Re: [Lurk] Lurk: new undetectable backdoor possibility?

"Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com> Thu, 30 June 2016 13:07 UTC

Return-Path: <thomas.fossati@nokia.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36C212D109 for <lurk@ietfa.amsl.com>; Thu, 30 Jun 2016 06:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHvUnBQkb3ac for <lurk@ietfa.amsl.com>; Thu, 30 Jun 2016 06:07:00 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 796E512D0DA for <lurk@ietf.org>; Thu, 30 Jun 2016 06:07:00 -0700 (PDT)
Received: from fr712umx4.dmz.alcatel-lucent.com (unknown [135.245.210.45]) by Websense Email Security Gateway with ESMTPS id B331EED79EA55; Thu, 30 Jun 2016 13:06:55 +0000 (GMT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (fr712usmtp2.zeu.alcatel-lucent.com [135.239.2.42]) by fr712umx4.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u5UD6vul015604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 30 Jun 2016 13:06:58 GMT
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id u5UD6kVt021045 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 30 Jun 2016 15:06:55 +0200
Received: from FR711WXCHMBA08.zeu.alcatel-lucent.com ([169.254.4.136]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Thu, 30 Jun 2016 15:05:57 +0200
From: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>
To: Dmitry Belyavsky <beldmit@gmail.com>, "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>
Thread-Topic: [Lurk] Lurk: new undetectable backdoor possibility?
Thread-Index: AQHR0rmF/E3KuzcL5UutnC++hlajU6AB2MwA///07oCAABxSgA==
Date: Thu, 30 Jun 2016 13:05:56 +0000
Message-ID: <D39AD554.6B2A3%thomas.fossati@alcatel-lucent.com>
References: <CADqLbzJfoW2Ta5wUKi35CAn97MoGsDAVkVWSyUu-iEgocA_=qA@mail.gmail.com> <D39AC438.6B266%thomas.fossati@alcatel-lucent.com> <CADqLbzKO+_qRvnPcnBAZ3R8GbCuUsvX6pOMuJD_f8JzVDVPdQg@mail.gmail.com>
In-Reply-To: <CADqLbzKO+_qRvnPcnBAZ3R8GbCuUsvX6pOMuJD_f8JzVDVPdQg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-originating-ip: [135.239.27.41]
Content-Type: multipart/alternative; boundary="_000_D39AD5546B2A3thomasfossatialcatellucentcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/CoGZUXz-i21e7fK4DNhQLdwkaDA>
Cc: LURK BoF <lurk@ietf.org>
Subject: Re: [Lurk] Lurk: new undetectable backdoor possibility?
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 13:07:04 -0000

Hi Dmitry,

The attack you describe still needs collusion of one of the principals, and it's therefore outside the usual internet threat model (Section 3 of RFC 3552).

Cheers, t

From: Lurk <lurk-bounces@ietf.org<mailto:lurk-bounces@ietf.org>> on behalf of Dmitry Belyavsky <beldmit@gmail.com<mailto:beldmit@gmail.com>>
Date: Thursday, 30 June 2016 13:24
To: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com<mailto:thomas.fossati@nokia.com>>
Cc: LURK BoF <lurk@ietf.org<mailto:lurk@ietf.org>>
Subject: Re: [Lurk] Lurk: new undetectable backdoor possibility?

Hello Thomas,

On Thu, Jun 30, 2016 at 3:04 PM, Fossati, Thomas (Nokia - GB) <thomas.fossati@nokia.com<mailto:thomas.fossati@nokia.com>> wrote:
Hi Dmitry

I think I found a new undetectable LURK-specific backdoor possibility.

The (government-related) attacker installs an extra frontend server and redirects a victim DNS requests to it.

The only thing the attacker needs from the key owner to perform this attack is a certificate to make the attacker's frontend server capable to send requests and obtain responses from the key server.

The attack described does not cause the Key owner's key compromise and does not require to issue a bogus certificate for the Key owner's domain. So if I am not mistaken, the attack is technically undetectable if the Key owner agrees to provide such a possibility.

Please correct me if I am wrong.

Is it an attack on the protocol if you need to collude with the Key owner to run it successfully?

No, the attack I describe is not an attack on the protocol.

It is an attack that can be named "Key abuse". And it is much "cheaper" to the Key owner than just providing a private key.


--
SY, Dmitry Belyavsky