IETF Logo Mail Archive

Re: [Perc] PERC LIte

"Mo Zanaty (mzanaty)" <mzanaty@cisco.com> Thu, 25 May 2017 15:26 UTC

Return-Path: <mzanaty@cisco.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08BA0129AD3 for <perc@ietfa.amsl.com>; Thu, 25 May 2017 08:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.512
X-Spam-Level:
X-Spam-Status: No, score=-14.512 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l7TdBLkOKvQY for <perc@ietfa.amsl.com>; Thu, 25 May 2017 08:26:44 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA9771294C8 for <perc@ietf.org>; Thu, 25 May 2017 08:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20733; q=dns/txt; s=iport; t=1495726003; x=1496935603; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=+VAwNU0b3OU+AvrY3w/6ih+DtcDVTikrcOwt/iN666c=; b=VjCidcJShHH0YtzTe+av7sXxMo5TBE4YhBOhyV4ezEY9B34eBbF/XK2L BNv2Bo4xeVlqcp026P9dVIp/Hsvhe7MhqBSN4uaQib0fe/lYVWxruRZXt XLPuiwJHv1ab4KivmELg7D62LNAsQwJDLVQlUE1w0TBafqY6cyENB7bJZ I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AsAQD09iZZ/4MNJK0UBToJGQEBAQEBAQEBAQEBBwEBAQEBgm5nYoENB4NoihiRXoYzgXWNUIIPIQEKgkKDNgKCfT8YAQIBAQEBAQEBayiFGAEBAQEDAQECHARDBQIIEwIBCBEDAQIoBAMhBgMIFAkIAgQBEAIJEokqTAMVEIUTphMMgiUrhwQNhAcBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhDmCJoFegxyCRhGBaEcWgl2CXwWJR40yhm87AYcfhzCEWJF3izICiRkBHziBCnMVRoRCORyBY0QyAYgWgQ0BAQE
X-IronPort-AV: E=Sophos;i="5.38,392,1491264000"; d="scan'208,217";a="429695573"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 May 2017 15:26:42 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v4PFQgoV030545 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 25 May 2017 15:26:42 GMT
Received: from xch-aln-005.cisco.com (173.36.7.15) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 25 May 2017 10:26:42 -0500
Received: from xch-aln-005.cisco.com ([173.36.7.15]) by XCH-ALN-005.cisco.com ([173.36.7.15]) with mapi id 15.00.1210.000; Thu, 25 May 2017 10:26:42 -0500
From: "Mo Zanaty (mzanaty)" <mzanaty@cisco.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, "perc@ietf.org" <perc@ietf.org>
Thread-Topic: [Perc] PERC LIte
Thread-Index: AQHS1WtPpcZC4Zzc10K6NFb/w4kMGw==
Date: Thu, 25 May 2017 15:26:41 +0000
Message-ID: <D54C6C11.6EA03%mzanaty@cisco.com>
References: <9d1552b8-b69f-ac14-e28b-2905bd5e5692@gmail.com> <CAOW+2dtRYXcnzUnP3cZKKNXJ1FxJPwMw3hmb349KpbLJwQD5FA@mail.gmail.com> <1adbb700-b61e-b283-6e29-ff3b5fd0d5ee@gmail.com> <CAHgZEq46mBQMEcQY-EM36s5_8FWCLJx9nrDo6FX4DA6COmmUYA@mail.gmail.com> <D54B71A7.6E93C%mzanaty@cisco.com> <9c8f493d-74f8-0c65-f660-289df0239d46@gmail.com>
In-Reply-To: <9c8f493d-74f8-0c65-f660-289df0239d46@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.3.170325
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.173.88]
Content-Type: multipart/alternative; boundary="_000_D54C6C116EA03mzanatyciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/pr9_ulzCHr8T_zM96hFIit1KOKc>
Subject: Re: [Perc] PERC LIte
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 15:26:47 -0000

Hi Sergio,

I was not thinking of compromised js (yet), just the real webrtc service js. What origin do you expect for this js? I expect the MD provider, or maybe KD.MD subdomain (e.g. ietf.webex.com) where the MD provider still controls the js while the KD subdomain is just for vanity and demux not operational control. But seems like you expect the KD provider for this js.

What do you mean by "independent context" below? Are you referring to the IdP Proxy within the browser? So this key object would be restricted to the IdP Proxy and not accessible from the real webrtc js or DOM?

Thanks,
Mo


From: Perc <perc-bounces@ietf.org<mailto:perc-bounces@ietf.org>> on behalf of Sergio Murillo <sergio.garcia.murillo@gmail.com<mailto:sergio.garcia.murillo@gmail.com>>
Date: Wednesday, May 24, 2017 at 5:55 PM
To: "perc@ietf.org<mailto:perc@ietf.org>" <perc@ietf.org<mailto:perc@ietf.org>>
Subject: Re: [Perc] PERC LIte

Hi Mo,

The key in JS is just for the media cencryption, DTLS/SRTP is setup normally on top, so it is in no way less secure than current DTLS/SRTP.

If JS is compromised, and an attacker gets the key, he will still be unable to access the media data as is encrypted HBH by DTLS. To gain access to the media, he would need to get the key AND break HBH DTLS.

Also, if JS is compromised, PERC will be defeated completely (any solution) as it could clone all the media streams and sent it to a rogue MD with a different PC.

To prevent that is why IdP was introduced into WebRTC, and a similar solution could be done for setting the key (just run a js script from the KD on an independent context and restrict the usage of that stream to the required identity).

Anyway, I understand this will be a sensible topic, so I am willing to discuss this in detail.

Best regards
Sergio



On 24/05/2017 23:42, Mo Zanaty (mzanaty) wrote:
Keys in JS app signaling/APIs??? Have we come full circle back to SDES???

Seems like PERC lite would weaken not strengthen the security of DTLS-SRTP / WebRTC apps, if JS can inject keys to ignore DH, defeat PFS, etc.

Confused,
Mo

From: Perc <perc-bounces@ietf.org<mailto:perc-bounces@ietf.org>> on behalf of Alexandre GOUAILLARD <agouaillard@gmail.com<mailto:agouaillard@gmail.com>>
Date: Wednesday, May 24, 2017 at 5:14 PM
To: Sergio Murillo <sergio.garcia.murillo@gmail.com<mailto:sergio.garcia.murillo@gmail.com>>
Cc: "perc@ietf.org<mailto:perc@ietf.org>" <perc@ietf.org<mailto:perc@ietf.org>>, Bernard Aboba <bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>>
Subject: Re: [Perc] PERC LIte

bernard,

Good point.

i'm discussing with peter T, and proposal for webrtc WG and ORTC CG API extensions are coming your way this week.  Sergio did it at the PeerConnection level while peter is advocating an Api at the RTPSender/Receiver level. Of course, the crypto-algorithm needs to be an input variable as well.

On Thu, May 25, 2017 at 5:46 AM, Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com<mailto:sergio.garcia.murillo@gmail.com>> wrote:
Hi Bernard,

Yes, the example API is just the lazy approach I have taken on my modified chromium, hardcoding the key to AES-GCM 256 so I didn't have to add an object to the IDL and worry about how to retrieve later on the c++ code.

The API should allow to set the key and look more like:


const pc = new RTCPeerConnection({

mediaCrypto : {

key : 'VEhJUyBJUyBUSEUgMzIgS0VZIFdJVEggMTIgU0FMVCBET1VCTEUgUEVSQyE=',

suite  : 'AEAD_AES_256_GCM'

}

}); Anticipating the security comments, I don't expect that to be the final API for WebRTC, which IMHO should be a similar mechanism as the one in place for IdP (or even integrated with it), but I feel that that discussion should take place on the RTCWeb group and not here. Best regards Sergio
On 24/05/2017 19:56, Bernard Aboba wrote:
Thanks for posting this.
Question:  In terms of API support, how is the crypto-algorithm specified?  So far, the proposed API just has the key.
On Wed, May 24, 2017 at 10:11 AM, Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com<mailto:sergio.garcia.murillo@gmail.com>> wrote:

Hi all again,

Also to start the discussion about 5), I would like to introduce again my proposal for a "PERC Lite" approach.

The main objectives and key points of this proposal are:

  *   Minimum viable PERC implementation
  *   Minimize impact on both endpoints and MD
  *   OHB is carried in the RTP payload (Encrypted Payload Header).
  *   No changes to the DTLS/SRTP code/api/standards
  *   No RTP E2E Header extensions
  *   RTX/FEC/RED is supported HBH without any change to current standards/implementations.

Best regards

Sergio

_______________________________________________ Perc mailing list Perc@ietf.org<mailto:Perc@ietf.org> https://www.ietf.org/mailman/listinfo/perc

_______________________________________________ Perc mailing list Perc@ietf.org<mailto:Perc@ietf.org> https://www.ietf.org/mailman/listinfo/perc
--
Alex. Gouaillard, PhD, PhD, MBA
------------------------------------------------------------------------------------
President - CoSMo Software Consulting, Singapore
------------------------------------------------------------------------------------
sg.linkedin.com/agouaillard<http://sg.linkedin.com/agouaillard>

  *

_______________________________________________
Perc mailing list
Perc@ietf.org<mailto:Perc@ietf.org>https://www.ietf.org/mailman/listinfo/perc

v2.23.0 | Report a Bug | By Email