Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
Christer Holmberg <christer.holmberg@ericsson.com> Thu, 06 October 2016 12:49 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0F701295E7 for <mmusic@ietfa.amsl.com>; Thu, 6 Oct 2016 05:49:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HUE9fE_5fso9 for <mmusic@ietfa.amsl.com>; Thu, 6 Oct 2016 05:49:33 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26EC4127A90 for <mmusic@ietf.org>; Thu, 6 Oct 2016 05:49:32 -0700 (PDT)
X-AuditID: c1b4fb25-15fff7000000793b-d1-57f6485a39bf
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by (Symantec Mail Security) with SMTP id BA.99.31035.A5846F75; Thu, 6 Oct 2016 14:49:31 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.32]) by ESESSHC005.ericsson.se ([153.88.183.33]) with mapi id 14.03.0319.002; Thu, 6 Oct 2016 14:49:30 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, Magnus Westerlund <magnus.westerlund@ericsson.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
Thread-Index: AQHSH9ATPAZhiMqWXkq+6ZcG+jYe1Q==
Date: Thu, 06 Oct 2016 12:49:29 +0000
Message-ID: <D41C238A.1095B%christer.holmberg@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.5.160527
x-originating-ip: [153.88.183.147]
Content-Type: text/plain; charset="windows-1254"
Content-ID: <C984277879F71F43823A7F568A55160A@ericsson.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRmVeSWpSXmKPExsUyM2K7om60x7dwg+5+FYupyx+zWKzYcIDV gcnj7/sPTB5LlvxkCmCK4rJJSc3JLEst0rdL4MqYeX8OU8Fn9YqNT+6zNjBOUOhi5OSQEDCR 2DetmamLkYtDSGA9o8TNE3PZIJxFjBJP+m6wdDFycLAJWEh0/9MGiYsINDNKrHvdzwrSLSyQ L7Hr2yFGEFtEoEDi/6k+VpB6EQE9iYubxUDCLAIqEquOrWIHsXkFrCXWbvoDVs4oICbx/dQa JhCbWUBc4taT+UwQBwlILNlznhnCFpV4+fgf2CpRoJHfv85mBhkvIaAkMW1rGkSrgcSRczdZ IWyg8d1TmCFsbYllC18zQ6wVlDg58wnLBEaRWUi2zULSPgtJ+ywk7bOQtC9gZF3FKFqcWpyU m25krJdalJlcXJyfp5eXWrKJERglB7f8Vt3BePmN4yFGAQ5GJR7eBfZfw4VYE8uKK3MPMUpw MCuJ8E62+xYuxJuSWFmVWpQfX1Sak1p8iFGag0VJnNds5f1wIYH0xJLU7NTUgtQimCwTB6dU A6NTdEXg+8y1lde/7J/+7dfB77q/dsm2NAuuOW+/U3nP6bP28Q5Tjn98aceQuv2s1LXk7wt2 fY3aLMz9PkQlaoV/yxWu3LrtVYuUim4pyUb9in677ZLIh1MFf87uTkxjm37h5PpAkafJvVLF W9+7WQpkb7Jm37Buhmml+73HU3ky//E/u59X2haqxFKckWioxVxUnAgAtgpsxY4CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/zSWiTMnBqkZktDU_iF5efbg-MAA>
Subject: Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments - MID security
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 12:49:37 -0000
Hi, Magnus suggested usage of RFC 6904 for encryption of the RTP SDES header extension for MID. I guess it would be a SHUOLD? In addition, we would say that a corresponding level of security must be applied to the RTP SDES header extension for MID and to the RTCP SDES MID item. Any opinions? Regards, Christer On 07/09/16 17:36, "mmusic on behalf of Paul Kyzivat" <mmusic-bounces@ietf.org on behalf of pkyzivat@alum.mit.edu> wrote: >Magnus, > >Thanks for highlighting your main issue - leakage across layers from SDP >to RTP. I see how that could be a different sort of vulnerability. >Encrypting RTP headers sounds like a better answer than obfuscating >specific ids in the SDP. > > Thanks, > Paul > >On 9/7/16 7:17 AM, Magnus Westerlund wrote: >> Den 2016-09-06 kl. 21:22, skrev Paul Kyzivat: >>> On 9/6/16 9:43 AM, Magnus Westerlund wrote: >>> >>>>> Note the following text in section 14.2: >>>>> >>>>> "The identification-tag MUST NOT contain any user information, >>>>>and >>>>> applications SHALL avoid generating >>>>> the identification-tag using a pattern that enables application >>>>> identification.² >>>>> >>>> >>>> Yes, but when it comes to profiling I think the above is to unspecific >>>> to prevent profiling. One option is a very basic algorithm that >>>>everyone >>>> will implement identically. However, the ordering of the m= line and >>>> their media types etc etc may still allow fingerprinting of a device. >>>> One could define it to be cryptographically random 3 character tags. >>>> Then it would likely be difficult to get anything from it. The issue >>>> here is really that one moves the tags from a context where the tags >>>>is >>>> a minor issue, as the full SDP provides so much profiling >>>>possibilities, >>>> to a RTP where it can be provided to completely different set of >>>> attackers. >>> >>> IMO this is becoming ridiculous. Using cryptographically random tags >>> would be annoying to implement, and would make the SDP even harder to >>> read. >>> >>> I've been annoyed at the examples using small integers because that >>> makes them hard to read. I'd be more inclined to use mnemonics, at >>>least >>> for examples, if not for production code. >> >> The point I tried to raise above is that the text in draft is >> insufficient to prevent information leakage. This because at least the >> implementation for the MIDs will be detectable unless one actually >> specify it very strictly. It might be that the possibility to identify >> the implementation is a very minor issue here and also something that >> is likely leaking in so many other ways. >> >> The more serious issue is being able to identify specific devices based >> on the MID values. So how many MIDs that are being used or at least >> offered will depend on the endpoints configuration in combination with >> the software. >> >>> >>> Are we getting to the point where we need to define an SDP Obfuscator >>> (along with a SIP Obfuscator)? >> >> Well, that is a separate problem from the one I am bringing up here. My >> main concern here is that due to the RTP header extension there is >> information that exist in SDP that are leaking to some degree to the RTP >> layer where it becomes observable by another set of potential attackers. >> >> The first mechanism that can be applied which will ensure protection >> towards third parties is to use RTP header extension encryption >> [RFC6904]. Then this information only leaks to nodes inside the security >> context. And they likely anyway have access to the SDP. Thus removing >> the issue. >> >> From my perspective mandating the use of RFC 6904 to encrypt the MID RTP >> header extension might be the simplest choice here and provides better >> protection against third parties. It may not give as good protection >> against semi trusted entities. But, they already have so much other >> information that this doesn't matter at this point. >> >>> >>> If that is what we need then I think we would be better off doing it >>> that way than doing it piecemeal, one token at a time. >>> >> >> The SDP and SIP layer issues in regards to these tracking possibilities >> are much harder, and clearly needs a more all encompassing approach. >> What I think is important here is the leakage to another layer. That >> should be prevented. >> >> Cheers >> >> Magnus Westerlund >> >> ---------------------------------------------------------------------- >> Services, Media and Network features, Ericsson Research EAB/TXM >> ---------------------------------------------------------------------- >> Ericsson AB | Phone +46 10 7148287 >> Färögatan 6 | Mobile +46 73 0949079 >> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com >> ---------------------------------------------------------------------- >> >> > >_______________________________________________ >mmusic mailing list >mmusic@ietf.org >https://www.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Jonathan Lennox
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Cullen Jennings
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Eric Rescorla
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- [MMUSIC] BUNDLE - MID Security - Updated text pro… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Cullen Jennings
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Adam Roach
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Ted Hardie
- Re: [MMUSIC] BUNDLE - MID Security - Updated text… Magnus Westerlund