IETF Logo Mail Archive

Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Wed, 13 February 2019 23:42 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B483130F07; Wed, 13 Feb 2019 15:42:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5W8JMJ6q_cI; Wed, 13 Feb 2019 15:42:41 -0800 (PST)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 729D5128B01; Wed, 13 Feb 2019 15:42:41 -0800 (PST)
Received: by mail-wr1-x432.google.com with SMTP id i12so4533412wrw.0; Wed, 13 Feb 2019 15:42:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=eEIlf2GqXb0N7Q208aYzdnj7LnK0OTWG8c9+rwaH3NA=; b=EjseMjGIu7RL6m+0dyhWA7P519EXUfwbQbiaFi6Ydg1P+EbRY2WezKO3v/k+q4gGIe ukVv4C7Tm7uqToJrR8h6Lhe0+fMYKGYbK2DfpuyMVufgDM6A0FaaWhal8LKCmKHHjVgS oGj8LbWhS7IgbnowaZIwOhVTomDeIkKbMHel7ZCFfypSh1y+Uyg8PJ8zEHPWA5nY8IqK KfzP/WlPvlHOcFzLlrKjHXpTN2FM2fc8UnOg35sM6TzTwvC9cGEMkgBMvYi0+eFQRlTs WYzRnntAnL9gEunCN8sqYPyLhVYHQ+dDiTYqtr+BTv+qjJpsIRSB8W5DHxID9Era+gMv pTpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=eEIlf2GqXb0N7Q208aYzdnj7LnK0OTWG8c9+rwaH3NA=; b=LELpNH12tXOO5xJeSFV4dbuYgobJxi2TzYFAIldRh9M9I7zOZ4DyRD2OwO1toMJVgs WiQxwdF2O8r0VRq98I0NRynyW2VSNTD9B2VoCW0j0OVRpXVr32Wgwet+mOlDUOaf9Ee6 kuG6lwYyAJbNC+JegT55Rrq3wH49tK/PA55WLTRn4uFmloZghAoG3tROQ/XveC6cZGMG xg3cVSiXX80hi86uvT8oK5A1hHJOann8+vuv39X8Fgf29oMjiJScQQgZCWsOm2IzekKL xvkNtvgnBMwn2RfoL/JdnnAhh2k5Odp/ymaPQWGtThHdwHaCoHK6fd0dGMJP7v1BlARi QnDg==
X-Gm-Message-State: AHQUAuYr1+bzr57MsONYzmmKX/b1eYIStxk8Vam1qbKhQIOhEfbn8F9V lyKgPN8M1+ZFXx0QnmWqnZY=
X-Google-Smtp-Source: AHgI3IZs6QFPtevTiNgi3QB/humcCpcnMMMGPLEyviSoyG366H53kjNHzeJ8QV3CDy5uZ0SceL1CYg==
X-Received: by 2002:a5d:428b:: with SMTP id k11mr439465wrq.17.1550101359905; Wed, 13 Feb 2019 15:42:39 -0800 (PST)
Received: from [192.168.0.11] (79.108.125.160.dyn.user.ono.com. [79.108.125.160]) by smtp.googlemail.com with ESMTPSA id 2sm966311wrg.89.2019.02.13.15.42.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 15:42:39 -0800 (PST)
Subject: Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard
To: Nils Ohlmeier <nohlmeier@mozilla.com>, Emil Ivov <emcho@jitsi.org>
Cc: Bernard Aboba <bernard.aboba@gmail.com>, IETF discussion list <ietf@ietf.org>, Emad Omara <emadomara@google.com>, perc@ietf.org, "hta@google.com" <hta@google.com>, Alexandre GOUAILLARD <alex.gouaillard@cosmosoftware.io>, Lorenzo Miniero <lorenzo@meetecho.com>
References: <154889546931.10496.2408974719921724953.idtracker@ietfa.amsl.com> <CAOW+2dtxnSYOPPWxodN633O=dPOQaUnu7eYvgUYkPYRt6iWbaw@mail.gmail.com> <CAPvvaaK_VUXvy2=1TBGfBWWYxiBdXBzuR=Y-rnAdJyg=M8OfQQ@mail.gmail.com> <5486C91C-48EA-4AA1-85EE-05A0B01C1E70@meetecho.com> <C6FEAEB9-CF8E-48AF-B03F-1406FF9CB303@cosmosoftware.io> <CAOW+2ducgj400pk3xPFAkRYxnYvqwhMsE9rOO0u9PgLpniaaRA@mail.gmail.com> <CAPvvaaLYFeNkZ4Pfdh4pa2btNW6EGZBnAOvXzVZ9egU8V-gBNQ@mail.gmail.com> <CAOW+2dvom822NgjF7OAa2A8YDeqZ+mbCqA=fUcq-Y49oFyGpsA@mail.gmail.com> <CAPvvaa+EzwgMXB_t7ZVTBgZH2y4=neUm1RymUNKnMV-6zyGPaQ@mail.gmail.com> <a74a8239-27dc-5704-096b-05cc5e02bd18@gmail.com> <543375ED-9A4F-452C-AE51-9499DAD5CEE0@gmail.com> <80a1f634-0888-c5e2-f6be-729d4cca3b28@cosmosoftware.io> <06d91175-b071-49fe-01cc-4a1323ad85f7@gmail.com> <91A16283-A392-4217-97E1-B04A5C8AD245@mozilla.com> <CAPvvaaJDo6vYj00NMVQEKHnrMHr1EoQydTsZ+7WtdEgyoy_GAQ@mail.gmail.com> <1F1100AC-B9D2-4650-8663-A6D380721688@mozilla.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <2807c153-60ba-a741-f0ad-72c98d8d77bb@gmail.com>
Date: Thu, 14 Feb 2019 00:47:23 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <1F1100AC-B9D2-4650-8663-A6D380721688@mozilla.com>
Content-Type: multipart/alternative; boundary="------------4D1E968615682A386EA0BE22"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/DJBCyfoLiDQ-sa2rNWPbVvevnT8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 23:42:45 -0000

On 13/02/2019 23:48, Nils Ohlmeier wrote:
> While implementation convenience was part of the discussion it was 
> raised a few times that the people in favor of allowing SSRC 
> mutability never provided any written description of why mutating the 
> SSRC is not a problem as pointed out by the design team.

All SFUs I am aware of performs SSRC rewriting, it is much more than 
implementation convenience.

I assume that the ssrc rewriting security issue comes from the splicing 
attack described in:

https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01


        7.2.4
        <https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01#section-7.2.4>.
        Splicing Attack



    The splicing attack is an attack where a MDD receiving multiple media
    sources splices one media stream into the other.  If the MDD would be
    able to change the SSRC without the receiver having any method for
    verifying the orignal source ID, then the MDD could first deliver
    stream A.  And if the sequence numbers and other information allows
    it, the MDD can forward stream B under the same SSRC as stream A was
    previously forwarded.

    This attack is mitigated by requiring each rtp stream to have unique
    source IDs that are provided to the receiver.  That way the receiver
    would detect when the source ID switches for these streams.


Note that this attack happens also for perc double even without ssrc 
rewriting as there is no way of verifying that a particular ssrc is from 
a given participant as all participants share the same key and there is 
no protocol in place for mapping ssrcs to participants.

Also note that we have solved this in one of our deployments using PERC 
lite allowing ssrc rewriting and app key management, using a different 
ssrc for the OHB payload used for inner encryption and the outer/HBH rtp 
packet. The inner/OHB ssrc(=participant Id) is then assigned by the key 
management server together with the encryption key for each participant 
so it can be used for mapping ssrcs to participants and allows verifying 
the origin of a packet end to end.


Best regards

Sergio

v2.23.0 | Report a Bug | By Email