2cents worth,
One way to deal with a variable latency from the encryption unit might be to separate the encryption calculations into a complicated part which pre-builds an encrypt/decrypt stream and a simple part which just XOR's the prebuilt stream with the freshly timestamped time transfer packet. This still doesn't help the issue of a systematic delay attack. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, March 12, 2012 7:01 AM To: [email protected] Subject: TICTOC Digest, Vol 63, Issue 23 If you have received this digest without all the individual message attachments you will need to update your digest options in your list subscription. To do so, go to https://www.ietf.org/mailman/listinfo/tictoc Click the 'Unsubscribe or edit options' button, log in, and set "Get MIME or Plain Text Digests?" to MIME. You can set this option globally for all the list digests you receive at this point. Send TICTOC mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://www.ietf.org/mailman/listinfo/tictoc or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of TICTOC digest..." Today's Topics: 1. Re: Please Comment on Practical Solutions for Encrypted Synchronization Protocol (Tal Mizrahi) ---------------------------------------------------------------------- Message: 1 Date: Mon, 12 Mar 2012 14:00:44 +0200 From: Tal Mizrahi <[email protected]> To: Cui Yang <[email protected]>, "[email protected]" <[email protected]> Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Message-ID: <[email protected]> Content-Type: text/plain; charset="gb2312" Hi Yang, > time of encryption or MAC calculation varies on different devices (typically > in order of less than mili-sec), it is not easy to implement constant latency > method with high accuracy. The encryption latency is less relevant than the encryption latency jitter. Depending on the implementation, the latency jitter of the encryption block can be brought down to near-zero-jitter. I agree it is not easy to implement, but there are existing products that do this. Of course I agree that from an implementation perspective it is easier to achieve the same latency in two-step timestamping, and this may be a more delicate way to phrase the idea in the draft. > Since protocols like PTP has accuracy in the range of micro-sec to > mili-sec, and BTW, in some applications PTP accuracy is measured in nanoseconds nowadays. For example, in UMTS (ETSI TS 125 105) the requirement is for 65 ns accuracy. BR Tal. From: Cui Yang [mailto:[email protected]] Sent: Monday, March 12, 2012 11:09 AM To: Tal Mizrahi; [email protected] Subject: Re: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Hi, Tal Thank you for your comments. Please find my answer in the following: 1. I am afraid that ?The one-step timestamping is not accurate?, is not an assumption but a conclusion, IMO. As we have analyzed in the Sec 2 in the new draft, encryption time does not affect the two-step timestamping, but does influence the one-step protocol. Because e1 (encryption time of sync message sent by Master) must be calculated after the timestamp was struck, it definitely introduces errors. As you mentioned that some existing products employ the one-step and constant latency method, I think it could be done but depend on the error margin. Since protocols like PTP has accuracy in the range of micro-sec to mili-sec, and time of encryption or MAC calculation varies on different devices (typically in order of less than mili-sec), it is not easy to implement constant latency method with high accuracy. While on the other hand, two-step timestamping could remove the influence of e1, completely. So that , we can focus on dealing with the errors by decryption time. But I think it is good to note this fact in Sec 2.3 that one existing method for one-step timestamping is to take care of the constant delay, if error margin is acceptable. The academic paper you noted is interesting and the data that it provides is helpful, as well. We will include it in our reference later (and also for other papers someone commented before). Thanks for reminding me. 2. The reason you mentioned is one of the motivations we submitted a new draft. Others are that we would not like to restrict the solution uniquely to ?identifier packets? by draft-xu-tictoc-ipsec-security-for-synchronization. After a lengthy discussion (even continuing now), we feel it necessary clarifying use cases, and comparing all possible practical solutions. Thank you! Best regards, Yang ================== Yang Cui, Ph.D. Huawei Technologies [email protected]<mailto:[email protected]> ???: Tal Mizrahi [mailto:[email protected]] ????: 2012?3?11? 17:24 ???: Cui Yang; [email protected] ??: RE: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Hi Yang, A couple of comments: 1. The assumption in the draft is that one-step timestamping is not accurate. However, it is basically a question of implementation. It is possible to perform one-step timestamping and to perform constant-latency-encryption/decryption. Furthermore, there are existing products that do exactly that. There are a few academic papers that deal with the accuracy of encrypted PTP, for example see A. Treytl, B. Hirschler, ?Securing IEEE 1588 by IPsec tunnels - An analysis?. 2. If I understand the goal of this draft correctly, it appears to be presenting the motivation for draft-xu-tictoc-ipsec-security-for-synchronization. If this is indeed the case, you may want to consider integrating the two drafts. BR Tal Mizrahi. From: [email protected] [mailto:[email protected]] On Behalf Of Cui Yang Sent: Wednesday, March 07, 2012 5:35 AM To: [email protected] Subject: [TICTOC] Please Comment on Practical Solutions for Encrypted Synchronization Protocol Hi, all, I have posted a new draft that discusses the practical solutions for encrypted synchronization protocols. Since we have discussed a lot on this problem, and the security requirement of synchronization also noted that confidentiality may need protection, especially in case that the confidentiality protection is mandatory. Synchronization should be available when the traffic is encrypted. The influences by the encryption are explained, and several possible solutions have been discussed. The URL is below, please review and comment. Title : Practical solutions for encrypted synchronization protocol Author(s) : Y. Cui, M. Bhatia, D. Zhang Filename : draft-cui-tictoc-encrypted-synchronization-00.txt Pages : 10 Date : Mar. 1, 2012 This informational document analyzes the accuracy issues with time synchronization protocols when time synchronization packets are encrypted during transmission. In addition, several candidate solutions on such issues are introduced. A URL for this Internet-Draft is: http://datatracker.ietf.org/doc/draft-cui-tictoc-encrypted-synchronization Thanks, Yang ================== Yang Cui, Ph.D. Huawei Technologies [email protected]<mailto:[email protected]> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.ietf.org/mail-archive/web/tictoc/attachments/20120312/7f3ca4cd/attachment.htm> ------------------------------ _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc End of TICTOC Digest, Vol 63, Issue 23 ************************************** _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
