Re: [Sip-security] RE: SIP authentication problem when using RES in Digest-AKA
Jari Arkko <jari.arkko@kolumbus.fi> Mon, 18 March 2002 21:03 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA20013 for <sip-security-archive@odin.ietf.org>; Mon, 18 Mar 2002 16:03:21 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id QAA06593 for sip-security-archive@odin.ietf.org; Mon, 18 Mar 2002 16:03:26 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA06549; Mon, 18 Mar 2002 16:02:01 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id QAA06509 for <sip-security@ns.ietf.org>; Mon, 18 Mar 2002 16:01:58 -0500 (EST)
Received: from p2.piuha.net (p2.piuha.net [131.160.192.2]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA19954 for <sip-security@ietf.org>; Mon, 18 Mar 2002 16:01:40 -0500 (EST)
Received: from kolumbus.fi (p4.piuha.net [131.160.192.4]) by p2.piuha.net (Postfix) with ESMTP id E17696A906; Mon, 18 Mar 2002 23:01:26 +0200 (EET)
Message-ID: <3C9655FC.6030500@kolumbus.fi>
Date: Mon, 18 Mar 2002 23:02:52 +0200
From: Jari Arkko <jari.arkko@kolumbus.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011014
X-Accept-Language: en-us
MIME-Version: 1.0
To: Greg Rose <ggr@qualcomm.com>
Cc: aki.niemi@nokia.com, James Undery <jundery@ubiquity.net>, John W Noerenberg II <jwn2@qualcomm.com>, sip-security@ietf.org, torvive <torvive@hotmail.com>, vesa.torvinen@ericsson.fi, Sanjoy Sen <sanjoy@nortelnetworks.com>
Subject: Re: [Sip-security] RE: SIP authentication problem when using RES in Digest-AKA
References: <4.3.1.2.20020318120008.01ac4fb8@127.0.0.1> <4.3.1.2.20020319073002.01ae0438@127.0.0.1>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
X-BeenThere: sip-security@ietf.org
Content-Transfer-Encoding: 7bit
Hi Greg and thanks for your response. Some further discussion below. >> What I understood James proposing is that *if* AKA is used for the >> authentication of an INVITE to the home after being used for >> authenticating >> a REGISTER, then AKA should be re-run. > > Yes, in theory that would be fine, but I did not get this from my > reading of draft-undery. It appears to me that it uses the same A1 that > was calculated during the processing of the register message, in the > subsequent step. This may be true, but draft-undery doesn't deal with AKA. Draft-niemi does. If you meant draft-niemi, then we should fix it (it shouldn't do that). > It helps but it doesn't completely solve the problem. Whatever the > process by which RES (old *or new*) is used to calculate the > authentication values, can be used by a man-in-the-middle: > 1. Mal gets the SIP message, and blocks its onward delivery. > 2. He quickly sets his lab of computers to the task of finding 32-bit RES. > 3. Before the reply timer expires, he can create any message he wants, > and authenticate it using that value of RES, even though it is only used > once. > > Note that even a 64-bit RES probably defeats this. Fair enough, I suspected that this might be the case. But a further question. Assuming a MD5(RES) is crackable and the MitM can send his own request, why isn't pure RES crackable in the same way? That is, if we send just the RES, the MitM can just pick the value and without any lab computers he can place the RES in a different request, and the server side can't detect anything. So, while I understand the attack, what does removing MD5 encapsulation give us? >> Also, I have proposed simply requiring 128 bit RES values to be used, >> that solves the problem but is there any reason why we couldn't require >> it? > > I had understood that there were compatibility issues with this, but > that is a question for operators to answer... I don't know. Anyway, I'd > be perfectly happy if that was done; all my objections would go away. Ok, let's try to figure this question out then. Jari _______________________________________________ Sip-security mailing list Sip-security@ietf.org https://www1.ietf.org/mailman/listinfo/sip-security
- [Sip-security] SIP authentication problem when us… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] [Sipping] RE: SIP authentication p… John W Noerenberg II
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Greg Rose
- [Sip-security] Re: [Sipping] SIP authentication p… Jari Arkko
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Niemi Aki (NET/Espoo)
- [Sip-security] Re: SIP authentication problem whe… Jari Arkko
- [Sip-security] Re: [Sipping] SIP authentication p… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… James Undery
- [Sip-security] Re: [Sipping] Re: SIP authenticati… Niemi Aki (NET/Espoo)
- [Sip-security] RE: SIP authentication problem whe… Sanjoy Sen
- [Sip-security] RE: SIP authentication problem whe… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… John W Noerenberg II
- Re: [Sip-security] RE: SIP authentication problem… Greg Rose
- Re: [Sip-security] RE: SIP authentication problem… Jari Arkko