IETF Logo Mail Archive

Re: [ntpwg] Unlinkability formulations in merged draft "NTS-4-NTP"

Sharon Goldberg <goldbe@cs.bu.edu> Wed, 08 March 2017 15:14 UTC

Return-Path: <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>
X-Original-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Delivered-To: ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A05FC1296C3 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 8 Mar 2017 07:14:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.311
X-Spam-Level:
X-Spam-Status: No, score=-1.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9-4qiVdDQPs1 for <ietfarch-ntp-archives-ahFae6za@ietfa.amsl.com>; Wed, 8 Mar 2017 07:14:25 -0800 (PST)
Received: from lists.ntp.org (psp3.ntp.org [185.140.48.241]) by ietfa.amsl.com (Postfix) with ESMTP id 4D7861296BC for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 8 Mar 2017 07:14:25 -0800 (PST)
Received: from lists.ntp.org (lists.ntp.org [10.224.90.243]) by lists.ntp.org (Postfix) with ESMTP id 29C0B86DB28 for <ntp-archives-ahFae6za@lists.ietf.org>; Wed, 8 Mar 2017 15:14:23 +0000 (UTC)
X-Original-To: ntpwg@lists.ntp.org
Delivered-To: ntpwg@lists.ntp.org
Received: from mail1.ntp.org (fortinet.ntp.org [10.224.90.254]) by lists.ntp.org (Postfix) with ESMTP id E661186DAED for <ntpwg@lists.ntp.org>; Wed, 8 Mar 2017 15:13:27 +0000 (UTC)
Received: from mail-it0-f42.google.com ([209.85.214.42]) by mail1.ntp.org with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <sharon.goldbe@gmail.com>) id 1cldHE-000FxR-W2 for ntpwg@lists.ntp.org; Wed, 08 Mar 2017 15:13:27 +0000
Received: by mail-it0-f42.google.com with SMTP id m27so37915057iti.1 for <ntpwg@lists.ntp.org>; Wed, 08 Mar 2017 07:13:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=GZSG74oA4RjyFEDnP170GFOPpgQYlXx6KLi9fmC7Zh4=; b=kpwAaOZbt4hleZN8CafuLsnTRxLLkfqSlr1S0wJ+S63T5nOqeGRJJJ0DvCgU1ki9nS QO5pEmJrU4KsQN0LMZtO1FYyhn+ozeA/CUCCmotSIYgcLFRp8r37sp9i7gY9yTOMcKMu 8UHN94LlsFYexb2hLAqyFRUdNEbjDaqNTGXcwLJ5MXjpcP/BoY2OwpRxWByLN/vl386A ayFverrssBNqLCKONujva/3iqKl00XESIlodH5bzppeQwAB/wUS+hmLQk/JaWOY7fVSS C66f68IlCro5hzbhfyTLDTNn1PL++HRH339/IeIw70zVisPdzxGrQUWp9K2MhVtjhd7C iitg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=GZSG74oA4RjyFEDnP170GFOPpgQYlXx6KLi9fmC7Zh4=; b=RaXtVKfAdRr7ceIOtlVJ2OZmHP296w65u0+XIxXTfhF4Ygl19pkkUslra09q4sBVPH ZrIvYfj/E44NKkxVxUkeLkrDczDUXznV56Vtc0EeSTuXFlY4RjiM5y7z/uNPsugzZY9R imQFmlZkqIxgpxnuLjaVuWnF1VUsvsA17cQBv4kiXbfo4oSKK2WB+wGoRI/fz/uYLAsH GvFHlXex7T7Pps5UStTRymsloqTCYdChsPxh7yPwXvB0ua4RORJImPkrj/V1u82v6q21 STFmn7S2tbK1b8Aek2unV/pLe6rmoN4gwHEjtxH++/esB2uYW8+RtUTXPSgQpm9QVjvZ T+GA==
X-Gm-Message-State: AMke39kaJm/8zvThLyw7Bk5SJzw3dsruhjmHiRt6tydr/CkzxXTiMdtcqaNPGCSbA+MOyHt0hLPBN4NctlWfzQ==
X-Received: by 10.107.129.75 with SMTP id c72mr7576241iod.23.1488986000130; Wed, 08 Mar 2017 07:13:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.141.197 with HTTP; Wed, 8 Mar 2017 07:12:39 -0800 (PST)
In-Reply-To: <OFDFA8201C.9FF6AA26-ONC12580DD.004A82AE-C12580DD.004BEDC7@ptb.de>
References: <OFDFA8201C.9FF6AA26-ONC12580DD.004A82AE-C12580DD.004BEDC7@ptb.de>
From: Sharon Goldberg <goldbe@cs.bu.edu>
Date: Wed, 08 Mar 2017 10:12:39 -0500
X-Google-Sender-Auth: EoDrbc_OdfIMT3fEqtV7bBPQonk
Message-ID: <CAJHGrrRLHR=BvWso5hqFdW7uO5ycp1KwwhYz2j881+p75x5mDQ@mail.gmail.com>
To: kristof.teichel@ptb.de
X-SA-Exim-Connect-IP: 209.85.214.42
X-SA-Exim-Rcpt-To: ntpwg@lists.ntp.org
X-SA-Exim-Mail-From: sharon.goldbe@gmail.com
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail1.ntp.org)
Subject: Re: [ntpwg] Unlinkability formulations in merged draft "NTS-4-NTP"
X-BeenThere: ntpwg@lists.ntp.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IETF Working Group for Network Time Protocol <ntpwg.lists.ntp.org>
List-Unsubscribe: <http://lists.ntp.org/options/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=unsubscribe>
List-Archive: <http://lists.ntp.org/pipermail/ntpwg/>
List-Post: <mailto:ntpwg@lists.ntp.org>
List-Help: <mailto:ntpwg-request@lists.ntp.org?subject=help>
List-Subscribe: <http://lists.ntp.org/listinfo/ntpwg>, <mailto:ntpwg-request@lists.ntp.org?subject=subscribe>
Cc: NTP Working Group <ntpwg@lists.ntp.org>
Content-Type: multipart/mixed; boundary="===============4771135632156065522=="
Errors-To: ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org
Sender: ntpwg <ntpwg-bounces+ntp-archives-ahfae6za=lists.ietf.org@lists.ntp.org>

Kristof, thanks for this.  There are 3 documents in there, I assume you are
talking about

https://github.com/dfoxfranke/nts/blob/master/draft-ietf-
ntp-using-nts-for-ntp.xml

right? Also, there are some missing refs so the draft doesn't compile on
xml2rfc ...

On Wed, Mar 8, 2017 at 8:48 AM, <kristof.teichel@ptb.de> wrote:

> Hello all,
>
> we have made a few changes to the merged draft (have been pushed to the
> repository at https://github.com/dfoxfranke/nts) after some discussion
> with Aanchal.
> These changes are about the formulation of the text regarding unlikability.
> We would welcome any comments or suggestions.
>
>
> The relevant text in Section "Objectives":
>
> - Privacy: NTS preserves unlinkability, i. e. it does not leak data that
> would allow an attacker to track mobile NTP clients when they move between
> networks. Note that unlinkability is not guaranteed for devices that
> function as servers as well as clients, see [link to Section "Privacy
> Considerations"].
>
> The relevant text in Section "Privacy Considerations":
>
> Unlinkability shall prevent that a device can be tracked when it changes
> networ adresses (e.g. because said device moved between different
> networks). This is to say that an attacker shall be unable to link a new
> address with one that was formerly used by the device, because of
> recognizable data that the device persistently sends as part of an
> NTS-secured NTP association. This is the justification for continually
> supplying the client with fresh cookies, so that a cookie never represents
> recognizable data in the sense outlined above.
>
> Note that the objective of NTS regarding unlinkability is merely to not
> leak any additional data that would cause linkability. NTS does not rectify
> legacy linkability issues that are already present in NTP. To minimize the
> risk of being tracked by a passive adversary the NTP client has to minimize
> the information it transmits within a client request (mode 3 packet) as
> described in the draft "draft-dfranke-ntp-data-minimization"
>
> Also, the objective only holds for actual time synchronization traffic, as
> opposed to key exchange traffic. This implies that it cannot be guaranteed
> for devices that function not only as time clients, but also as time
> servers (because the latter can be externally triggered to send
> authentication data).
>
>
> What do people here think?
>
> Best regards,
> Kristof
> _______________________________________________
> ntpwg mailing list
> ntpwg@lists.ntp.org
> http://lists.ntp.org/listinfo/ntpwg
>



-- 
Sharon Goldberg
Computer Science, Boston University
http://www.cs.bu.edu/~goldbe

_______________________________________________
ntpwg mailing list
ntpwg@lists.ntp.org
http://lists.ntp.org/listinfo/ntpwg

v2.23.0 | Report a Bug | By Email