[Sip-security] RE: [Sipping] SIP authentication problem when using RES in Digest -AKA
"Vesa Torvinen (LMF)" <Vesa.Torvinen@lmf.ericsson.se> Fri, 15 March 2002 08:33 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23542 for <sip-security-archive@odin.ietf.org>; Fri, 15 Mar 2002 03:33:19 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id DAA27642 for sip-security-archive@odin.ietf.org; Fri, 15 Mar 2002 03:33:20 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id DAA27080; Fri, 15 Mar 2002 03:29:48 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id DAA27047 for <sip-security@optimus.ietf.org>; Fri, 15 Mar 2002 03:29:46 -0500 (EST)
Received: from penguin-ext.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.34]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23485 for <sip-security@ietf.org>; Fri, 15 Mar 2002 03:29:28 -0500 (EST)
Received: from esealnt462.al.sw.ericsson.se (ESEALNT462.al.sw.ericsson.se [153.88.251.62]) by penguin.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with SMTP id g2F8TPR29554 for <sip-security@ietf.org>; Fri, 15 Mar 2002 09:29:25 +0100 (MET)
Received: FROM esealnt742.al.sw.ericsson.se BY esealnt462.al.sw.ericsson.se ; Fri Mar 15 09:29:23 2002 +0100
Received: by esealnt742.al.sw.ericsson.se with Internet Mail Service (5.5.2653.19) id <F4G2YFNS>; Fri, 15 Mar 2002 09:19:27 +0100
Message-ID: <29F33B0CF787D51195FC0002A56B3DC10101B75E@efijont103>
From: "Vesa Torvinen (LMF)" <Vesa.Torvinen@lmf.ericsson.se>
To: 'Greg Rose' <ggr@qualcomm.com>, Jari Arkko <jarkko@piuha.net>
Cc: John W Noerenberg II <jwn2@qualcomm.com>, sipping@ietf.org, sip-security@ietf.org, aki.niemi@nokia.com, jari.arkko@ericsson.com, James Undery <jundery@ubiquity.net>, Sanjoy Sen <sanjoy@nortelnetworks.com>
Date: Fri, 15 Mar 2002 09:28:53 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Subject: [Sip-security] RE: [Sipping] SIP authentication problem when using RES in Digest -AKA
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
> At 08:16 AM 3/15/2002 +0200, Jari Arkko wrote: > >Thanks for an interesting describing this interesting > attack! I believe > >while making draft-niemi the authors have been assuming that > we do not > >use the GSM compatibility mode (which I believe is the > reason why the RES > >could be only 32 bits). That is, when full AKA is used this > isn't a problem. > > Regrettably, this is not correct. RES could be as little as > 32 bits *even > in full AKA*. If this is the case, I suppose that RES could still be used as 'keying material' for Digest. There must be some schemes in which a 'short user password' is made longer or more secure. > >So, we could either > > > >(1) Require the full use of AKA > >(2) Switch to using IK and not RES as input in the Digest process > > IK is the obvious (to me) candidate. IK is not very good candidate if you don't want to change the existing security architecture in 3GPP IP multimedia system (IMS). IK is currently used for integrity protection between the UE and the visited network, and if the same key is also used for authentication to the home network, the visited network will be able to register any user it wants. Currently, IK is available to the visited network before the UE has even received the challenge. So, the visited network could just 'order' authentication keys from any home network, and initiate registrations and calls for any user. If we would go for IK, we must re-design the IMS security architecture. > >Greg, is the IK free of similar limitations when GSM compatibility > >is used? > > If I understand your question correctly -- yes. IK is always 128 bits > coming out of the USIM, even if it is subsequently "dumbed > down" for GSM > compatibility (which should never happen in anything capable > of packet data > and IMS). When a *GSM SIM* is used, you will only get out a > 64-bit K_c, but > even that is a lot better than a 32-bit RES. > > regards, > Greg. > > Greg Rose INTERNET: > ggr@qualcomm.com > Qualcomm Australia VOICE: +61-2-9817 4188 FAX: > +61-2-9817 5199 > Level 3, 230 Victoria Road, > http://people.qualcomm.com/ggr/ > Gladesville NSW 2111 232B > EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C > _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] RE: [Sipping] SIP authentication p… Vesa Torvinen (LMF)