[MLS] Improving client authentication

Raphael Robert <raphael@wire.com> Sun, 29 November 2020 17:13 UTC

Return-Path: <raphael@wire.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6B86E3A09DB for <mls@ietfa.amsl.com>; Sun, 29 Nov 2020 09:13:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ikwgVIKWZpgX for <mls@ietfa.amsl.com>; Sun, 29 Nov 2020 09:13:41 -0800 (PST)
Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFBCA3A09D9 for <mls@ietf.org>; Sun, 29 Nov 2020 09:13:40 -0800 (PST)
Received: by mail-ej1-x629.google.com with SMTP id bo9so16040177ejb.13 for <mls@ietf.org>; Sun, 29 Nov 2020 09:13:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:message-id:date:to; bh=Sggq0niIHH3z1R/5BP0Pb5VDddk9m7Rk/B1WvpP4fQI=; b=wIxpZcw31XreNzK2tmRy/Vx3IYBwZ9qyysBdhgodV9qqP51dMpmZHI9ArkqooZ8bCy Y18QGX05rkvWE0kLYd65lQD1YNhY3g0NbGFWvPnxraTE6FLTHIAuJ+TNrPJ2TR5RkIyA 9br/BCKianYGnOpbitYdQFKT1qjOSG2VLa91ZvXjr3LOVvEKPVUnZ/2qIo3w3r34dztY xx8QYjL1HNkIk9x8m9TTeCly+IKmjwbqwedaCC7dVdcTJDPCLu38wQoe7Q9kR94G0lzM Z99lHRJRxcKH2kPeXJeSYUfh+VN/f5YGnGBa8uFqz7mH8NuuddEO8YAUEdVLb72s0mmH sTdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=Sggq0niIHH3z1R/5BP0Pb5VDddk9m7Rk/B1WvpP4fQI=; b=SXQ4Daa1hSTRb+1qQC0DNYBL/gaHMCvGERyWfSIE4zwJ2HgWJcq/A1tJnwyJYk+9bg QfRmzWE66di5rogkuvmbXo7AeCour484cSDHDZS1+LFpfe4lHTxm2pMRBkF/VrTHr4wR jO2gTlYh+TZ8b9PeMzS6ShGrbgitPfFc69fHqS9K7Wh6kCKx5ZWDh6W+ZQQcfE/M9ATN 0SiL+mAJAeD87DHNTMpaDkNmgHJVN1l5Os/NhOcyWR5bI+yv8Uf5zQY+pWlOX9zJ+cqo RBOsSHM+IzHg9UxXAsI9A3T9sKgy1qIYejR7AEeNhKyg78cZc/2SmWw58yAi1r1PfBK1 555g==
X-Gm-Message-State: AOAM530fYllU67WHkU38GAkUz0yZPwOMroncrdu4mpNey6HeHtZiC7ap U2kNjdErlrCkjHAOgzviXYohNu3DbxP0uqaX
X-Google-Smtp-Source: ABdhPJyUfLi0e6v+yDSRqr+mpwCNAIRvRVm24ABLtrHDB7An+ejFE5UDvkxwHgjsNuE6UFUO8VQZQg==
X-Received: by 2002:a17:906:2742:: with SMTP id a2mr16755843ejd.219.1606670018211; Sun, 29 Nov 2020 09:13:38 -0800 (PST)
Received: from [] ([]) by smtp.gmail.com with ESMTPSA id v20sm513746ejq.45.2020. for <mls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 29 Nov 2020 09:13:37 -0800 (PST)
From: Raphael Robert <raphael@wire.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7689AC49-9409-44BE-9CCC-8361E726C15F"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Message-Id: <D6B0B977-776C-49B5-BB7D-312D7674FF4F@wire.com>
Date: Sun, 29 Nov 2020 18:13:06 +0100
To: "mls@ietf.org" <mls@ietf.org>
X-Mailer: Apple Mail (2.3654.
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/t6rJX4MbsNVYvt3qKdNBBw4OzAI>
Subject: [MLS] Improving client authentication
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2020 17:13:44 -0000

Hi all,

Recently there was some discussion about identities and credentials in MLS [1][2], in particular whether identities and signatures should be unique per group. The architecture draft defines things as follows:

"Formally, a Client is a set of cryptographic objects composed by public values such as a name (an identity), a public encryption key and a public signature key. Ownership of a Client by a user is determined by the fact that the user has knowledge of the associated secret values. When a Client is part of a Group, it is called a Member and its signature key pair uniquely defines its identity to other clients or members in the Group. In some messaging systems, clients belonging to the same user must all share the same identity key pair, but MLS does not assume this.

Users will typically own multiple Clients, potentially one or more per end-user devices (phones, web clients or other devices...) and may choose to authenticate using the same signature key across devices, using one signature key per device or even one signature key per group.”

In other words: while not encouraged, clients can have the same identity and the same signature key. As such, they become mostly indistinguishable from each other, except for their index in the tree. This was initially worded that way to clearly support real-world use cases where clients indeed have the same credential and MLS can just be used as a key negotiation protocol that builds on top of that. So far this has not received a lot of scrutiny, but I can see scenarios where this can clearly lead to attacks. A first scenario is described by Britta in [2]. Another attack – where attackers use said indistinguishability for impersonation – could go as follows:

 - Alice has two devices, A1 and A2. Both devices use the same credential, meaning they have the same identity and signature key.
 - An attacker briefly compromises A2 and creates a legitimate key package.
 - The attacker then creates an UpdateProposal with that key package and uses the index of A1 as the sender in the MLSPlaintext framing, as well as a RemoveProposal for A2.
 - Other members receive and process these proposals, and to them the UpdateProposal looks like it was issued by A1 (since the index is the one from A1 and the signature key is shared between A1 and A2).
 - Finally one of the other members sends a Commit referencing the proposals, seemingly evicting A2 from the group.
 - The attacker however still knows the HPKE private leaf key of A1 and is therefore still part of the group and can act as a passive attacker until A1 is evicted.
 - Incoming messages will look broken for A1, but it might take a while before A1 notices, if ever.

Besides UpdateProposals, A2 could also send a full Commit or application messages in the name of A1. Maybe other attacks could be mounted that way.

I think these kind of attacks are bad enough to look at things again. I propose the following:

1. Restrict the sharing of credentials: Identities and signature keys MUST each be unique per group.
2. Solve the use case of per-user devices differently.

Regarding the latter, I think we already have all the ingredients we need. The protocol spec has the following definition of credentials:

struct {
    CredentialType credential_type;
    select (Credential.credential_type) {
        case basic:

        case x509:
            Certificate chain<1..2^32-1>;
} Credential;

We can use the fact that a whole chain can be provided for the X509 type. So in case an application wants to use a per-user certificate, this certificate could just move up in the chain and sign a per-device certificate that has a unique identity and signature key. And btw, the same chain could also be allowed for the BasicCredential type with a small spec change.

Why is this better than before? Isn’t this just shifting the problem, because the per-user certificate could still issue an arbitrary number of per-device certificates? 

Firstly, impersonation attacks become harder (if not impossible) because the signature keys used to sign handshake & application messages are no longer shared across multiple devices. 

Secondly, the (private) signature key of the per-user certificate is now only used very rarely, namely in the situation where a new per-device certificate needs to be issued. This opens up new possibilities to better protect that key: it doesn’t have to be on the device necessarily, or it could be stored in a secure enclave, or it could be encrypted with a passphrase the user needs to provide, etc. None of these protection mechanisms could be applied to the per-device certificate, because its signing key needs to be readily available at all times (e.g. mobile messaging apps typically do operations in the background without requiring any action from the user, like sending end-to-end encrypted delivery receipts).

Thirdly, we could limit the validity of the per-device certificate. As mentioned above, that signature key is still relatively exposed and might as accessible to an attacker as the rest of the group state during a brief compromise. Limiting for how much time a per-device certificate is valid, would at least mitigate the risk a bit. We could allow updates to the per-device certificate under the condition that a) the UpdateProposal is signed with the old certificate, b) that the identity doesn’t change and c) that the per-user certificate is still the same.

I think the above proposal would make authentication in MLS better while still catering for the initial use cases.


[1] https://github.com/mlswg/mls-protocol/pull/439 <https://github.com/mlswg/mls-protocol/pull/439>
[2] https://mailarchive.ietf.org/arch/msg/mls/6tjSWyAesfU125IFRDfMhRLtsPM/ <https://mailarchive.ietf.org/arch/msg/mls/6tjSWyAesfU125IFRDfMhRLtsPM/>