IETF Logo Mail Archive

[Sip-security] Re: [Sipping] SIP authentication problem when using RES in Digest-AKA

Jari Arkko <jarkko@piuha.net> Fri, 15 March 2002 06:17 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA13890 for <sip-security-archive@odin.ietf.org>; Fri, 15 Mar 2002 01:17:33 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id BAA19676 for sip-security-archive@odin.ietf.org; Fri, 15 Mar 2002 01:17:33 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA18473; Fri, 15 Mar 2002 01:15:31 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id BAA18357 for <sip-security@optimus.ietf.org>; Fri, 15 Mar 2002 01:15:19 -0500 (EST)
Received: from fep02-app.kolumbus.fi (fep02-0.kolumbus.fi [193.229.0.44]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA13867; Fri, 15 Mar 2002 01:15:16 -0500 (EST)
Received: from piuha.net ([62.248.153.197]) by fep02-app.kolumbus.fi with ESMTP id <20020315061516.SMKI12987.fep02-app.kolumbus.fi@piuha.net>; Fri, 15 Mar 2002 08:15:16 +0200
Message-ID: <3C9191C9.3000507@piuha.net>
Date: Fri, 15 Mar 2002 08:16:41 +0200
From: Jari Arkko <jarkko@piuha.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014
X-Accept-Language: en-us
MIME-Version: 1.0
To: John W Noerenberg II <jwn2@qualcomm.com>
CC: sipping@ietf.org, sip-security@ietf.org, Greg Rose <ggr@qualcomm.com>, aki.niemi@nokia.com, jari.arkko@ericsson.com, vesa.torvinen@ericsson.fi, James Undery <jundery@ubiquity.net>, Sanjoy Sen <sanjoy@nortelnetworks.com>
References: <B8B673A9.9436%gparsons@nortelnetworks.com> <a0510151db8b6de3d1fb1@[129.46.77.186]>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [Sip-security] Re: [Sipping] SIP authentication problem when using RES in Digest-AKA
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Content-Transfer-Encoding: 7bit

John, Greg,

Thanks for an interesting describing this interesting attack! I believe
while making draft-niemi the authors have been assuming that we do not
use the GSM compatibility mode (which I believe is the reason why the RES
could be only 32 bits). That is, when full AKA is used this isn't a problem.

So, we could either

(1) Require the full use of AKA
(2) Switch to using IK and not RES as input in the Digest process

Greg, is the IK free of similar limitations when GSM compatibility
is used?

Jari



_______________________________________________
Sip-security mailing list
Sip-security@ietf.org
https://www1.ietf.org/mailman/listinfo/sip-security

v2.23.0 | Report a Bug | By Email