Re: [Sip-security] RE: SIP authentication problem when using RES in Digest-AKA
Greg Rose <ggr@qualcomm.com> Mon, 18 March 2002 20:44 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA19478 for <sip-security-archive@odin.ietf.org>; Mon, 18 Mar 2002 15:44:45 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id PAA05172 for sip-security-archive@odin.ietf.org; Mon, 18 Mar 2002 15:44:49 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA05054; Mon, 18 Mar 2002 15:43:29 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id PAA05021 for <sip-security@ns.ietf.org>; Mon, 18 Mar 2002 15:43:26 -0500 (EST)
Received: from warlock.qualcomm.com (warlock.qualcomm.com [129.46.64.204]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA19447 for <sip-security@ietf.org>; Mon, 18 Mar 2002 15:43:21 -0500 (EST)
Received: from avalon.qualcomm.com (avalon.qualcomm.com [203.30.171.11]) by warlock.qualcomm.com (8.12.1/8.9.3/8.9) with ESMTP id g2IKgqJL028338; Mon, 18 Mar 2002 12:42:53 -0800 (PST)
Received: from NAVAJO.qualcomm.com by avalon.qualcomm.com (8.8.8+Sun/SMI-SVR4) id HAA05530; Tue, 19 Mar 2002 07:42:13 +1100 (EST)
Message-Id: <4.3.1.2.20020319073002.01ae0438@127.0.0.1>
X-Sender: ggr2@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Version 4.3.1
Date: Tue, 19 Mar 2002 07:41:00 +1100
To: jari.arkko@piuha.net
From: Greg Rose <ggr@qualcomm.com>
Subject: Re: [Sip-security] RE: SIP authentication problem when using RES in Digest-AKA
Cc: Greg Rose <ggr@qualcomm.com>, James Undery <jundery@ubiquity.net>, John W Noerenberg II <jwn2@qualcomm.com>, sip-security@ietf.org, aki.niemi@nokia.com, jari.arkko@ericsson.com, vesa.torvinen@ericsson.fi, Sanjoy Sen <sanjoy@nortelnetworks.com>
In-Reply-To: <3C960ACB.9040907@piuha.net>
References: <4.3.1.2.20020318120008.01ac4fb8@127.0.0.1>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Thanks for your questions. At 05:42 PM 3/18/2002 +0200, Jari Arkko wrote: >Greg Rose wrote in response to James Undery: > > >>>The RES 'secret' is surely going to be recalculated each time the >>>session entropy (i.e. nonce) changes. Thus I'd modify step 4 and add >>>pre7 >>This is definitely not in line with the intent of AKA, or the existing >>architecture. > > >What I understood James proposing is that *if* AKA is used for the >authentication of an INVITE to the home after being used for authenticating >a REGISTER, then AKA should be re-run. Yes, in theory that would be fine, but I did not get this from my reading of draft-undery. It appears to me that it uses the same A1 that was calculated during the processing of the register message, in the subsequent step. >In the above, do you mean the 3GPP architecture in 'the existing >architecture'? > From what I understand the 3GPP architecture only intends to authenticate > REGISTERs >with AKA. Therefore, if draft-niemi allows anything to happen after the >first authentication, it is beyond the 3GPP architecture. Yes, true. > If plugging a >security hole requires that we never allow AKA authentication to be reused >and always need a new full AKA run, I would say that's fine. Greg, does >preventing reuse of the same RES help to block the security problem? It helps but it doesn't completely solve the problem. Whatever the process by which RES (old *or new*) is used to calculate the authentication values, can be used by a man-in-the-middle: 1. Mal gets the SIP message, and blocks its onward delivery. 2. He quickly sets his lab of computers to the task of finding 32-bit RES. 3. Before the reply timer expires, he can create any message he wants, and authenticate it using that value of RES, even though it is only used once. Note that even a 64-bit RES probably defeats this. Note also that air-interface ciphering also stops it working, if Mal is on the air interface... but he might not be. >Also, I have proposed simply requiring 128 bit RES values to be used, >that solves the problem but is there any reason why we couldn't require >it? I had understood that there were compatibility issues with this, but that is a question for operators to answer... I don't know. Anyway, I'd be perfectly happy if that was done; all my objections would go away. Thanks, Greg. Greg Rose INTERNET: ggr@qualcomm.com Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/ Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] SIP authentication problem when us… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] [Sipping] RE: SIP authentication p… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… James Undery
- [Sip-security] Re: [Sipping] Re: SIP authenticati… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… John W Noerenberg II
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko