Re: [secdir] [Fwd: SECDIR review of draft-ietf-avt-rtp-mps-02.txt]
"Dan Harkins" <dharkins@lounge.org> Wed, 10 June 2009 15:19 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 475073A6C77; Wed, 10 Jun 2009 08:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxlqvMdInVvx; Wed, 10 Jun 2009 08:19:06 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id 3FC383A6B5B; Wed, 10 Jun 2009 08:19:06 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id AAE82A888108; Wed, 10 Jun 2009 08:19:12 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 10 Jun 2009 08:19:12 -0700 (PDT)
Message-ID: <f57b58c6b8579947fb022b0f2fb728e0.squirrel@www.trepanning.net>
In-Reply-To: <19FE62CE8D62CF4B96C845DC556B88132FB6C98CA9@NLCLUEXM01.connect1.local>
References: <7d80ec7de2f05820800f98692962ab00.squirrel@www.trepanning.net> <19FE62CE8D62CF4B96C845DC556B88132FB6C98CA9@NLCLUEXM01.connect1.local>
Date: Wed, 10 Jun 2009 08:19:12 -0700
From: Dan Harkins <dharkins@lounge.org>
To: "Bont, Frans de" <frans.de.bont@philips.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: Cullen Jennings <fluffy@cisco.com>, "Schmidt , Malte" <malte.schmidt@dolby.com>, "secdir@ietf.org" <secdir@ietf.org>, Stefan Döhla <stefan.doehla@iis.fraunhofer.de>, Ralph Sperschneider <ralph.sperschneider@iis.fraunhofer.de>, "iesg@ietf.org" <iesg@ietf.org>, "avt-chairs@ietf.org" <avt-chairs@ietf.org>
Subject: Re: [secdir] [Fwd: SECDIR review of draft-ietf-avt-rtp-mps-02.txt]
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2009 15:19:07 -0000
Hi Frans, RFC 3640 only considers one security issue associated with gracefully disregarding unknown content. It's correct to mention that this capability can be used to compromise or crash a receiver but there's another security consideration that I think deserve mention. Something along the lines of: An attacker can exploit the requirement that a decoder skip over unknown extensions to create a covert channel and transmit unauthorized data. So even if you properly address the issue of potentially crashing there is still another security issue to consider. Given the nature of audio/video equipment it might be remote but to this naive reader it deserved mention. It's like a hitch-hiker. One must take into account that a hitch-hiker might kill you but even if you properly address that threat you still have consider the fact that you might need to explain to law enforcement that those drugs/firearms/etc in the dufflebag in your car aren't really yours. regards, Dan. On Wed, June 10, 2009 12:51 am, Bont, Frans de wrote: > Hi Dan, > > Thanks for your review, we will update the draft accordingly. > > With respect to your 'covert channel' comment we want to make > the following remark. > > RFC 3640 says: >> However, it is possible to inject non-compliant MPEG streams (Audio, >> Video, and Systems) so that the receiver/decoder's buffers are >> overloaded, which might compromise the functionality of the receiver >> or even crash it. > > This is a general remark that hold for all audio/video formats, this > is not different for the format described in this draft. > > The mentioned 'covert channel', in ISO/IEC 14496-3 (MPEG-4 Audio) > implemented by means of the extension_payload(), is defined as a > backward compatible mechanism for transport of extension data inside AAC > payloads. Streams using this mechanism are fully compliant MPEG-4 Audio > streams and code points, the extension identifiers in ISO/IEC 14496-3, > that are not supported by a decoder are gracefully skipped. > > Best regards, > Frans > > >> -----Original Message----- >> From: Dan Harkins [mailto:dharkins@lounge.org] >> Sent: 2009 Jun 09 1:29 AM >> To: avt-chairs@ietf.org; Bont, Frans de >> Subject: [Fwd: [secdir] SECDIR review of draft-ietf-avt-rtp-mps-02.txt] >> >> >> Hi, >> >> I fat-fingered your addresses in the following-- chars and phillips. >> Sorry about that. >> >> Dan. >> >> ---------------------------- Original Message ------------------------- >> --- >> Subject: [secdir] SECDIR review of draft-ietf-avt-rtp-mps-02.txt >> From: "Dan Harkins" <dharkins@lounge.org> >> Date: Mon, June 8, 2009 4:22 pm >> To: iesg@ietf.org >> secdir@ietf.org >> avt-chars@tools.ietf.org >> fluffy@cisco.com >> Cc: frans.de.bont@phillips.com >> "malte.schmidt@dolby.com" >> <ralph.sperschneider@iis.fraunhofer.de> >> stefan.doehla@iis.fraunhofer.de >> ----------------------------------------------------------------------- >> --- >> >> >> Hi, >> >> I have reviewed this document as part of the Security Directorate's >> ongoing effort to review all IETF documents being processed by the >> IESG. These comments were written primarily for the benefit of the >> Security Area directors. Document editors and WG chairs should >> treat these comments just like any other last call comments. >> >> This document extends the RTP payload format to transport MPEG >> Surround multi-channel audio. >> >> By extending the RTP payload format, this document states that it >> is "subject to the security considerations of the RTP specification" >> itself. It also informatively cuts-and-pastes from the security >> considerations of RFC 3640. I see no problem with that. >> >> While it's not an issue that needs addressing in this draft, it >> seems to me that this draft takes advantage of a covert channel >> in an ISO Standard on the coding of audo-visual objects-- "skip >> unknown extension data" in a stream. RFC 3640 discusses the >> possibility of crashing a system using this bug^H^H^Hfeature but >> does not mention the covert channel possibilities. It would be nice >> to mention that in a successor to RFC 3640 if there ever is one. >> >> Minor issues: >> >> - missing reference to SDP, RFC 2327 >> - please spell out "Advanced Audio Coding" before using the >> acronym AAC (assuming that's what it meant). >> - the term "High Efficiency AAC" is used after the acronym HE-AAC. >> Please reverse that. >> >> regards, >> >> Dan. >> >> >> >> _______________________________________________ >> secdir mailing list >> secdir@ietf.org >> https://www.ietf.org/mailman/listinfo/secdir >> > > > The information contained in this message may be confidential and legally > protected under applicable law. The message is intended solely for the > addressee(s). If you are not the intended recipient, you are hereby > notified that any use, forwarding, dissemination, or reproduction of this > message is strictly prohibited and may be unlawful. If you are not the > intended recipient, please contact the sender by return e-mail and destroy > all copies of the original message. >
- [secdir] SECDIR review of draft-ietf-avt-rtp-mps-… Dan Harkins
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Bont, Frans de
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Dan Harkins
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Stefan Döhla
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Dan Harkins