IETF Logo Mail Archive

Re: [rtcweb] Security analysis of RTCWEB

Bernard Aboba <bernard_aboba@hotmail.com> Mon, 16 January 2012 16:51 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35FF721F85AD for <rtcweb@ietfa.amsl.com>; Mon, 16 Jan 2012 08:51:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.009
X-Spam-Level:
X-Spam-Status: No, score=-101.009 tagged_above=-999 required=5 tests=[AWL=-1.011, BAYES_50=0.001, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxngXHToDe2t for <rtcweb@ietfa.amsl.com>; Mon, 16 Jan 2012 08:51:41 -0800 (PST)
Received: from blu0-omc1-s14.blu0.hotmail.com (blu0-omc1-s14.blu0.hotmail.com [65.55.116.25]) by ietfa.amsl.com (Postfix) with ESMTP id 675C221F84E2 for <rtcweb@ietf.org>; Mon, 16 Jan 2012 08:51:41 -0800 (PST)
Received: from BLU152-W31 ([65.55.116.9]) by blu0-omc1-s14.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 16 Jan 2012 08:51:41 -0800
Message-ID: <BLU152-W31FF186875A96D3A7ABAF993830@phx.gbl>
Content-Type: multipart/alternative; boundary="_0536d2e4-a8eb-4434-8c6e-b7f11dfe3606_"
X-Originating-IP: [24.17.217.162]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: oscar.ohlsson@ericsson.com
Date: Mon, 16 Jan 2012 08:51:40 -0800
Importance: Normal
In-Reply-To: <A1B638D2082DEA4092A268AA8BEF294D193F92C293@ESESSCMS0360.eemea.ericsson.se>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com>, <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com>, <4AEFFC17-EF17-40F2-B83B-0B0CC44AD2C3@cisco.com>, <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com>, <4F0CAC8C.8010203@wonderhamster.org>, <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com>, <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com>, <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com>, <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com>, <4F0DFD0B.2000009@jesup.org>, <CABcZeBMnkO-hd3DtKNtxq5knUb=bd7ZEMNKVUX8WBLqLKkU14Q@mail.gmail.c om>, <4F0E125D.8000605@jesup.org>, <A1B638D2082DEA4092A268AA8BEF294D193F92BE22@ESESSCMS0360.eemea.ericsson.se>, <4F103D86.2040005@alvestrand.no>, <A1B638D2082DEA4092A268AA8BEF294D193F92C293@ESESSCMS0360.eemea.ericsson.se>
MIME-Version: 1.0
X-OriginalArrivalTime: 16 Jan 2012 16:51:41.0012 (UTC) FILETIME=[1ECD2140:01CCD46F]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Security analysis of RTCWEB
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jan 2012 16:51:42 -0000

This discussion illustrates some of the issues that arise in analyzing the security of SIP-based functionality re-purposed for RTCWEB.  If we assume that signaling is not implemented natively, then we cannot depend on functionality provided within signalling in our security analysis.   This implies that the security properties of ICE, DTLS/SRTP, etc. can be different in RTCWEB than they would be within SIP.   In contrast, the security properties of media-only approaches such as ZRTP are the same regardless of the signalling approach (e.g. SIP, Jingle, etc.).  

Within DTLS/SRTP as used in SIP, RFC 4474 is utilized to provide end-to-end integrity of the SDP and address the man-in-the-middle attack you refer to below.   In a scenario where an RTCWEB application needed to interoperate with a DTLS/SRTP implementation utilizing SIP, presumably RFC 4474 would be supported. 

However, if SIP is not implemented natively, then an alternative mechanism is needed.  As you point out below, the identity provider approach described in the security draft does not address all of the potential attacks that are handled by RFC 4474 (e.g. ICE mangling).  

> Sorry, yes it should be the other way around.
> 
> I agree that eavesdropping on a DTLS-SRTP call is harder and would require a greater (initial) coding effort. But the difference is not huge as some emails seem to suggest.
> 
> 1. Search for 'a=fingerprint:' in the offer/answer SDP string and replace what comes after with your own public key fingerprint (a single, statically configured public key would probably do if synching with the TURN server is hard)
> 
> 2. Force the media to go through the TURN server by deleting all ICE candidates except the relayed one (if deleting is not possible another option is to replace the candidates with bogus ones)
> 
> 3. Modify an existing TURN server implementation so that it decrypts and re-encrypts the DTLS traffic
> 
> Regards,
> 
> Oscar Ohlsson

v2.23.0 | Report a Bug | By Email