IETF Logo Mail Archive

Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 17 June 2019 13:41 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25D87120114; Mon, 17 Jun 2019 06:41:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id msnye8LJGbCy; Mon, 17 Jun 2019 06:41:42 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0628.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D63AB1200F7; Mon, 17 Jun 2019 06:41:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gXL9i3pwAHbVdhFcWv1SRZi15E/lq9nEOYxi9QJKwiU=; b=DDEP9Kk5VC0jbxR5hJTTKlO4Tw0k4v7v4eJ9WR5AJTrB8v9XyKT5KWYSfle08cTvZH6FxnbjY9R2c1oKF0plhH4928OqtgGh/sw5Urj2LOPVRJULUhiecc+IR1CfoUlEsLvP3BLXQBJLQ7/3DI8Z8AFTC+0nRMeJ0PfvvGo+slU=
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com (10.168.128.149) by HE1PR0701MB2444.eurprd07.prod.outlook.com (10.168.130.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.11; Mon, 17 Jun 2019 13:41:39 +0000
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::98a6:615b:5699:1cf2]) by HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::98a6:615b:5699:1cf2%7]) with mapi id 15.20.2008.007; Mon, 17 Jun 2019 13:41:39 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Cullen Jennings <fluffy@iii.ca>, The IESG <iesg@ietf.org>
CC: "perc@ietf.org" <perc@ietf.org>, "draft-ietf-perc-private-media-framework@ietf.org" <draft-ietf-perc-private-media-framework@ietf.org>, IETF Crazy <ietf@ietf.org>
Thread-Topic: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVCpou6R9yAhphm0qqCd+nrV/WHQ==
Date: Mon, 17 Jun 2019 13:41:39 +0000
Message-ID: <HE1PR0701MB25229E6AF6A91C0FDE28D54D95EB0@HE1PR0701MB2522.eurprd07.prod.outlook.com>
References: <155786852996.30194.6992264311523885594.idtracker@ietfa.amsl.com> <C2B4FEA8-EB29-46DD-8D9D-F80466C603ED@iii.ca>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cfda19d4-f2fd-47cc-a294-08d6f329864a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:HE1PR0701MB2444;
x-ms-traffictypediagnostic: HE1PR0701MB2444:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <HE1PR0701MB244442C06D929018A51AC28E95EB0@HE1PR0701MB2444.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0071BFA85B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(136003)(396003)(39860400002)(376002)(51444003)(199004)(189003)(76176011)(9686003)(186003)(478600001)(25786009)(55016002)(86362001)(66446008)(229853002)(14444005)(6436002)(71200400001)(33656002)(68736007)(446003)(966005)(76116006)(73956011)(66476007)(66556008)(66946007)(6306002)(53936002)(71190400001)(44832011)(64756008)(52536014)(66066001)(476003)(3846002)(6116002)(14454004)(256004)(2906002)(99286004)(4326008)(486006)(102836004)(53546011)(6506007)(26005)(561944003)(81166006)(81156014)(74316002)(110136005)(8676002)(5660300002)(54906003)(316002)(6246003)(7736002)(8936002)(305945005)(66574012)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2444; H:HE1PR0701MB2522.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: wVVhylILJx/C/bxksRCSP3PKdkj2q/Y1qgE0BmlG6dylT+bCuJ1EBBDh48zXkgJF/88CesF30ttjDQlUi9lPYvYOy0K3ue+Tpmte8VZewD34SnuHNQs/gCVW+czGyLBlchLD2y706fPLKoGEWtWSVg6D10Udo0lZ8wZxFFU3/BnTaVNFdw3zn9n6ZKON1D0XzMLOcwAqTBrehmLBjMI9qniRkTOWDxOz2mWYJyQVVIV92Z0x0STHcb7W+48MpV2Oz4IOAoaAp/6FLzVW5OPwsKOr1USDUZwBhbEtQS8El9zn5mBChHw5ImiDA1WTu/N0sI6kGVF1Mja8/oEPPVEfXvI06zDjrspWHpA4MCixPa+iU6Kb9f2EZWeI43YBX4Hw384yXbUWGLSfTOuaw7Uhw+iMqRPSCLnz2uLSq7xrMA8=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cfda19d4-f2fd-47cc-a294-08d6f329864a
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2019 13:41:39.0239 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: magnus.westerlund@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2444
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/hc3tnHvJZjMxbg4e8Wbf-mZhSX8>
Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2019 13:41:46 -0000

Hi Cullen,

Sorry this took longer than expected to get the IPR disclosure prepared
and submitted.

The claims define the scope of the invention.  There is much case law
regarding how the claims terms are to be interpreted.  For WebRTC, the
first below mentioned invention's purpose is to address a weakness in
that the signaling messages to establish peer connections. And the main
embodiment shown uses CSP, which does not appear to be described in
WebRTC. When it comes to PERC at least one of the claims could be
interpreted to apply on the part of how the Key Distributor knowns which
identities that the Endpoint has and which to allow into the conference.
Therefore we have made an IPR declaration on draft-ietf-perc-dtls-tunnel
and draft-jones-perc-dtls-tunnel.

https://datatracker.ietf.org/ipr/3580/

https://datatracker.ietf.org/ipr/3586/


Cheers

Magnus


On 2019-05-16 08:21, Cullen Jennings wrote:
>
>> On May 14, 2019, at 3:15 PM, Magnus Westerlund via Datatracker <noreply@ietf.org> wrote:
>>
>>
>> A significant security vunerability in PERC that should be made more explicit
>> and is totally missing is the risks with compromised endpoints. Beyond the very
>> evident thing that this endpoint can decrypt all media it receives there are
>> far more sinister risk here. Namely the potential for injection of media that
>> attempts to impersonate another endpoints media stream. Most of SRTP's cipher
>> suits only use symmetric crypto functions, thus enabling anyone with the key to
>> send a packet with any SSRC, and have that being accepted as that source. Where
>> it is has no practical usage in point to point communication, in conferencing
>> it becomes an issue. It allows the usage of media level replay or deep fakes to
>> be used to create media streams that are injected into the media distributors
>> using an SSRC of another endpoint.
>>
>> The mitiagations that are missing from this document. The fact that a media
>> distributor that is not compromised or collaborating with the compromised
>> endpoint could actually prevent such media injection by applying source
>> filtering of SSRCs and drop all that aren't associated with the endpoint. The
>> other potential mitigation is to introduce another cipher suit that uses a non
>> symmetric integrity protection mechanism, such as TESLA to prevent this type of
>> injection.
> And the related issue that the main way this can happen is attacker manipulation of the fingerprint so the providing ways to protect that along with SSRC based signalling or TELSA  is the obvious solution space to this. And just to frame the discussion, let me point out the issue you raise is not so much about an SSRC but binding the identity of a member of the group to the audio received. 
>
> As other have pointed out, which member inside the conference the media is from is not something PERC provides any information about. Many existing conference systems have existing approaches to solve this problem and they can add PERC as a tool with out breaking theses so it to be specified here. Something that used TESLA could work fine with PERC as well. I do think future work can look at what we need for rosters and active speakers and how to use things like STIR and fingerprints and SDP to tie identity to the media. However, I think that problem is fairly separable from the issue of making sure the operator of the media switch does not have access to the media content. 
>
> But just to explore what solutions could be build on top of PERC to solve this, let me cary on. 
>
> Early on the WG did consider one an Ericssons proposal that used SSRC based signalling for many things but the WG moved away from that at least partially over concerns of Ericsson IPR in this space. In trying to refresh some of the state on possible solutions to this I came across. 
>
> https://patentimages.storage.googleapis.com/07/b2/6a/f34fd49f38a5a4/US20180205720A1.pdf
>
> which has the following claim 
>
> 39) A method for a server for enabling setting up a secure peer - to - peer connection between a first peer and a second peer , wherein at least one of the first peer and the second peer is a web browser , the method comprising : receiving a request for a web application from the first peer ; sending a directive to the first peer requesting a fingerprint of a certificate of the first peer ; receiving a first fingerprint from the first peer ; and sending the first fingerprint to the second peer .
>
> So just to make sure I understand this, if we have a case where a webapp sends an SDP offer that goes to the first peer, this requests the certificate and of the first peer and sends it in the SDP answer to the webapp that then sends that answer on to the second peer. It seems this claim surely covers a bunch stuff we are doing in WebRTC as well as PERC and needs to be disclosed. You agree ?
>
> One thing that would work well is an approach like the CSP protection in the above patent mixed with the ability for the KD to bind the client to the web conference application as described in 
>
> https://patentimages.storage.googleapis.com/d0/de/1a/5cbafd9903417b/WO2018063041A1.pdf
>
> Actually claim 1 seems like that is pretty much perfect for solving this. Claim 1 reads 
>
> 1. A method for a server to bind a device application to a web service, wherein Web Real Time Control, WebRTC, functionality is provided to the server, the method comprises:
> -receiving a request for the web service from the device application, wherein communication between the server and the device application is done via https and WebRTC and the device application has generated WebRTC credentials comprising a private key, certificate of the private key and a fingerprint of the certificate,
> -receiving  the fingerprint and fingerprint generation algorithm of the certificate,
> -storing  the fingerprint and fingerprint generation algorithm and associating the fingerprint with the device application, and
> -using Datagram Transport Layer Security, DTLS, providing the certificate of the device application, in combination with the stored fingerprint to identify the device application to bind the device application to the web service.
>
> So to walk thorough the parts of this claim. When a user joins the web conference that uses PERC, the request and responses for the fingerprints are send via the SDP offer and answers over HTTPS, the website learns the fingerprint for the user and then when the DTLS connection to the KD is formed, the way the KD correlates to the user to make sure they are the right one to authorize into the conference is by using that same fingerprint. Let me know if I am misunderstanding this or if a disclosure is needed. 
>
> I think you should propose this stuff to dispatch as way to solve the problem of knowing who in a conference the media is coming from. Please let me know if I am misunderstanding theses claims and if disclosures need to be made. 
>
>
>
>
>
>

-- 

Magnus Westerlund 

----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email