IETF Logo Mail Archive

Re: [Privacy-pass] Detecting malicious registries/servers

Chelsea Komlo <ckomlo@uwaterloo.ca> Mon, 03 August 2020 22:14 UTC

Return-Path: <ckomlo@uwaterloo.ca>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FB003A0CD9 for <privacy-pass@ietfa.amsl.com>; Mon, 3 Aug 2020 15:14:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.196
X-Spam-Level:
X-Spam-Status: No, score=-0.196 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uwaterloo.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQCUDtcFI2PJ for <privacy-pass@ietfa.amsl.com>; Mon, 3 Aug 2020 15:14:08 -0700 (PDT)
Received: from phage7.uwaterloo.ca (phage7.uwaterloo.ca [129.97.128.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B78ED3A0C94 for <privacy-pass@ietf.org>; Mon, 3 Aug 2020 15:14:08 -0700 (PDT)
Received: from pps.filterd (phage7.uwaterloo.ca [127.0.0.1]) by phage7.uwaterloo.ca (8.16.0.42/8.16.0.42) with SMTP id 073LuKvF030060; Mon, 3 Aug 2020 18:14:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwaterloo.ca; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=default; bh=TdjAU7LKQm87sfajP3SRbhEKPYWlYJxR2YGoFGAQXkk=; b=XDblqkSBi64kWXXjJ+1RFSCuef/IxqTto6r2gGqR/zK7zNv8zCPEszjJW/KZ3ACMwKRo XvwUxpvi7NaZ6xcpNNhE3Pw8pW3PGYPgKEz2jRKXDMLrFmPANqI2zeWznb/3HbL80Lf6 lzzZPO6+qdnJAFYW2JCZ3AMGalUYM8utCOg=
Received: from connhm03.connect.uwaterloo.ca (connhm03.connect.uwaterloo.ca [172.16.137.67]) by phage7.uwaterloo.ca with ESMTP id 32pem83baw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Mon, 03 Aug 2020 18:14:06 -0400
Received: from connhm02.connect.uwaterloo.ca (172.16.137.66) by connhm03.connect.uwaterloo.ca (172.16.137.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1913.5; Mon, 3 Aug 2020 18:14:05 -0400
Received: from connhm02.connect.uwaterloo.ca ([fe80::dcfc:7fe1:3d27:382b]) by connhm02.connect.uwaterloo.ca ([fe80::dcfc:7fe1:3d27:382b%18]) with mapi id 15.01.1913.010; Mon, 3 Aug 2020 18:14:06 -0400
From: Chelsea Komlo <ckomlo@uwaterloo.ca>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Chelsea Komlo <chelsea.komlo@gmail.com>
CC: "privacy-pass@ietf.org" <privacy-pass@ietf.org>
Thread-Topic: [Privacy-pass] Detecting malicious registries/servers
Thread-Index: AQHWadtPDlQdKaELq0qF74YGGyZJ1qknMjOA//++Iq0=
Date: Mon, 03 Aug 2020 22:14:05 +0000
Message-ID: <a54fe9678b294cc49835ca642a098ba1@uwaterloo.ca>
References: <CAJoqpT+U9QAHqncX0Aj2yWRaNRBgqE4ZG4k7Yx7xHtevsQ8EVA@mail.gmail.com>, <CAHbrMsD9RtVS+zLscxvDJrynzDsuogEpdWqvBJRJVg2czkC+xg@mail.gmail.com>
In-Reply-To: <CAHbrMsD9RtVS+zLscxvDJrynzDsuogEpdWqvBJRJVg2czkC+xg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [184.167.121.104]
Content-Type: multipart/alternative; boundary="_000_a54fe9678b294cc49835ca642a098ba1uwaterlooca_"
MIME-Version: 1.0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 impostorscore=0 clxscore=1011 bulkscore=0 spamscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008030151
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/yep7RduWAuzXInEhanmRzl3PiTk>
Subject: Re: [Privacy-pass] Detecting malicious registries/servers
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 22:14:10 -0000

It seems there was a slight miscommunication with the point I was trying to make during the meeting, so I'll clarify.


I am strongly in favor of making the protocol as robust as possible, while being transparent about what risks cannot be mitigated in certain settings (such as servers building a lookup table).


Placing the burden on implementations to figure out how to ensure the primary use case of the protocol- unlinkability- is counterintuitive to me.




________________________________
From: Privacy-pass <privacy-pass-bounces@ietf.org> on behalf of Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Sent: Monday, August 3, 2020 9:59:59 AM
To: Chelsea Komlo
Cc: privacy-pass@ietf.org
Subject: Re: [Privacy-pass] Detecting malicious registries/servers

I found your and Richard's comment during the meeting particularly insightful on this point: we should clarify the assumptions Privacy Pass has to make about the intrinsic identifiability of client requests.  For example, if Privacy Pass necessarily assumes that the Client's connections to Verifiers are unlinkable, then perhaps we can simply declare that the Client's connections to Registries must be similarly unlinkable.

The mechanism for ensuring that unlinkability might be out of scope for us, but we would need to describe the requirements for it.

On Mon, Aug 3, 2020 at 5:16 PM Chelsea Komlo <chelsea.komlo@gmail.com<mailto:chelsea.komlo@gmail.com>> wrote:
Hi all,

One question that has been raised is how clients can detect registry or server misbehavior. One particular concern is the possibility that registries or servers can perform targeted attacks by publishing different keys to specific users without detection (resulting in a small anonymity set).

While client-side gossip protocols or use of anonymity networks give the client an option to detect such targeted attacks, these options are not necessarily generalizable.

However, I think if we introduce the assumption that *at least one* registry is acting honestly, then this problem may be easier to solve.

Registries just need to add an additional capability to query other registries on behalf of a client (if the client specifies this in their request). In doing so, they can act as a one-hop proxy for the client. If clients perform these requests periodically through a series of randomly-chosen registries, they should eventually be able to detect misbehavior, assuming one of the registries is acting honestly.

Chris Wood pointed out to me that the above approach may have false positives when a server rotates their key, so adding some kind of "suspected" and "failed state" with retries might help get around such edge cases.

Thanks,
Chelsea
--
Privacy-pass mailing list
Privacy-pass@ietf.org<mailto:Privacy-pass@ietf.org>
https://www.ietf.org/mailman/listinfo/privacy-pass

v2.23.0 | Report a Bug | By Email