Re: [Ace] Security of the Communication Between C and RS

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 19 December 2018 13:04 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3CEC128766 for <ace@ietfa.amsl.com>; Wed, 19 Dec 2018 05:04:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F7gg5xVAkXRg for <ace@ietfa.amsl.com>; Wed, 19 Dec 2018 05:04:55 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50064.outbound.protection.outlook.com [40.107.5.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9910130934 for <ace@ietf.org>; Wed, 19 Dec 2018 05:04:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=02gFrs4M+iLf9zRNvtpYASE0mwJjhqcB0pTtChwwPJ0=; b=rsRYJRpW9F/kWcxaZR3gJ+ImK9znR8a2aBZDig9BBRIQWx4ToSevKvmOo1L+L+BUOB6BipRMtCrptSKB9qAJJ3iTbHp/S+D4W8xDJwSStiDhmat8A0IZcMtmdnpRtYam8L/eJ6u8Q4vkXp2Vf6VpQrjlevXRGzebsERl6iojYxI=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1645.eurprd08.prod.outlook.com (10.168.66.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.19; Wed, 19 Dec 2018 13:04:51 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::e8de:6a41:cbf4:89d8]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::e8de:6a41:cbf4:89d8%3]) with mapi id 15.20.1425.023; Wed, 19 Dec 2018 13:04:51 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Ludwig Seitz <ludwig.seitz@ri.se>, Stefanie Gerdes <gerdes@tzi.de>, Jim Schaad <ietf@augustcellars.com>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Security of the Communication Between C and RS
Thread-Index: AQHUlquFKpsKbsbb2kGcq8Jrm430i6WELNAAgABWsZCAABAfgIAACmOwgAFP8YCAAAFuwIAABDYAgAAJ5ACAAAqnwA==
Date: Wed, 19 Dec 2018 13:04:51 +0000
Message-ID: <VI1PR0801MB2112BA2A400D660DC32B7293FABE0@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <154322421294.8323.8505315870685563404.idtracker@ietfa.amsl.com> <a0cdd836-7fe3-339e-0c48-961503857447@tzi.de> <03b601d49191$7d1bb400$77531c00$@augustcellars.com> <945fbebe-659f-ac72-3ab6-8e05447e7c92@ri.se> <1c5b81f3-50ce-be68-bec3-68ce2ff15b43@tzi.de> <4ae4eccd-68bf-18ef-f909-142f8172eca1@ri.se> <81ba3ab4-a9ce-a6fd-fbe6-c36a6fbbd9a5@tzi.de> <VI1PR0801MB2112E04F9FD7412350995417FAA20@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b994af16-9bb8-4386-e7d2-321e453417fc@ri.se> <VI1PR0801MB21124D7C11F3A1F49DCA9A2CFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <VI1PR0801MB21126DDCCA251EEB8DB21DAAFABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <dff54c41-9598-8f77-83ec-f4494703d923@tzi.de> <VI1PR0801MB21125D384A3DE6BD90AEDB74FABD0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <b79ea204-0d7d-3968-6ea5-cd33d5502380@tzi.de> <VI1PR0801MB2112F215E8DF2E8AC34F217FFABE0@VI1PR0801MB2112.eurprd08.prod.outlook.com> <e42032d6-ad15-26d2-cdbb-aaa34900d1ad@tzi.de> <9f35177f-30d4-817e-dfc3-9a54903ab023@ri.se>
In-Reply-To: <9f35177f-30d4-817e-dfc3-9a54903ab023@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.114.221]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1645; 6:kqsP8oy2m4EH4+D0lVGOqOr5jHjLKFEqXW87YwvEqWUFDZF2+vF5dRr1xHlFPUXKLKLBRbgMixL0iggK973+aQMnYwHbMeCN+WUVqMZpWm+dhU3HobwMheQnzSBBE+Q+gNIZX/x2CGuiC5acTrLPgViB916nUpT0gIi8pS6qvW3yQDnZKXYUE3zYEdMv73zxQlVk/RbszLaP0k7AWZYOevBxRdg6s9HvmD57xRPCxiWWJtJlQ3Wa96NoBfrgxpKrywe4mZvpbgTrt4bKQF1ufI8u1kVJpVNt+HZjjTq+UKgR1IxjS1ZWCCqLGIwtWmyDvBHABeGajYhcgDD98CIPV0aM21fE9sx9mYJcYkGFwcsXuo57WCI0aa4ZMkCKBePXCp9QmFMYPDOYU9q3CZPytuOejlpGPLAmf9uXDEqA+mJb9jmx/zJQn8nOf7oKJ73dNIY+1MYQYaRvHh1MAoZT5A==; 5:5Xbx0WsXy7hTxJ63//A0ULZDR+2o2wdy0yhzOsAOBNqzKcwvDMnErRB3/skA+uTxWVovdDN8ZbHi/A1HwFHwFeF/RvZThBOt3dKTaaDW76v/HdSAUmV3eirPtFkGWT85kBWSqHHXCUijl/pFccisWD04/vaRZNk34Jx628R++Oo=; 7:F6CFxXijWR0c4Go7bcqO0PVvJCrXe3/Jp1O5kW3Pvl2txyxSa3U49wLbq+21dGpqB/HvhUKkFSVde3fu3n1GLbqkXdFuenkayibcJByahbmbpMke0KIkIl7iLAjqJED4e6cZGGCJIcvjOXjc/v1sSA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e40d21f0-27db-46a6-2b0e-08d665b29026
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1645;
x-ms-traffictypediagnostic: VI1PR0801MB1645:
x-microsoft-antispam-prvs: <VI1PR0801MB16458258BAD20E44F4F6E142FABE0@VI1PR0801MB1645.eurprd08.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(3231475)(944501520)(52105112)(93006095)(93001095)(10201501046)(3002001)(6055026)(148016)(149066)(150057)(6041310)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:VI1PR0801MB1645; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1645;
x-forefront-prvs: 0891BC3F3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(136003)(39860400002)(366004)(376002)(40434004)(199004)(189003)(478600001)(186003)(72206003)(2906002)(93886005)(316002)(25786009)(6116002)(66066001)(3846002)(9686003)(7696005)(6246003)(97736004)(53936002)(55016002)(76176011)(15650500001)(26005)(14454004)(102836004)(6506007)(110136005)(2501003)(68736007)(86362001)(74316002)(305945005)(5024004)(106356001)(14444005)(256004)(81166006)(81156014)(8676002)(476003)(446003)(8936002)(71200400001)(71190400001)(11346002)(486006)(5660300001)(7736002)(99286004)(33656002)(6436002)(229853002)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1645; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: gSPBo/98H6Akpx4BWSQ9WTzECGRCimWgAUpQ4s7eZQIXg7DkwNN+JCIPBDnt0c2VLnNvg7ZtUzX5ZORZ+FP3gWcy8AqEpjIyzPFkgDMdX3TihucXmkRroEhkChnIqZDAe94aEK0loo5cGdhkXTrOOFmb/6aCNQsqjlgPRq8iBI4BFhiWSLA7dfe8fdh5k1Rw+ard9oo2eB7pp+9Ugh1ORithq/wB/p0tsTewLWokxcZE39wFgwokvVHaKnphxpxsw6MEIkmMJ4vyyNHLS/AQRSQcuKEuFqLT0D/oN96LO5P7dG/b4JLcAc/y3mNjAc1V
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e40d21f0-27db-46a6-2b0e-08d665b29026
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2018 13:04:51.5414 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1645
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/cLAkbXsw-2ZnmfiT4vNHStc6Lys>
Subject: Re: [Ace] Security of the Communication Between C and RS
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 13:04:58 -0000

Thanks, Ludwig. The list of steps below help me to understand the concern.

----


1.) C obtains token and pop-key from AS
2.) C transmits token to RS and sets up secure communication (e.g.
DTLS-PSK) using the pop-key
3.) C sends secure requests to the RS
4.) token expires, an attacker manages to get hold of the pop-key
5.) C continues to send requests containing sensitive information to the RS , attacker can now read the messages and spoof positive responses from the RS. C never notices that the token is invalid and that it is actually talking to the attacker.

----

In step (4) you tie the expiry of the token to the attacker getting hold of the key. What happens if the attacker gets hold of the pop key before the token expires?
Additionally, if you use DTLS/TLS just having the PoP key still requires the attacker to run a new DTLS/TLS handshake with the RS.
It would also be useful to know where the attacker got the PoP key from and how you can even detect the compromise.

Additionally, there is the question why the RS wouldn't stop communicating if the token expired since it has that information. Normally, the idea is that the RS has a protected resource and the client wants to access it. That's why the RS is asking the client to send a token that gives it access.

Ciao
Hannes


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.