Re: [TLS] add challenge in TLS v1.3 to prevent DDOS attack?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 08 June 2015 09:20 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D12A31B2DE2 for <tls@ietfa.amsl.com>; Mon, 8 Jun 2015 02:20:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSJsx8bHAbNS for <tls@ietfa.amsl.com>; Mon, 8 Jun 2015 02:19:59 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C43FF1B2DD1 for <tls@ietf.org>; Mon, 8 Jun 2015 02:19:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1433755199; x=1465291199; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=rBbumzfst9BJKfwbUT6jWsIE5X4eEvMyRCI2GPqbUfk=; b=kqgbN1FKtuqh/ws7PggZuek2paMaqtJDTRhtNnOtMEw1g2ymeeFFG38u TSj72CbrmSz8QRPFphHY07u29asNjHZnH11dVU5M84jJY9Zzi7NgJyqnU HL9PrB1nIY2OaKjMLrInDwzqBvA5uRLidtuSIzTRhTTEFU4WR71AKC8Us REgBWIrvD5WH7QLdOJn7hMiIGdT6qZ5JmbfWVfAQOPY48iM4tG1OSFTlz GY6aDIQWNF+mKo0nCadcMUwLFiBikymP8xMa+jqcul8JWiIU8r4NgVMtb t11ZX5JrYtNH2Z5VrOr0ZeuswD19NYjJC3U1tb+LQ4lCXeRAkoCl0nyvs A==;
X-IronPort-AV: E=Sophos;i="5.13,573,1427713200"; d="scan'208";a="21530346"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 08 Jun 2015 21:19:57 +1200
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.151]) by uxchange10-fe3.UoA.auckland.ac.nz ([169.254.143.234]) with mapi id 14.03.0174.001; Mon, 8 Jun 2015 21:19:56 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Bingzheng Wu <bingzheng.wbz@alibaba-inc.com>, tls <tls@ietf.org>
Thread-Topic: [TLS] add challenge in TLS v1.3 to prevent DDOS attack?
Thread-Index: AQHQoceuLXfEop8B+kSbMbpiYwOh352iVK20
Date: Mon, 8 Jun 2015 09:19:56 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AB039DA4@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <----3-------MPf3-$0147073b-d557-427b-a8c7-d3dd80aef07b@alibaba-inc.com>
In-Reply-To: <----3-------MPf3-$0147073b-d557-427b-a8c7-d3dd80aef07b@alibaba-inc.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/hrNYkUOneWX9PG06gOJAOEcXHGA>
Subject: Re: [TLS] add challenge in TLS v1.3 to prevent DDOS attack?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2015 09:20:03 -0000

Bingzheng Wu <bingzheng.wbz@alibaba-inc.com>; writes:

>So, could we add a challenge-response mode in TLS v1.3 to increase the attacker's cost ?

You don't need anything that complex, OpenVPN has for a number of years
supported a very effective way of dealing with this, all you need to do is
formalise that.  It doesn't really need TLS 1.3 either, since you can do it in
a standard extension.  OpenVPN gives it the very misleading name tls-auth,
it's just a use of a PSK to MAC incoming packets, so the client-hello is
authenticated and dropped unless it has a valid MAC signature.  This has
protected OpenVPN against a number of OpenSSL vulnerabilities (as well as
generic port-scanning and similar), most notably Heartbleed, where any attempt
to exploit the vuln just bounced off, because unless you have the MAC key you
can't get past even the first hello message.

I started work on an RFC draft for this a while back, but it got shelved
because of conflicts over making it OpenVPN-compatible or not, it shouldn't be
too much work to dig it out and finish it (albeit in a non-OpenVPN-compatible
manner).

Peter.