Re: [rtcweb] consent freshness [was RE: STUN for keep-alive]

Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 20 September 2011 08:15 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A86F521F8B56 for <rtcweb@ietfa.amsl.com>; Tue, 20 Sep 2011 01:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.514
X-Spam-Level:
X-Spam-Status: No, score=-106.514 tagged_above=-999 required=5 tests=[AWL=0.085, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ckr5GEjyz727 for <rtcweb@ietfa.amsl.com>; Tue, 20 Sep 2011 01:15:38 -0700 (PDT)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by ietfa.amsl.com (Postfix) with ESMTP id CE22221F8B51 for <rtcweb@ietf.org>; Tue, 20 Sep 2011 01:15:37 -0700 (PDT)
X-AuditID: c1b4fb3d-b7c47ae000000b17-a9-4e784c3af233
Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Mail Security) with SMTP id 8B.35.02839.A3C487E4; Tue, 20 Sep 2011 10:18:02 +0200 (CEST)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0191.eemea.ericsson.se (153.88.115.85) with Microsoft SMTP Server id 8.3.137.0; Tue, 20 Sep 2011 10:18:01 +0200
Message-ID: <4E784C38.2010909@ericsson.com>
Date: Tue, 20 Sep 2011 10:18:00 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
References: <7F2072F1E0DE894DA4B517B93C6A05852233EDB21D@ESESSCMS0356.eemea.ericsson.se><7F2072F1E0DE894DA4B517B93C6A05852233EDB264@ESESSCMS0356.eemea.ericsson.se><1D062974A4845E4D8A343C653804920206648CEB@XMB-BGL-414.cisco.com><7F2072F1E0DE894DA4B517B93C6A05852233EDB2F0@ESESSCMS0356.eemea.ericsson.se><1D062974A4845E4D8A343C653804920206648D0F@XMB-BGL-414.cisco.com><7F2072F1E0DE894DA4B517B93C6A05852233EDB3E5@ESESSCMS0356.eemea.ericsson.se><4E70D2E6.1000809@alvestrand.no><CABcZeBORi5NLSsztnMfkwL43p9oKG9mi6e1WWOaiafAO_DpTVg@mail.gmail.com><7F2072F1E0DE894DA4B517B93C6A05852233D45FA3@ESESSCMS0356.eemea.ericsson.se><CABcZeBO9hUSYZhLrcfbaK9HLGXq-q1EvqWOy6-gAN5xom6Z2-A@mail.gmail.com><092401cc749b$8fd64940$af82dbc0$@com><CABcZeBPgRD6kb2gg=m9NckSa1wrzwzJS6527nYqFG34b0cjfgQ@mail.gmail.com><4E765E4A.3050801@alvestrand.no><0ced01cc76de$28731630$79594290$@com> <4E77613B.4020805@ericsson.com> <1D062974A4845E4D8A343C6538049202066497EF@XMB-BGL-414.cisco.com>
In-Reply-To: <1D062974A4845E4D8A343C6538049202066497EF@XMB-BGL-414.cisco.com>
X-Enigmail-Version: 1.3.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: AAAAAA==
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] consent freshness [was RE: STUN for keep-alive]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2011 08:15:38 -0000

On 2011-09-19 18:41, Muthu Arul Mozhi Perumal (mperumal) wrote:
> Another aspect to consider: As per RFC 3550, the bare minimal valid
> RTCP packet is a compound RTCP packet containing: - An RR packet with
> the reception report count set to 0 (RC=0) and - An SDES packet with
> CNAME
> 
> Such a packet would look like this:
> 
> 0                   1                   2                   3 0 1 2 3
> 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
> header |V=2|P|    RC=0 |   PT=RR=201   |             length
> | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> SSRC of packet sender                     | 
> +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
> header |V=2|P|   SC=1  |  PT=SDES=202  |             length
> | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 
> chunk  |                     SSRC of packet sender
> | 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> CNAME=1    |     length    |user & domain padded to 32-bit | 
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> 
> I've seen endpoints sending/accepting such a packet as an indication
> for session liveliness. However, there is no entropy at all in this
> packet. Suppose an attacker manages to bring the receiver down and
> captures such a RTCP packet. The attacker can keep replaying it (from
> the spoofed source transport address) to make the sender believe that
> the receiver is still alive and muted.

well, the reasonable assumption if you are using this for consent
freshness is to verify that your flow is reported on in a reasonable
way. That do provide some entropy in sequence number and Last SR field
in the report block as I wrote in my other email.

> 
> Perhaps, RTCWeb apps should try to negotiate an RTCP extension
> carrying a monotonically increasing number that must be part of every
> RTCP report together with SRTCP, for replay attack protection.

That is a possibility, but I think one can start by ensuring that one
actually check for ones own traffic being reported back. That gives you
some entropy. Which is a slightly longer context gives you good
verification that you are not contining sending into a location where
there receiver you intended to have sent to moves away.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------