[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Use of Encryption in Heartbeat Packets



Paul,

Admittedly, "good" is a relative term.

What I meant to say is that potentially much faster mechanisms exist.

The use of encryption is O(1) relative to packet size, but, as Tero pointed
out, the constant is quite large unless you use a fast encryption algorithm.

The other mechanism I suggested (a predictable message id) is also O(1)
relative to packet size, but the constant is very low.

Andrew
_______________________________________________
 Beauty without truth is insubstantial.
 Truth without beauty is unbearable.


> -----Original Message-----
> From: Paul Koning [mailto:pkoning@xedia.com]
> Sent: Tuesday, March 07, 2000 3:01 PM
> To: akrywani@newbridge.com
> Cc: kivinen@ssh.fi; ipsec@lists.tislabs.com
> Subject: RE: Use of Encryption in Heartbeat Packets
>
>
> >>>>> "Andrew" == Andrew Krywaniuk <akrywani@newbridge.com> writes:
>
>  Andrew> I don't disagree with your analysis, except on one point.
>
>  Andrew> DoS Analyis ----------- In your example with the SPI list,
>  Andrew> you assume that the SPI list only adds 200 bytes to the
>  Andrew> packet. This is not necessarily true in the DoS case because
>  Andrew> the adversary can make the packet as long as he wants.
>
> An implementation will want to put sensible bounds on the packet size.
> There's the 64k UDP limit, of course, but you really need to be able
> to set limits far lower than that.  Not just for DoS resistance but
> for many other reasons as well.
>
>  Andrew> In general, full-packet HMAC authentication does not provide
>  Andrew> good DoS resistance.
>
> I believe you're making some unstated assumptions there that may not
> be valid for other implementations.
>
> *If* it is practical in an implementation to do crypto in software,
> *and* to do packet validation on the fly while you're doing that, yes,
> then your point may be valid.
>
> On the other hand, if you're using hardware crypto, as you
> well may in
> high end systems, HMAC is definitely the best and most efficient
> method for verifying that a packet is good.
>
>  Andrew> Of course, the adversary could still flood the host with
>  Andrew> small packets, but that is more likely to set off alarm bells
>  Andrew> on an external monitoring system.
>
> Not necessarily for a DDoS attack, or even if the alarms go off you
> may not be able to do much about it.
>
> 	paul
>



References: