[radext] Re: Selfie Attack on TLS-PSK

Fabian Mauchle <fabian.mauchle@switch.ch> Thu, 25 July 2024 08:12 UTC

Return-Path: <fabian.mauchle@switch.ch>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41B76C1CAF3B for <radext@ietfa.amsl.com>; Thu, 25 Jul 2024 01:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=switch.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYqsjktDg0-8 for <radext@ietfa.amsl.com>; Thu, 25 Jul 2024 01:12:11 -0700 (PDT)
Received: from mx3.switch.ch (mx3.switch.ch [85.235.88.34]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEB2AC1CAF4E for <radext@ietf.org>; Thu, 25 Jul 2024 01:12:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=switch.ch; l=1586; s=selector1; t=1721895131; h=message-id:date:mime-version:subject:to:references:from: in-reply-to:content-transfer-encoding; bh=1VPYbivftbyhUsa8rjLU4swmDETWWGhwKUi6Ov6X4tw=; b=TpYWPtI0aGNcp7BrEOIp5fdkszd5P0U7ENQtTKNvGUBAb6tty3SffvF0 3FsorGMGApWSHHyxmMIF7az8bjOtHTvSubuW2GjT9nMLj8xOYHvFMF6xJ ury2UhN3hM5YQ2lyPhm6sk1xLnY79WaiqSKIeyGISYkPdsSloKQ8CYIy0 zkXVcAfUwxHmkqJ2I7SZ4KAv0dLaqYVJlBFIb5wMOMJTj/OM6odZcc2La 5DN0At8u7CW2CILwc3/GTJLr+J7OkmUGW6otr/xO2PdExDCXRbPYYjFUx cG95el+YZeFEZejRzphaU3Rv3/ozGSnuadcEzdWpa7k3UXes4DQXkjUx7 g==;
X-IronPort-MAIL-FROM: fabian.mauchle@switch.ch
X-IronPort-AV: E=Sophos;i="6.09,235,1716242400"; d="scan'208";a="9063270"
Received: from unknown (HELO SWH-S02-EXC1.swd.switch.ch) ([172.16.60.11]) by mx3int.switch.ch with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jul 2024 10:12:07 +0200
Received: from [130.59.24.78] (172.16.60.33) by SWH-S02-EXC1.swd.switch.ch (172.16.60.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Thu, 25 Jul 2024 10:12:07 +0200
Message-ID: <bc613e27-46fc-4589-b194-9b256ad2556c@switch.ch>
Date: Thu, 25 Jul 2024 10:12:06 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: radext@ietf.org
References: <CAOW+2dsuMM7WGpOFHhg0Ts8mKA06q_LmRsPstzoHbods1V_Www@mail.gmail.com> <0B437C3C-5D0E-4E2C-B894-972A0A23A380@gmail.com>
Content-Language: en-US, de-CH
From: Fabian Mauchle <fabian.mauchle@switch.ch>
In-Reply-To: <0B437C3C-5D0E-4E2C-B894-972A0A23A380@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [172.16.60.33]
X-ClientProxiedBy: SWH-S05-EXC3.swd.switch.ch (172.16.60.14) To SWH-S02-EXC1.swd.switch.ch (172.16.60.11)
Message-ID-Hash: 6PX3422MD2DNUMTKFHTGNB4X543I3QU3
X-Message-ID-Hash: 6PX3422MD2DNUMTKFHTGNB4X543I3QU3
X-MailFrom: fabian.mauchle@switch.ch
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [radext] Re: Selfie Attack on TLS-PSK
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/09jx4pqjC1pGo47ozyj7KlWwpc4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>


On 25.07.2024 03:47, Margaret Cullen wrote:
> Another (D)TLS security factor concerns _when_ RADIUS packets containing 
> privacy-sensitive or security-sensitive data are sent over the (D)TLS 
> session.  We need to make sure that the mechanisms we are using will not 
> transmit the initial RADIUS packet contents until an encrypted session 
> has been established with a properly authenticated and authorized peer.

I think that is part of radiusdtls-bis, and it already says so (section 
3.2 and 4.1).

> I am currently trying to learn enough about DTLS to understand whether 
> that is guaranteed by the DTLS protocol, or if the RADIUS server needs 
> to do something to make sure that happens.
> 
> I would welcome help understanding how this works  from people with good 
> DTLS knowledge and experience…

 From my own implementation, in that regard DTLS is no different than 
TLS. You first open the underlying socket, where for DTLS you just bind 
the UDP socket to the address and port, and then tell your TLS library 
to start a TLS session on that socket.

After that, (for (D)TLS connections you simple never write() or send() 
on the socket itself, but only use the TLS library's write method. The 
TLS library will then handle actually sending and receiving packets and 
make sure the security properties are enforced.

I'm sure there are other ways, but that's how its done in radsecproxy.

-- 
Fabian Mauchle
Network
NOC:    +41 44 268 15 30
Direct: +41 44 268 15 39

Switch
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland