IETF Logo Mail Archive

Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 16 May 2019 14:11 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10EA71200BA; Thu, 16 May 2019 07:11:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lc18sNlFikYm; Thu, 16 May 2019 07:11:26 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60041.outbound.protection.outlook.com [40.107.6.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D960120098; Thu, 16 May 2019 07:11:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=47g9ISpF0o/k9Oi+j5X9O+p4sMw7qCZlkDt1A1Q3fAU=; b=NIDNH9VvkoAfsn4RypVktC7ouDmeuUWxRv7gbghrG/1HqIMqepDUCj8uQ1Kr3bu6FpVdLSSTsdt5QfIq+Q0ZYmhW86JZTEw4C7rsGOrDrGkR6YlBHJv4NthqbsmXi61ckCffRb9hI4g2J+dIxFlCk5RyGqTVOcg4+yM8o1Re64A=
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com (10.168.128.149) by HE1PR0701MB2251.eurprd07.prod.outlook.com (10.168.29.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.11; Thu, 16 May 2019 14:11:23 +0000
Received: from HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::896a:7ada:8bc9:d99d]) by HE1PR0701MB2522.eurprd07.prod.outlook.com ([fe80::896a:7ada:8bc9:d99d%6]) with mapi id 15.20.1900.010; Thu, 16 May 2019 14:11:23 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Cullen Jennings <fluffy@iii.ca>, The IESG <iesg@ietf.org>
CC: "perc@ietf.org" <perc@ietf.org>, "draft-ietf-perc-private-media-framework@ietf.org" <draft-ietf-perc-private-media-framework@ietf.org>, IETF Crazy <ietf@ietf.org>
Thread-Topic: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
Thread-Index: AQHVCpou6R9yAhphm0qqCd+nrV/WHQ==
Date: Thu, 16 May 2019 14:11:23 +0000
Message-ID: <HE1PR0701MB2522A6FA2FE7D2116A509C09950A0@HE1PR0701MB2522.eurprd07.prod.outlook.com>
References: <155786852996.30194.6992264311523885594.idtracker@ietfa.amsl.com> <C2B4FEA8-EB29-46DD-8D9D-F80466C603ED@iii.ca>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c370a123-ffe1-4bdd-89dd-08d6da0860c7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR0701MB2251;
x-ms-traffictypediagnostic: HE1PR0701MB2251:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR0701MB22513313792B3FDB52B6AEEC950A0@HE1PR0701MB2251.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0039C6E5C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(136003)(39860400002)(51444003)(189003)(199004)(305945005)(7736002)(86362001)(8936002)(316002)(53546011)(6506007)(7696005)(99286004)(52536014)(81166006)(6116002)(102836004)(3846002)(2906002)(81156014)(25786009)(76176011)(8676002)(66574012)(5660300002)(71190400001)(486006)(71200400001)(256004)(74316002)(476003)(508600001)(33656002)(6436002)(53936002)(68736007)(6246003)(66556008)(91956017)(54906003)(110136005)(966005)(76116006)(26005)(4326008)(44832011)(561944003)(66476007)(64756008)(66946007)(9686003)(66066001)(66446008)(14454004)(446003)(73956011)(14444005)(186003)(55016002)(6306002)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2251; H:HE1PR0701MB2522.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: VnB6l+XgE0zV8ORRHzFbvQwjaqa0dXc0AaTxkiDP14FrQoz2RuCSinZnRQcgxZmTwTRlhETFHTiobTHJVr5g0xZD3LNIWNIo54KPQG6tqwXrCf49gPnwTBu4IoobJ0eCx+RyChFiZ112fQDScCIZfqwnJd0r3U+iXbbfKyVS74Ot3eNSdmYJYFbQGLZrFSkQ/jdKCpETdeHF7U23gBI3BqCz0HAiYg9Rbv84JC4r7Gam5Z7hOcWW9VbZkSZh+LRwQ5sgLJyPyRvSTHM7oKcJKIkm+yRthRWofDouQppSttycuxiSC8AKFxI+t5y3IU/oMqZj/0yOs9MTgmiHBfNwLH70OwP1VvQ88ShCe411S3qT+wh8LgYdNgdvmzADS/8yKgBe2I+Pbnn88iDR85vrthEMSBpwLmakN+wYjR5G1CI=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c370a123-ffe1-4bdd-89dd-08d6da0860c7
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2019 14:11:23.5435 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2251
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/bEVCOns4NblrqvXGgDb29RGOYHo>
Subject: Re: [Perc] Magnus Westerlund's Discuss on draft-ietf-perc-private-media-framework-10: (with DISCUSS and COMMENT)
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 14:11:30 -0000

Hi Cullen,

On 2019-05-16 08:21, Cullen Jennings wrote:
>
>> On May 14, 2019, at 3:15 PM, Magnus Westerlund via Datatracker <noreply@ietf.org> wrote:
>>
>>
>> A significant security vunerability in PERC that should be made more explicit
>> and is totally missing is the risks with compromised endpoints. Beyond the very
>> evident thing that this endpoint can decrypt all media it receives there are
>> far more sinister risk here. Namely the potential for injection of media that
>> attempts to impersonate another endpoints media stream. Most of SRTP's cipher
>> suits only use symmetric crypto functions, thus enabling anyone with the key to
>> send a packet with any SSRC, and have that being accepted as that source. Where
>> it is has no practical usage in point to point communication, in conferencing
>> it becomes an issue. It allows the usage of media level replay or deep fakes to
>> be used to create media streams that are injected into the media distributors
>> using an SSRC of another endpoint.
>>
>> The mitiagations that are missing from this document. The fact that a media
>> distributor that is not compromised or collaborating with the compromised
>> endpoint could actually prevent such media injection by applying source
>> filtering of SSRCs and drop all that aren't associated with the endpoint. The
>> other potential mitigation is to introduce another cipher suit that uses a non
>> symmetric integrity protection mechanism, such as TESLA to prevent this type of
>> injection.
> And the related issue that the main way this can happen is attacker manipulation of the fingerprint so the providing ways to protect that along with SSRC based signalling or TELSA  is the obvious solution space to this. And just to frame the discussion, let me point out the issue you raise is not so much about an SSRC but binding the identity of a member of the group to the audio received. 

Yes, agree that the fundamental is to know which identity that create a
particular packet. How that is accomplished there are many solutions.


>
> As other have pointed out, which member inside the conference the media is from is not something PERC provides any information about. Many existing conference systems have existing approaches to solve this problem and they can add PERC as a tool with out breaking theses so it to be specified here. Something that used TESLA could work fine with PERC as well. I do think future work can look at what we need for rosters and active speakers and how to use things like STIR and fingerprints and SDP to tie identity to the media. However, I think that problem is fairly separable from the issue of making sure the operator of the media switch does not have access to the media content. 

Yes, and to be clear I don't expect that base PERC solution should solve
the issue. I only requested that the security properties that exist are
made clear. 

Regarding your below questions I will reply to that separately and it
may take me a couple of days.

Cheers

Magnus


>
> But just to explore what solutions could be build on top of PERC to solve this, let me cary on. 
>
> Early on the WG did consider one an Ericssons proposal that used SSRC based signalling for many things but the WG moved away from that at least partially over concerns of Ericsson IPR in this space. In trying to refresh some of the state on possible solutions to this I came across. 
>
> https://patentimages.storage.googleapis.com/07/b2/6a/f34fd49f38a5a4/US20180205720A1.pdf
>
> which has the following claim 
>
> 39) A method for a server for enabling setting up a secure peer - to - peer connection between a first peer and a second peer , wherein at least one of the first peer and the second peer is a web browser , the method comprising : receiving a request for a web application from the first peer ; sending a directive to the first peer requesting a fingerprint of a certificate of the first peer ; receiving a first fingerprint from the first peer ; and sending the first fingerprint to the second peer .
>
> So just to make sure I understand this, if we have a case where a webapp sends an SDP offer that goes to the first peer, this requests the certificate and of the first peer and sends it in the SDP answer to the webapp that then sends that answer on to the second peer. It seems this claim surely covers a bunch stuff we are doing in WebRTC as well as PERC and needs to be disclosed. You agree ?
>
> One thing that would work well is an approach like the CSP protection in the above patent mixed with the ability for the KD to bind the client to the web conference application as described in 
>
> https://patentimages.storage.googleapis.com/d0/de/1a/5cbafd9903417b/WO2018063041A1.pdf
>
> Actually claim 1 seems like that is pretty much perfect for solving this. Claim 1 reads 
>
> 1. A method for a server to bind a device application to a web service, wherein Web Real Time Control, WebRTC, functionality is provided to the server, the method comprises:
> -receiving a request for the web service from the device application, wherein communication between the server and the device application is done via https and WebRTC and the device application has generated WebRTC credentials comprising a private key, certificate of the private key and a fingerprint of the certificate,
> -receiving  the fingerprint and fingerprint generation algorithm of the certificate,
> -storing  the fingerprint and fingerprint generation algorithm and associating the fingerprint with the device application, and
> -using Datagram Transport Layer Security, DTLS, providing the certificate of the device application, in combination with the stored fingerprint to identify the device application to bind the device application to the web service.
>
> So to walk thorough the parts of this claim. When a user joins the web conference that uses PERC, the request and responses for the fingerprints are send via the SDP offer and answers over HTTPS, the website learns the fingerprint for the user and then when the DTLS connection to the KD is formed, the way the KD correlates to the user to make sure they are the right one to authorize into the conference is by using that same fingerprint. Let me know if I am misunderstanding this or if a disclosure is needed. 
>
> I think you should propose this stuff to dispatch as way to solve the problem of knowing who in a conference the media is coming from. Please let me know if I am misunderstanding theses claims and if disclosures need to be made. 
>
>
>
>
>
>

-- 

Magnus Westerlund 

----------------------------------------------------------------------
Network Architecture & Protocols, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email