.2CFDF40605C@ip-64-139-1-69.sjc.megapath.net>
User-Agent: Mutt/1.9.1 (2017-09-22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tictoc/kN2Wz2o4sO3ihxX_2vJu6nhXeTw>
Subject: Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 23:40:52 -0000
On Wed, Feb 28, 2018 at 11:06:36PM -0800, Hal Murray wrote: > Why is AES-CMAC more interesting than one of the digests supported by OpenSSL? The keyed-hash construction that NTP uses is not a secure message authentication code, it is vulnerable to the classic length extension attack [1] when used with common hash functions, such as MD5, SHA-1, and the SHA-2 family of hash functions. This allows an attacker to append additional forged NTPv4 extension fields on to an authenticated NTPv4 packet. draft-ietf-ntp-mac-03 refers to this attack through its reference to the BCK paper in section 2 [2] even though it does not explicitly call out length extension attacks in the body of the draft. In current usage, this rarely poses a problem. In the NTP reference implementation extension fields are only used by Autokey. If you have Autokey disabled, it does not give an attacker any additional power. However, if NTPv4 extension fields catch on for uses other than Autokey, this will become problematic. AES-CMAC is a secure message authentication code and, therefore, is not vulnerable to this kind of attack. [1] https://en.wikipedia.org/wiki/Length_extension_attack [2] https://tools.ietf.org/html/draft-ietf-ntp-mac-03#section-2 Cheers, Matt -- Matthew Van Gundy, Technical Leader Advanced Security Initiatives Group Cisco Systems, Inc.
- [TICTOC] draft-ietf-ntp-mac, extensions Hal Murray
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Miroslav Lichvar
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Hal Murray
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Matthew Van Gundy
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Miroslav Lichvar
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Miroslav Lichvar
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Matthew Van Gundy
- Re: [TICTOC] [Ntp] draft-ietf-ntp-mac, extensions Hal Murray