stateless reset
play

Stateless Reset QUIC Interim 2017-06, Paris Manifest Confusion - PowerPoint PPT Presentation

May 30, 2023 •244 likes •390 views

Stateless Reset QUIC Interim 2017-06, Paris Manifest Confusion What is the purpose of a Stateless Reset? What signals do we want endpoints to generate? ...and who do we want to have consume those signals? What is the role of a middlebox in

  1. Stateless Reset QUIC Interim 2017-06, Paris

  2. Manifest Confusion What is the purpose of a Stateless Reset? What signals do we want endpoints to generate? ...and who do we want to have consume those signals? What is the role of a middlebox in QUIC? 2

  3. Signals Taxonomy A simplistic taxonomy divides things into sender/receiver end-to-end - most things end-to-path - a bunch of implicit signals only path-to-end - PMTU signals, ECN One of these is not like the others: there is only one connection, but multiple paths 3

  4. Simple Migration S Handshake happens on one path C 4

  5. Simple Migration S Handshake happens on one path C C >> migration >> Any number of paths might be used in between 5

  6. Simple Migration S Handshake Terminatio happens on n happens one path on another C C >> migration >> >> migration >> C Any number of paths might be used in between 6

  7. Limited Scope Stateless Reset An end-to-end signal Used only when a server (not a client) loses state Terminates the connection Not visible to middleboxes (?) 7

  8. Signal Leakage As originally designed, Public Reset is an end-to-end signal … that leaks information to the path Connection termination also means flow termination Path elements have an incentive to look for and consume these packets 8

  9. Acting on Partial Information A path element might act on a spoofed Stateless Reset That could break a flow, even if the signal is not genuine TCP RST is used for man-on-the-side DoS attacks ...it would be nice if QUIC weren’t similarly vulnerable 9

  10. Solution Options A (#20): Expose the verifier and have path elements validate Problem: path elements won’t see the handshake always Problem: they might only look at the packet type octet B (Grease): Send lots of fake Stateless Resets ...with ( B1 ) or without ( B2 ) a publicly visible verifier Problem: wastes bandwidth and effort C (Hide): Make the Stateless Reset look like any other packet 10

  11. Proposal: Remove the Leakage (Option C) Send n during the handshake, encrypted Stateless Reset looks like a regular packet Contents are n plus random padding Looks like ciphertext but won’t decrypt Client compares packet to n if it doesn’t decrypt Server generates n from a static key and connection ID e.g., HKDF(K static , connectionID || serverID, ‘reset’, L) 11

  12. Wait! 12

  13. What about the path? The only signal the path gets is the handshake ...and that is only for the first path For other paths, it’s either packets flowing or not That means timers, and timers are terrible Please, propose a separate, explicit end-to-path signal 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stateless Systems, Factory Reset, Golden Master Systems and systemd LinuxCon Europe, Duesseldorf

Stateless Systems, Factory Reset, Golden Master Systems and systemd LinuxCon Europe, Duesseldorf

Stateless Systems, Factory Reset, Golden Master Systems and systemd LinuxCon Europe, Duesseldorf October 2014 Stateless Systems, Factory Reset, Golden Master Systems and Factory Reset? Stateless Systems, Factory Reset, Golden Master Systems

930 views • 80 slides
Center Moriches Union Free School District An Energy Conservation Plan Agenda Project

Center Moriches Union Free School District An Energy Conservation Plan Agenda Project

If you can read this If you can read this Click on the icon Click on the icon to choose a to choose a picture or picture or Reset the slide . Reset the slide . To Reset: Right click on the To Reset: Right click on the slide thumbnail and

309 views • 19 slides
RESET & Living Building Challenge Anjanette Green agreen@reset.build The greenest

RESET & Living Building Challenge Anjanette Green agreen@reset.build The greenest

RESET & Living Building Challenge Anjanette Green agreen@reset.build The greenest commercial office building in the world JOIN OR START A COLLABORATIVE IN YOUR COMMUNITY TODAY REGENERATIVE ECOLOGICAL SOCIAL & ECONOMIC TARGETS

390 views • 16 slides
Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6

1 Probably the worlds best stateless traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless traffic

720 views • 43 slides
Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2

Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2

1 Probably the worlds best stateless Ethernet traffic generation and analysis platform 2 1 2 4 5 6 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE AUTOMATION KEY FEATURES LEARN MORE 3 OVERVIEW Valkyrie is a full-featured stateless

805 views • 43 slides
ARDUINO HELLO LED! RESET ICSP2 AREF RX TX L GND 13 IOREF 12 RESET Arduino 11 3V3 10

ARDUINO HELLO LED! RESET ICSP2 AREF RX TX L GND 13 IOREF 12 RESET Arduino 11 3V3 10

ARDUINO HELLO LED! RESET ICSP2 AREF RX TX L GND 13 IOREF 12 RESET Arduino 11 3V3 10 5V 9 GND 8 POWER GND TM DIGITAL (PWM= VIN 7 6 A0 5 A1 4 3 A2 ANALOG IN A3 2 ) A4 TX0 1 ICSP 1 ON A5 RX0 0 BLINK BLINK

240 views • 13 slides
Reset-Atomicity in Xen Benita Bose Adam Everspaugh VM-Reset Security Vulnerability App

Reset-Atomicity in Xen Benita Bose Adam Everspaugh VM-Reset Security Vulnerability App

Reset-Atomicity in Xen Benita Bose Adam Everspaugh VM-Reset Security Vulnerability App generates a random number VMM takes a snapshot 198764, 845920,0 Each time VM restored 349581 from snapshot - same random number used

895 views • 17 slides
2019 EPG Conference George Oliver, Chairman & CEO May 20, 2019 Forward Looking/Cautionary

2019 EPG Conference George Oliver, Chairman & CEO May 20, 2019 Forward Looking/Cautionary

If you can read this Click If you can read this Click on the icon to choose a on the icon to choose a picture or picture or Reset the slide . Reset the slide . To Reset: Right click on the slide To Reset: Right click on the slide thumbnail and

380 views • 8 slides
Towards TVF 4 TVF 3 TVF 2 TVF 1 r log(Packet Value) r + D 3 D 3 r + D 3 + D 2 Core-Stateless

Towards TVF 4 TVF 3 TVF 2 TVF 1 r log(Packet Value) r + D 3 D 3 r + D 3 + D 2 Core-Stateless

Towards TVF 4 TVF 3 TVF 2 TVF 1 r log(Packet Value) r + D 3 D 3 r + D 3 + D 2 Core-Stateless Fairness D 2 r + D 3 + D 2 + D 1 D 1 on Multiple Timescales 1 2 3 4 5 6 7 log(Throughput) Szilveszter Ndas(Ericsson Research) Gerg Gombos,

1.1k views • 20 slides
IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad

IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability Ahmad AlSadeh, Hosnieh Rafiee, Christoph Meinel Hasso-Plattner-Institut, University of Potsdam, Germany IPv6 StateLess Address Auto- Configuration

330 views • 20 slides
G arry Kaspa arov: Why Vladimir Putin Is Im mmune to t the Americ can Reset T Thank you fo

G arry Kaspa arov: Why Vladimir Putin Is Im mmune to t the Americ can Reset T Thank you fo

Heritag ge Foundat tion The Risks of th he Reset: W Why Wash ington Mu ust Watch I Its Step Wi ith Moscow w Octob ber 25, 201 11 G arry Kaspa arov: Why Vladimir Putin Is Im mmune to t the Americ can Reset T Thank you fo or

112 views • 10 slides
Reset Within Russia? : A Comparative Governance Perspective Daniel Kaufmann, Brookings

Reset Within Russia? : A Comparative Governance Perspective Daniel Kaufmann, Brookings

Reset Within Russia? : A Comparative Governance Perspective Daniel Kaufmann, Brookings Institution Presentation at the Public Conference The Risks of the Reset, at the Heritage Foundation , Washington, D.C., October 25 th , 2011 1 The

308 views • 16 slides
Adaptation: Insert 21 st century solutions from the dredging industry Reset slide

Adaptation: Insert 21 st century solutions from the dredging industry Reset slide

Climate Change Resilience and Adaptation: Insert 21 st century solutions from the dredging industry Reset slide Sander Dekker | Washington DC | May 19, 2016 Background: UN Sustainable Development Goals Insert Reset

229 views • 12 slides
dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R. Asati, C. Xie, Q. Sun 2011-11-12 Introduction The dIVI-PD is an extension of stateless IPv4/IPv6 translation with address sharing RFC6052:

890 views • 15 slides
Hamilton & National Grid Select reset slide (note: Using this action will

Hamilton & National Grid Select reset slide (note: Using this action will

Click on the picture placeholder icon Go to Format tab Select Crop Hamilton & National Grid Select reset slide (note: Using this action will reset all of August

375 views • 6 slides
( reset ) May 19, 2011 1 / 19 The variety generated by all the ordinal sums of perfect

( reset ) May 19, 2011 1 / 19 The variety generated by all the ordinal sums of perfect

( reset ) May 19, 2011 1 / 19 The variety generated by all the ordinal sums of perfect MV-chains Matteo Bianchi matteo.bianchi@unimi.it ( reset ) May 19, 2011 1 / 19 Basic Logic The formulas of BL are constructed by starting from the

1.13k views • 102 slides
Machine Translation CIS 526 Instructor: Chris Callison-Burch TAs: Mitchell Stern, Justin Chiu

Machine Translation CIS 526 Instructor: Chris Callison-Burch TAs: Mitchell Stern, Justin Chiu

Machine Translation CIS 526 Instructor: Chris Callison-Burch TAs: Mitchell Stern, Justin Chiu Course web site mt-class.org/penn Course materials developed with Adam Lopez Matt Post Chris Dyer Edinburgh JHU CMU Textbook

772 views • 39 slides
Introduction Virginia Thumm Virginia Fundraising Virginia has worked in the non-profit sector

Introduction Virginia Thumm Virginia Fundraising Virginia has worked in the non-profit sector

7/22/2018 Partnering with your CEO How to Develop a Highly S uccessful Partnership Presentation to the Virginia Fund Raising Institute Virginia Thumm, President, Virginia Fundraising Consultants July 19, 2018 Introduction Virginia Thumm

379 views • 13 slides
Classification of Regular and Chiral Polytopes by Topology Egon Schulte Northeastern University,

Classification of Regular and Chiral Polytopes by Topology Egon Schulte Northeastern University,

Classification of Regular and Chiral Polytopes by Topology Egon Schulte Northeastern University, Boston November 2013, Toronto Classical Regular Polytopes Review Convex polytope : convex hull of finitely many points in E n Key observation:

670 views • 45 slides
Cosmic Rays, Gamma Rays and the Universal Rays and the Universal Background Radiation

Cosmic Rays, Gamma Rays and the Universal Rays and the Universal Background Radiation

Cosmic Rays, Gamma - - Cosmic Rays, Gamma Rays and the Universal Rays and the Universal Background Radiation Background Radiation Malcolm Longair Malcolm Longair Cavendish Laboratory, Cambridge Cavendish Laboratory, Cambridge Celebrating

1.05k views • 63 slides
Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Rigorous fair Queueing

Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Rigorous fair Queueing

Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Rigorous fair Queueing requires per flow state : too costly in high speed core routers Yet, some form of FQ essential for efficient, fair congestion control in the

421 views • 17 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
to Steady Your Mind Spirit Rock Meditation Center April 11, 2015 Rick Hanson, Ph.D.

to Steady Your Mind Spirit Rock Meditation Center April 11, 2015 Rick Hanson, Ph.D.

The Neurology of Awakening: Using the New Brain Research to Steady Your Mind Spirit Rock Meditation Center April 11, 2015 Rick Hanson, Ph.D. Richard Mendius, M.D. The Wellspring Institute For Neuroscience and Contemplative Wisdom 1

720 views • 61 slides
Agile State of Mind Andy Gherna, Technology Services Ester Cha, Technology Services What is

Agile State of Mind Andy Gherna, Technology Services Ester Cha, Technology Services What is

Agile State of Mind Andy Gherna, Technology Services Ester Cha, Technology Services What is Agile? What is Scrum? Work is Transparent Why we Started Scrum Several Goals: Improve team to stakeholder communication and feedback

658 views • 17 slides

More recommend