Re: [TLS] Limiting replay time frame of 0-RTT data

Eric Rescorla <ekr@rtfm.com> Mon, 14 March 2016 21:33 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D68E712D71F for <tls@ietfa.amsl.com>; Mon, 14 Mar 2016 14:33:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.61
X-Spam-Level:
X-Spam-Status: No, score=-0.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjJn9nIr6a1B for <tls@ietfa.amsl.com>; Mon, 14 Mar 2016 14:33:19 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C861612D697 for <tls@ietf.org>; Mon, 14 Mar 2016 14:33:18 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id g127so184851185ywf.2 for <tls@ietf.org>; Mon, 14 Mar 2016 14:33:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CUEgU8lUPfqHLkxEP7PXeNrcLD30x8GXIGjT4/+X3Ko=; b=tCgV8N2lMjMCMhtsw0p9qLbTN6WK+/5i9VVd7r5sonMd1qO73kO/6R6JxICZHz79dN OnyVjPRhbHaOz1+waWx3Ufki8fAbBw/aK5Jq5qVZc/ZQ3fUOuzy1WJkbpeniAsXpDnrK 0lqfaPRslsDLLVNxwvumxUByCzafGuaV1m3N9wDMgyF670ACBUB+d0fuGeN6XtR1C/gw bu3/KXj7A/kfp4PnbmrUovdsZ3vDSHHg3eYUqzm4o0lBtSjNz4bgc2XGh20vQFfKOU9h MmwYogor8i/D8E4gjSi6K/OO47iynqXxd1wCEOvMXalmS7IoQ91A/NS5/QH/8J3uD8rm iE4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CUEgU8lUPfqHLkxEP7PXeNrcLD30x8GXIGjT4/+X3Ko=; b=k9eIZMGBunv1XIjy2TbR2RXpFAclr+iqS4NHv8AQK/BYqwRaoR1UHzHVW+NSDNVATi fmj+CLTBBdx5Co6OjCDZK4w8OrVB1xUzsRU4gWZxZ+5ZwkIo5Xt5pclKBnv1Uo/+WhV8 J4Ck0+SE3FdEasd1HRoV6hjcvDgVBKM4oBYrrBT8t+9amkm4S0Oh5DDR5IQKDcD/ziIw T8jBSn67V7QnT1cuaO/2lRD3NmH47nwusET+LMoh777QTZ6LE2WRRAGAZcWlHHvMWlQ7 C+t0l1pmSue8NahayMy5jtR8aHoT/OOjotu1uO4KjE4LF9yDIqbQsWkRQze0Mc0XbBrD 29yg==
X-Gm-Message-State: AD7BkJIz0uF+CVIKWoLUaUwvea4U39z+72ebe2V8duomdnvFIZSE48guEmYdVpKpFUu7CcVYFGovi1LLn5Cc6Q==
X-Received: by 10.37.230.202 with SMTP id d193mr14248201ybh.74.1457991198005; Mon, 14 Mar 2016 14:33:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Mon, 14 Mar 2016 14:32:38 -0700 (PDT)
In-Reply-To: <8A79BFEDF6986C46996566F91BB63C860D6536DA@PRN-MBX02-1.TheFacebook.com>
References: <8A79BFEDF6986C46996566F91BB63C860D64EA3F@PRN-MBX02-1.TheFacebook.com> <CABcZeBPxMZEuG4KehxyhNafeQ4-HO9O-9ORn+BiQP0n3LJA_xw@mail.gmail.com> <CAKC-DJjVECKakNyQ+RHKkGfp6WOT+Z4=bvDf27ZT4zRFDUdtuw@mail.gmail.com> <CABkgnnVp=zavzETMXmUSHQ8NzhSxyS=BqEehKC9JJKi6_qos5g@mail.gmail.com> <8A79BFEDF6986C46996566F91BB63C860D6536DA@PRN-MBX02-1.TheFacebook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 14 Mar 2016 14:32:38 -0700
Message-ID: <CABcZeBMc_5WvntkmXz3DUKz-eTRwfyEq4LkdXYC89eOFPkr8qg@mail.gmail.com>
To: Kyle Nekritz <knekritz@fb.com>
Content-Type: multipart/alternative; boundary=94eb2c0afb0e719b33052e090715
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/oUm7hUULB9Ts3T6sb1BKx_qWlUQ>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Limiting replay time frame of 0-RTT data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2016 21:33:22 -0000

On Mon, Mar 14, 2016 at 1:43 PM, Kyle Nekritz <knekritz@fb.com>; wrote:

> As others have said I do think adding client time solves much more than
> just this specific issue. Running a client nonce cache at scale also likely
> requires client time in order to limit the storage needed to a reasonable
> amount.
>
>
>
> I like the idea of including time since receiving the session ticket
> instead of absolute time. This allows for clients with high clock skew but
> still an accurate steady clock to use 0-RTT, and likely for tighter bounds
> to be placed on the time.  The natural place to put this would be the
> client hello, where it would be unencrypted, which would leak the time of
> ticket issuance. How concerning is this, is it worth encrypting this time?
>

My view of this is that we probably are going to eventually want client
EncryptedExtensions
(perhaps for ALPN as Ilari suggests). So, we might as well just add it and
stuff time
there.

-Ekr


>
> Kyle
>
>
>
> *From:* TLS [mailto:tls-bounces@ietf.org] *On Behalf Of *Martin Thomson
> *Sent:* Sunday, March 13, 2016 5:36 AM
> *To:* Erik Nygren <erik+ietf@nygren.org>;
> *Cc:* tls@ietf.org
> *Subject:* Re: [TLS] Limiting replay time frame of 0-RTT data
>
>
>
> I assume that you would run a tight tolerance on the 0RTT resumption by
> saving the client's clock error in the ticket.  That a way only clients
> with bad drift get no 0RTT. To do that all sessions need time.
>
> I do not see how the server can do this in general without client help.
> But the solution also addresses Brian's concern. The client doesn't need
> absolute time, just relative time: How long since the ticket was issued.
> Then it's an addition to the psk_identity only.
>
> On 13 Mar 2016 1:49 PM, "Erik Nygren" <erik+ietf@nygren.org>; wrote:
>
> That does seem like a good idea to include a client time stamp in the 0RTT
> flow to let the server force 1RTT in the case where this is too far off as
> this bounds the duration of the replay window.  (I suspect we'll find a
> whole range of other similar attacks using 0RTT.)  An encrypted client
> timestamp could presumably be probed by the server.  (ie, if the server
> response is a different size for timestamp-expired vs timestamp-not-expired
> an attacker could keep probing until they change?)  That does seem like
> more effort, however.
>
>            Erik
>
>
>
> On Sat, Mar 12, 2016 at 7:56 AM, Eric Rescorla <ekr@rtfm.com>; wrote:
>
> Hi Kyle,
>
>
>
> Clever attack. I don't think it would be unreasonable to put a low
> granularity time stamp in the
>
> ClientHello (and as you observe, if we just define it it can be done
> backward compatibly)
>
> or as you suggest, in an encrypted block. With that said, though couldn't
> you
>
> also just include the information in the HTTP header for HTTP? Do you
> think this is a sufficiently
>
> general issue that it merits a change to TLS.
>
>
>
> -Ekr
>
>
>
>
>
> On Fri, Mar 11, 2016 at 9:21 PM, Kyle Nekritz <knekritz@fb.com>; wrote:
>
> Similar to the earlier discussion on 0.5-RTT data, I’m concerned with the
> long term ability to replay captured 0-RTT early data, and the attack
> vectors that it opens up. For example, take a GET request for an image to a
> CDN. This is a request that seems completely idempotent, and that
> applications will surely want to send as 0-RTT data. However, this request
> can result in a few things happening:
>     1) Resource unavailable
>     2) Resource cached locally at edge cluster
>     3) Cache miss, resource must be fetched from origin data center
> #1 can easily be differentiated by the length of the 0.5-RTT response
> data, allowing an attacker to determine when a resource has been
> deleted/modified. #2 and #3 can also be easily differentiated by the timing
> of the response. This opens up the following attack: if an attacker knows a
> client has requested a resource X_i in the attacker-known set {X_1, X_2,
> ..., X_n}, an attacker can do the following:
>     1) wait for the CDN cache to be evicted
>     2) request {X_1, X_2, …, X_(n/2)} to warm the cache
>     3) replay the captured client early data (the request for X_i)
>     4) determine, based on the timing of the response, whether it resulted
> in a cache hit or miss
>     5) repeat with set {X_1, X_2, …, X_(n/2)} or {X_(n/2 + 1), X_(n/2 +
> 2), …, X_n} depending on the result
> This particular binary search example is a little contrived and requires
> that no-one else is requesting any resource in the set, however I think it
> is representative of a significant new attack vector that allowing
> long-term replay of captured early data will open up, even if 0-RTT is only
> used for seemingly simple requests without TLS client authentication. This
> is a much different threat than very short-term replay, which is already
> somewhat possible on any TLS protocol if clients retry failed requests.
>
> Given this, I think it is worth attempting to limit the time frame that
> captured early data is useful to an attacker. This obviously doesn’t
> prevent replay, but it can mitigate a lot of attacks that long-term replay
> would open up. This can be done by including a client time stamp along with
> early data, so that servers can choose to either ignore the early data, or
> to delay the 0.5-RTT response to 1.5-RTT if the time stamp is far off. This
> cuts down the time from days (until the server config/session ticket key is
> rotated) to minutes or seconds.
>
> Including the client time also makes a client random strike register
> possible without requiring an unreasonably large amount of server-side
> state.
>
> I am aware that client time had previously been removed from the client
> random, primarily due to fingerprinting concerns, however these concerns
> can be mitigated by
> 1) clients can choose to not include their time (or to include a random
> time), with only the risk of their .5-RTT data being delayed
> 2) placing the time stamp in an encrypted extension, so that it is not
> visible to eavesdroppers
>
>
> Note: it’s also useful for the server to know which edge cluster the early
> data was intended for, however this is already possible in the current
> draft. In ECDHE 0-RTT server configs can be segmented by cluster, and with
> tickets, the server can store cluster information in the opaque ticket.
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=hKiQKAVn_GFQiKNtyPpO5SW6BjMTNV0jf6nb7qdIqxA&s=w1kyX4_66LehjWfy5-625X8MU8TX9JTSRIcgTlU6iqA&e=>
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=hKiQKAVn_GFQiKNtyPpO5SW6BjMTNV0jf6nb7qdIqxA&s=w1kyX4_66LehjWfy5-625X8MU8TX9JTSRIcgTlU6iqA&e=>
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=hKiQKAVn_GFQiKNtyPpO5SW6BjMTNV0jf6nb7qdIqxA&s=w1kyX4_66LehjWfy5-625X8MU8TX9JTSRIcgTlU6iqA&e=>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>