[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTION: 3.1 DoS protection

To: "'Theodore Ts'o'" <tytso@mit.edu>, " 'list'" <ipsec@lists.tislabs.com>
Subject: RE: SOI QUESTION: 3.1 DoS protection
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 24 Jun 2002 02:27:08 -0400
Importance: Normal
In-Reply-To: <E17LVN2-0000L2-00@think.thunk.org>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

> 3.1 DoS protection
>
> 3.1.A) WRT DOS attacks that exhaust memory or CPU resources,
> is it more
> important to always keep the message count at 4, or is it
> acceptable to add
> an additional roundtrip of messages when the responder thinks
> he's under
> attack?

The additional round-trip approach is better. Since we don't expect to be
under DoS attack most of the time, the average message count will still be
4. When under attack, we should expect severe performance degredation
anyway. The noise to signal ratio will be so high that it won't make a
difference if there are 6 messages or 4.

The additional round-trip makes the protocol less intricate and more
modular. This is just good protocol design.


> 3.1.B) WRT UDP fragmentation attack protection, both IKEv2
> and JFK provide
> basically equivalent protection. Does anyone care about the
> details of how
> JFK or IKEv2 provide this functionality.

Not really. It's a neat idea, but I'm not sure everyone will implement it.


> 3.1.C) Is it important to have precomputation of exponentials
> available for
> use as a mechanism for protecting against cpu consumption attacks?

Yes and no.

Should you precompute exponentials? Yes, by all means. However, that is a
local implementation matter that has nothing to do with the protocol.

Do we need to use the technique specified in JFK? No, since that was only
needed to accomplish feature 3.1.A. As I mentioned above, doing DoS
protection in 6 messages makes the protocol less intricate and more modular.


> 3.2.A)In both IKEv2 and JFK, Alice chooses a Diffie-Hellman group in
> message one. In IKEv2 if Bob doesn't accept what Alice offers the
> negotiation starts again. In JFK if Bob doesn't accept what
> Alice offers
> but Alice can live with what Bob offers, they continue.
> Otherwise they
> start over. Is this an important feature for SOI?

This is an area where SOI has the potential to be harder to implement than
IKEv1. In IKEv1, aggressive mode always caused problems in expressing
policy. With main mode, the exchange was self-contained (it could fully
negotiate all features). With both IKEv2 and JFK it sounds like a
meta-negotiator class/state-machine (which will retry with new parameters)
will now be mandatory. Of course there are other reasons why one might want
a meta-negotiator, so this could be a good thing.

The JFK draft makes the argument that ukases are preferable to negotiation
of parameters. I disagree, in the sense that the ukases must be handled by a
meta-negotiator. There is no negotiation within the JFK exchange, but there
is negotiation within the meta-exchange.


> 3.3 Size of messages
>
> There is no significant difference in the size of messages in the two
> protocols.

The repetition of parameters in JFK in order to achieve feature 3.1.A is a
little bit wasteful. But I agree that there is no significant difference.


Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

Follow-Ups:
- RE: SOI QUESTION: 3.1 DoS protection
  - From: Michael Thomas <mat@cisco.com>
- RE: SOI QUESTION: 3.1 DoS protection
  - From: Jan Vilhuber <vilhuber@cisco.com>

References:
- SOI QUESTION: 3.1 DoS protection
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: RE: SOI QUESTIONS: 2.6 Formal proofs of security
Next by Date: RE: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Prev by thread: SOI QUESTION: 3.1 DoS protection
Next by thread: RE: SOI QUESTION: 3.1 DoS protection
Index(es):
- Date
- Thread