IETF Logo Mail Archive

Re: [perpass] Stopping packet injection: the network is attacking us (was re Password Sniffing)

Phillip Hallam-Baker <hallam@gmail.com> Tue, 12 November 2013 18:41 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C116111E810B for <perpass@ietfa.amsl.com>; Tue, 12 Nov 2013 10:41:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.498
X-Spam-Level:
X-Spam-Status: No, score=-2.498 tagged_above=-999 required=5 tests=[AWL=0.101, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49mk6pgFycEG for <perpass@ietfa.amsl.com>; Tue, 12 Nov 2013 10:41:55 -0800 (PST)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 6B70A21F9FAB for <perpass@ietf.org>; Tue, 12 Nov 2013 10:41:54 -0800 (PST)
Received: by mail-lb0-f170.google.com with SMTP id z5so1394947lbh.15 for <perpass@ietf.org>; Tue, 12 Nov 2013 10:41:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oGW8fdbXM87KbYvDdNqqUqJsXoBlVRe2V4S3GZ88QWE=; b=gcIqqZbiUmETAupoO3ZogR9mM1dXq4+h1BB94D93HjKjMSQ/ylczqYiQnxxwR9J5YM VN0zUZCUJZndMNBdfC/pggahNmdNybEQ/I5KGyYGN4sy6ib8vRCnKFYU/FL8QAbu2BRJ zQpH+6KXkHJe/48Ddzs6zyRMHDoGM9BE5L6JEIZnrIsHHsHUuWvL4H52tWS4GO36ur9w RQZxlfysoekTdO9ZH0dSqO/ckUCcnPRG0TLmuV3Kg4IgOKiHA/0uR4FK/ZLZMu3gTQZk z7SAoZF8ZdTbgb4unnF+7oC0zbrocRKPCWH0nmboT1ch1KrGgrphbGI9cWMYPqeAG5Rc 3/rw==
MIME-Version: 1.0
X-Received: by 10.152.116.7 with SMTP id js7mr28361459lab.11.1384281713391; Tue, 12 Nov 2013 10:41:53 -0800 (PST)
Received: by 10.112.46.98 with HTTP; Tue, 12 Nov 2013 10:41:53 -0800 (PST)
In-Reply-To: <33CCA400-9D1A-4A1E-A50D-84E4EE1960EB@icsi.berkeley.edu>
References: <CAMm+Lwh1QPgYzd8Y2DRKsLE7LDq3a5k=T0KCs+9xKxZyptRe2w@mail.gmail.com> <33CCA400-9D1A-4A1E-A50D-84E4EE1960EB@icsi.berkeley.edu>
Date: Tue, 12 Nov 2013 10:41:53 -0800
Message-ID: <CAMm+Lwh2CcPRh33E9JvXpqKGXyARvxf0RfAVg-x1xskYPni9bA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
Content-Type: multipart/alternative; boundary="001a11c2672acbbe8d04eaff331d"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Stopping packet injection: the network is attacking us (was re Password Sniffing)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 18:41:55 -0000

On Tue, Nov 12, 2013 at 8:37 AM, Nicholas Weaver
<nweaver@icsi.berkeley.edu>wrote:

>
> On Nov 12, 2013, at 8:05 AM, Phillip Hallam-Baker <hallam@gmail.com>
> wrote:
>
> > The biggest weakness in Internet protocols is relying on passwords for
> authentication. What can we do to make the password mechanisms more secure
> and to wean the Internet off passwords?
> >
> > I don't want to start an NSA rathole here, but I need evidence to
> support the above assertion and until the GRU or MOSSAD or PLA or whatever
> have their Snowden event, I am limited to using the NSA.
> >
> > 1) NSA using Password sniffing in Attack:
> http://boingboing.net/2013/11/11/gchq-used-fake-slashdot-linke.html
>
> Thats false.  They didn't use password sniffing in this attack.  And
> overall reporting on that was pretty dismal.
>


> This was targeting information for a QUANTUMINSERT attack [1], aka packet
> injection/Man-on-the-Side for exploitation.  And there was no fake slashdot
> page, just fake packets.  I wish they were just password sniffing.
>

The cookie stealing attack is easier to prevent:

https://datatracker.ietf.org/doc/draft-hallambaker-httpsession/

Basically the protocol is as follows:

1) Client tells server 'I accept strong cookies'

2) Server sends an algorithm and shared secret in the HTTP channel

3) Client presents the usual cookie plus a MAC value calculated over some
of the request and the shared secret exchanged earlier.

4) Server authenticates response in the same way.


The mechanism can be optionally bound to the TLS channel and the request
content.

The initial exchange is preferably protected by TLS but this is not
essential. The main objective is to avoid repeated transfer of a bearer
credential.

If plaintext exchange is going to be frequent, a DH exchange should be
available as an option.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email