IETF Logo Mail Archive

Re: [Cfrg] aPAKE Analysis / Why System-Level-View

Björn Haase <bjoern.haase@endress.com> Wed, 18 September 2019 07:42 UTC

Return-Path: <bjoern.haase@endress.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CFCD120125 for <cfrg@ietfa.amsl.com>; Wed, 18 Sep 2019 00:42:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=endress.com header.b=NrBZl1Zt; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=endress.com header.b=aVHzgIj2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17vKogs0rpMB for <cfrg@ietfa.amsl.com>; Wed, 18 Sep 2019 00:41:54 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140074.outbound.protection.outlook.com [40.107.14.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9D9212004E for <cfrg@irtf.org>; Wed, 18 Sep 2019 00:41:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YLzPT/xEGlz3twivjb7mKFIr1tW0ZFcJaP++24UBmzY=; b=NrBZl1ZtMFStbT/oPoCMCrt/i/wzJZTaZ8dCPzrS/UrdtwCcl8WqFP5KR00WqWp7+c+yUpDe5kKGCwR6X/s27gDa0kayXvOJIU7mf9Z9fPjL4uEQH560qc7my9iq1VLplZnJfs9EgI92JjlLUddzLP+VbJ+Wq/cfWywR3TxQ6jQ=
Received: from HE1PR05CA0127.eurprd05.prod.outlook.com (2603:10a6:7:28::14) by AM6PR05MB4950.eurprd05.prod.outlook.com (2603:10a6:20b:a::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.20; Wed, 18 Sep 2019 07:41:50 +0000
Received: from AM5EUR03FT051.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::202) by HE1PR05CA0127.outlook.office365.com (2603:10a6:7:28::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17 via Frontend Transport; Wed, 18 Sep 2019 07:41:50 +0000
Authentication-Results: spf=pass (sender IP is 40.68.44.165) smtp.mailfrom=endress.com; irtf.org; dkim=fail (body hash did not verify) header.d=endress.com;irtf.org; dmarc=pass action=none header.from=endress.com;
Received-SPF: Pass (protection.outlook.com: domain of endress.com designates 40.68.44.165 as permitted sender) receiver=protection.outlook.com; client-ip=40.68.44.165; helo=iqsuite.endress.com;
Received: from iqsuite.endress.com (40.68.44.165) by AM5EUR03FT051.mail.protection.outlook.com (10.152.16.246) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2284.20 via Frontend Transport; Wed, 18 Sep 2019 07:41:50 +0000
Received: from mail pickup service by iqsuite.endress.com with Microsoft SMTPSVC; Wed, 18 Sep 2019 09:41:49 +0200
Received: from EUR03-AM5-obe.outbound.protection.outlook.com ([104.47.8.53]) by iqsuite.endress.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384); Wed, 18 Sep 2019 09:41:48 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lVrCVlxKVpbOuuIPKvH+hYFjlqo5zpbOrKzpm5EvNvpdpu7s8LjN5F4e3VVA2L8RNi9X1MzFy6QptlC9YbrNUnyhbcgiMooInSBZQ/s92ZclKC5yDk8Yz+CwNJaRVIMcYeDX2UHwyq4vsgQOAiU+2dZPL9JaTnMuW3ZCYDfTUGbgJPkJngspSOMBauquAw1WU3Fwvzt7Fy7CjMsYZWItQd2B32TxNq06FLnb+wEGMkweKGg2yx0RJvObYOLIK4h2OtDnI+rxtwitOdH9L/wFWQVlJ/cRYYn/sPEESLcO0KSpTZtJnV9lI1Uvk3l61wG9rcM9eaTNl6m9x0FMCcL6Hg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JeZtCBf+Ag2N0XYW/y+Uwxqdy6zGOdVDbNpSyra71ss=; b=NmalFbWipeMclocjeB/YJpQox+OXAFH1mhTQIj09asyghG0RSXwJLh26YSN7UrzJY3LI9czN+E62yW0VssTWDpP1mnqpp4KYAsOfpXbMU4t8xgJJoM8FNefY+dnP601Y0sPIClMSlMsvPLn9vJXj8vKV1r2lfSWMAL3OnwIxWPEXLBebRXrJMaanv14d8ZxiKei8VjCLbKoBsrxlnt3ttd5vj71BMW96m35sHKYE+gSo2dIkkqIdvoXF5DFCqv606+LPg41drfRdsEGjp6/Oho/wzjnfdh7v7gO/oGBtSbtC2XLbU5tnxr4KYL1v/gLouM1X6ofOBJVQUT4pXW4ZTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=endress.com; dmarc=pass action=none header.from=endress.com; dkim=pass header.d=endress.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=endress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JeZtCBf+Ag2N0XYW/y+Uwxqdy6zGOdVDbNpSyra71ss=; b=aVHzgIj2vUAMrVazk9llEYTRxGb11oKJkmR/Vi/pS8nxe6sFzeRJ/ADAInyowq40LQr0KAJf0aYP6IQgNQBMZ18rvikahRz8YEWVYGa7bqLSKalnrVM1CQqmmrwjMsNgE9SoWEA/HDLgx96DbycHu/B58AEK3BAadNvY7MJgGEE=
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com (10.169.135.11) by VI1PR0501MB2190.eurprd05.prod.outlook.com (10.169.133.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.20; Wed, 18 Sep 2019 07:41:47 +0000
Received: from VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::2027:2a2:adcd:1425]) by VI1PR0501MB2255.eurprd05.prod.outlook.com ([fe80::2027:2a2:adcd:1425%3]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 07:41:47 +0000
From: Björn Haase <bjoern.haase@endress.com>
To: Hugo Krawczyk <hugo@ee.technion.ac.il>, Jonathan Hoyland <jonathan.hoyland@gmail.com>
CC: cfrg <cfrg@irtf.org>
Thread-Topic: [Cfrg] aPAKE Analysis / Why System-Level-View
Thread-Index: AdVt89hn/XSlyuYkSZ2WJhVFOyu+Qg==
Content-Class:
Date: Wed, 18 Sep 2019 07:41:47 +0000
Message-ID: <VI1PR0501MB22558468E3C0549F452736CC838E0@VI1PR0501MB2255.eurprd05.prod.outlook.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Enabled=True; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SiteId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Owner=bjoern.haase@endress.com; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_SetDate=2019-09-18T07:41:40.9277849Z; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Name=Not Protected; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Application=Microsoft Azure Information Protection; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_ActionId=63f477f6-db66-4c7a-8b4e-39ca4aa17450; MSIP_Label_2988f0a4-524a-45f2-829d-417725fa4957_Extended_MSFT_Method=Automatic
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=bjoern.haase@endress.com;
x-originating-ip: [193.158.100.19]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 3e9901e5-1d59-45d4-bbf0-08d73c0baa9f
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:VI1PR0501MB2190;
X-MS-TrafficTypeDiagnostic: VI1PR0501MB2190:|AM6PR05MB4950:
X-Microsoft-Antispam-PRVS: <AM6PR05MB4950792A5C179D7B492013CD838E0@AM6PR05MB4950.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 01644DCF4A
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(366004)(136003)(396003)(346002)(376002)(189003)(199004)(15594002)(14454004)(413944005)(9686003)(478600001)(6306002)(54896002)(55016002)(4326008)(25786009)(6436002)(7736002)(256004)(14444005)(85202003)(74316002)(19627235002)(71190400001)(71200400001)(66476007)(66556008)(64756008)(66446008)(8936002)(66946007)(76116006)(7696005)(99286004)(33656002)(476003)(8676002)(81156014)(81166006)(66066001)(102836004)(6506007)(186003)(26005)(85182001)(110136005)(6116002)(66574012)(790700001)(316002)(52536014)(3846002)(86362001)(2906002)(5660300002)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0501MB2190; H:VI1PR0501MB2255.eurprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: endress.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: saFOW9+YXPreD5IIBgv+hzJHQgctDgTPfCN97bkiJ9LVu5Pm7GHgKcH9kiZ2pRGjpCcVhuFCc/Eg1ITzmtGO+PQzJmYcnTzsYsVvXfQasbLAT6wlq/7no+tDemnOXAPd+wwQgN+LxYHeAvVxWFam3T5HU7Q/Y9Oe2V5ILT4HqxUpmoqyegIYHmij9DCZ+M7t/9S2rnTjsSyIP75mx93XdkYj3fJpuKMpzFtAVSt/ygj8m1NQ83pHCAI2ZHCktiPymfWqD2ZKIPYfdDUDivFrXk5s3TWVdjIBptuLtwf6Ufi89dDfB301NNDopmC6TYGe5CHx+41/3jiIkxZKJ4w/3c3tKSnUG9Czw5pIWbJS2ZAr0Y9IM9bVwmfmtd81Z5xwSCtflylt+0B20gGgV7jeJim8SPyYtlZm7IDvaU7hU4I=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR0501MB22558468E3C0549F452736CC838E0VI1PR0501MB2255_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0501MB2190
X-OriginalArrivalTime: 18 Sep 2019 07:41:48.0699 (UTC) FILETIME=[87512EB0:01D56DF4]
X-Trailer: 1
X-GBS-PROC: PhpuWBZs8Mhp8Dz2e38ydFd+A7vTQ4uLljm85w+tYfs=
X-GRP-TAN: IQWE01@7F8A85C7A57448D6929ACF6BC03F87A9
X-iqsuite-process: processed
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT051.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:40.68.44.165; IPV:CAL; CTRY:NL; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(136003)(346002)(15594002)(26234003)(199004)(189003)(66066001)(86362001)(85182001)(26826003)(478600001)(8676002)(413944005)(71190400001)(14454004)(316002)(16586007)(74316002)(7736002)(110136005)(81156014)(14444005)(19627235002)(606006)(106002)(55016002)(6306002)(54896002)(52536014)(186003)(336012)(5660300002)(85202003)(76130400001)(70586007)(102836004)(70206006)(6506007)(486006)(126002)(476003)(26005)(15974865002)(4326008)(236005)(99286004)(33964004)(9686003)(356004)(33656002)(81166006)(25786009)(8936002)(3846002)(6116002)(790700001)(2906002)(7696005)(66574012); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR05MB4950; H:iqsuite.endress.com; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: ab57019c-99fe-4c52-e96b-08d73c0ba905
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(710020)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:AM6PR05MB4950;
X-MS-Exchange-PUrlCount: 3
X-Forefront-PRVS: 01644DCF4A
X-Microsoft-Antispam-Message-Info: qnxvChSNC9DMrI+rOOMZleaH7L2kMT51pa9cRjlHpXvsWQHHSTr7019fHbb1w2fHe2Bra99msEfpLfpDrE5C1DKbLRNhggtqxUkan0+9OpHAiBVhIEQ4ICLhv8PmCZXpGKU7V51ddYuwFBC9tITTR5xYmHCHJCAlVy45j2qLDPlceFKsD37Ud0kLsS/guFIAunTbOkuB42hYAXt84Htq344xUbrU2KhG9UMsIMA4Ig3DrqLz1zNH3PdYpt9yT/n/bRR1xxRAB//la+P0ifV2Opxm5uBPKUA43Hl+1bWmPzzSkfFzpWH741yJcz1EHgWHF1Zi0QeQC74MPSDMCblWZ+GJd9kJ/04PFE2YqSKOlZO9f7pohCQ34Q8pbkUcK6s1wo45RtEgAxGccMM78p1Cxtsy5i4Ylkt6eEMUtDqeJY4=
X-OriginatorOrg: endress.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Sep 2019 07:41:50.1006 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e9901e5-1d59-45d4-bbf0-08d73c0baa9f
X-MS-Exchange-CrossTenant-Id: 52daf2a9-3b73-4da4-ac6a-3f81adc92b7e
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=52daf2a9-3b73-4da4-ac6a-3f81adc92b7e; Ip=[40.68.44.165]; Helo=[iqsuite.endress.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR05MB4950
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/45_VJ2Rzz6KAk6AfFh2KrEjG1Rg>
Subject: Re: [Cfrg] aPAKE Analysis / Why System-Level-View
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 07:42:00 -0000

Dear Jonathan, Dear Hugo,

> Hugo Krawcyzk wrote:
>Jonathan, I have not looked into making OPAQUE quantum annoying …

In my perception we should probably not make the mistake of over-estimating the risk of quantum-computing attacks. In my opinion when considering passwords the primary target would be to avoid the obvious known pitfalls. I don’t believe that the fact that OPAQUE is not “quantum annoying” would be any big problem in the real world setting.

In my opinion the key question to structure the future selection process might be that we don’t yet have a common
“system-level view” of the applications that would use PAKE. Most surely there is also not one type of “system” which
would like to use aPAKE.

OPAQUE will make integration into TLS somewhat easier, but I believe that integration of TLS-OPAQUE on the system-level into systems that are dealing with user credential database maintenance, password changes, user-authorization-level changes, user management, etc.
might be quite difficult.

My key questions today are for instance:

  1.  How could I neatly integrate TLS-PAKE with PAM on Linux.
  2.  How could I keep the pitfalls of security away from the normal application developpers.

In my opinion this would best require the feature of a message tunnel for “security subsystems” operating on both sides of the link in addition to the “application”’s payload channel. We would be having today’s application “TCP-like” channel and in addition the possibility to exchange messages between the security-subsystems. This is possibly a somewhat a larger change in TLS, but might be very helpful for neat integration on the system levels.

So in my opinion it’s not only the TLS-Designer perspective which needs to be considered but also the larger perspective of the system. In my opinion the situation for aPAKE is way more complex than for balanced PAKE. I believe that we don’t yet have a common understanding regarding the system level.

In my opinion we also should consider the use-case of “PASSWORD + second-factor” for TLS authentication where the password is protected by PAKE.

@Hugo: It seems that you had primarily use-cases in mind, where one specific secure channel is needed. E.g. for securing a remote VPN access by some user in its home environment? In this case neat integration with PAKE into systems such as PAM might not be the primary target and a simpler “TLS-only” approach will be the best solution with a separate application-specific user-credential database.

@CFRG: I’d appreciate your opinion regarding the system level view. Should we consider integration into systems like PAM or ActiveDirectory databases as important use-case or is our focus rather a “stand-alone” type of system with a small specific database for aPAKE.

Regarding the aPAKE protocols. In my opinion we have very good nominations which all meet (or could be made to meet) the important security targets. The question that I believe to be decisive is the “system view” that employs aPAKE as a subcomponent. Here I see different possible models and advantages and drawbacks of the different nominations.

Yours,

Björn.





Mit freundlichen Grüßen I Best Regards 

Dr. Björn Haase 

Senior Expert Electronics | TGREH Electronics Hardware
Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
Phone: +49 7156 209 377 | Fax: +49 7156 209 221
bjoern.haase@endress.com |  www.conducta.endress.com 



Endress+Hauser Conducta GmbH+Co.KG
Amtsgericht Stuttgart HRA 201908
Sitz der Gesellschaft: Gerlingen
Persönlich haftende Gesellschafterin:
Endress+Hauser Conducta Verwaltungsgesellschaft mbH
Sitz der Gesellschaft: Gerlingen
Amtsgericht Stuttgart HRA 201929
Geschäftsführer: Dr. Manfred Jagiella

 
Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis (https://www.endress.com/de/cookies-endress+hauser-website) nach.

 

Disclaimer: 

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.

v2.23.0 | Report a Bug | By Email