IETF Logo Mail Archive

Re: [stir] DKIM-like key mgmt approach - MITM

Hadriel Kaplan <hadriel.kaplan@oracle.com> Wed, 12 June 2013 16:57 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 331DF21F9A08 for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 09:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.579
X-Spam-Level:
X-Spam-Status: No, score=-6.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEuXPsk+oOz4 for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 09:57:01 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id B728321F96FE for <stir@ietf.org>; Wed, 12 Jun 2013 09:57:01 -0700 (PDT)
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5CGuk4I004445 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 12 Jun 2013 16:56:48 GMT
Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5CGujYY029051 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 12 Jun 2013 16:56:46 GMT
Received: from abhmt102.oracle.com (abhmt102.oracle.com [141.146.116.54]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5CGuiCk023881; Wed, 12 Jun 2013 16:56:45 GMT
Received: from [10.1.21.23] (/10.5.21.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 12 Jun 2013 09:56:44 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <51B84A0D.1000702@cs.tcd.ie>
Date: Wed, 12 Jun 2013 12:56:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B763E54-DE72-4855-A6AB-18E9A4DAC54F@oracle.com>
References: <9CC39DA7-8610-4284-B51E-5FA7E2A59C0F@neustar.biz> <51B225E9.8050206@bbiw.net> <200A4AFC-8397-4AF8-806B-4B5FC2CB6313@neustar.biz> <51B2283A.6070207@bbiw.net> <025FF36A-457A-4106-936C-7BDFC5ECA167@neustar.biz> <51B22C29.8010502@dcrocker.net> <A2C525DE-C215-41ED-B260-654B3E11C3DD@neustar.biz> <51B231CE.7010908@dcrocker.net> <51B63552.3020607@cs.tcd.ie> <07DEB0E9-FB4B-4582-AE62-3673E52B6313@neustar.biz> <51B63E06.9040705@dcrocker.net> <9E8E21BE-2AD8-4239-8547-5BE543982CBD@neustar.biz> <00C069FD01E0324C9FFCADF539701DB3A03DB413@ex2k10mb2.corp.yaanatech.com> <208038CE-DD6B-4670-92CC-D91CFD770C52@cs.columbia.edu> <51B84A0D.1000702@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
Cc: stir@ietf.org, Michael Hammer <michael.hammer@yaanatech.com>, Henning Schulzrinne <hgs@cs.columbia.edu>
Subject: Re: [stir] DKIM-like key mgmt approach - MITM
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 16:57:07 -0000

On Jun 12, 2013, at 6:14 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> One concern I have though is whether or not it'd be ok to leave
> open potential spoof calls launched from e.g. a zombied home router
> to a callee on the home network. If the final model had exactly
> the same security properties as DKIM, then that would be an issue.
> If the final model were based on Brian's 5280-based ideas that
> threat would probably not be an issue. Or there may be ways to
> look up a signer public key over a TLS channel that'd work too.

I understand what a "zombied home router" is and what a "callee on the home network" is, but I don't understand the case you're talking about.  Can you describe the scenario for how the attack would work/behave?

One type of attack that we might have to worry about, that might be called a MITM attack because the attacker becomes a type of MITM during the attack: a malicious callee receiving a call and using the received signature to initiate an outbound call during the short time the signature is valid, spoofing the original caller.  

This is described in:
http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack-00

Basically it boils down to us needing to distinguish legitimate call-forwarding from malicious call-forwarding.  Unfortunately none of the possible solutions for it are very palatable, imho.

-hadriel

v2.23.0 | Report a Bug | By Email