[Sip-security] Re: [Sipping] SIP authentication problem when using RES in Digest-AKA
Greg Rose <ggr@qualcomm.com> Fri, 15 March 2002 07:41 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA22877 for <sip-security-archive@odin.ietf.org>; Fri, 15 Mar 2002 02:41:57 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id CAA24390 for sip-security-archive@odin.ietf.org; Fri, 15 Mar 2002 02:41:58 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id CAA24228; Fri, 15 Mar 2002 02:40:51 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id CAA24183 for <sip-security@optimus.ietf.org>; Fri, 15 Mar 2002 02:40:48 -0500 (EST)
Received: from warlock.qualcomm.com (warlock.qualcomm.com [129.46.64.204]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA22849; Fri, 15 Mar 2002 02:40:46 -0500 (EST)
Received: from avalon.qualcomm.com (avalon.qualcomm.com [203.30.171.11]) by warlock.qualcomm.com (8.12.1/8.9.3/8.9) with ESMTP id g2F7dwJL019326; Thu, 14 Mar 2002 23:39:59 -0800 (PST)
Received: from NAVAJO.qualcomm.com by avalon.qualcomm.com (8.8.8+Sun/SMI-SVR4) id SAA00065; Fri, 15 Mar 2002 18:39:12 +1100 (EST)
Message-Id: <4.3.1.2.20020315183342.02454340@127.0.0.1>
X-Sender: ggr2@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Fri, 15 Mar 2002 18:38:30 +1100
To: Jari Arkko <jarkko@piuha.net>
From: Greg Rose <ggr@qualcomm.com>
Cc: John W Noerenberg II <jwn2@qualcomm.com>, sipping@ietf.org, sip-security@ietf.org, Greg Rose <ggr@qualcomm.com>, aki.niemi@nokia.com, jari.arkko@ericsson.com, vesa.torvinen@ericsson.fi, James Undery <jundery@ubiquity.net>, Sanjoy Sen <sanjoy@nortelnetworks.com>
In-Reply-To: <3C9191C9.3000507@piuha.net>
References: <B8B673A9.9436%gparsons@nortelnetworks.com> <a0510151db8b6de3d1fb1@[129.46.77.186]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: [Sip-security] Re: [Sipping] SIP authentication problem when using RES in Digest-AKA
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
At 08:16 AM 3/15/2002 +0200, Jari Arkko wrote: >Thanks for an interesting describing this interesting attack! I believe >while making draft-niemi the authors have been assuming that we do not >use the GSM compatibility mode (which I believe is the reason why the RES >could be only 32 bits). That is, when full AKA is used this isn't a problem. Regrettably, this is not correct. RES could be as little as 32 bits *even in full AKA*. >So, we could either > >(1) Require the full use of AKA >(2) Switch to using IK and not RES as input in the Digest process IK is the obvious (to me) candidate. >Greg, is the IK free of similar limitations when GSM compatibility >is used? If I understand your question correctly -- yes. IK is always 128 bits coming out of the USIM, even if it is subsequently "dumbed down" for GSM compatibility (which should never happen in anything capable of packet data and IMS). When a *GSM SIM* is used, you will only get out a 64-bit K_c, but even that is a lot better than a 32-bit RES. regards, Greg. Greg Rose INTERNET: ggr@qualcomm.com Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/ Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] SIP authentication problem when us… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] [Sipping] RE: SIP authentication p… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… James Undery
- [Sip-security] Re: [Sipping] Re: SIP authenticati… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… John W Noerenberg II
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko