[stir] STIR/SHAKEN Privacy Concerns
Josh Brown <josh9051@gmail.com> Thu, 30 November 2023 19:50 UTC
Return-Path: <josh9051@gmail.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 103FAC14F75F for <stir@ietfa.amsl.com>; Thu, 30 Nov 2023 11:50:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.858
X-Spam-Level:
X-Spam-Status: No, score=-1.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ep3CKzvbYePH for <stir@ietfa.amsl.com>; Thu, 30 Nov 2023 11:50:30 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A32B5C14F73E for <stir@ietf.org>; Thu, 30 Nov 2023 11:50:30 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id af79cd13be357-77d645c0e06so67084585a.3 for <stir@ietf.org>; Thu, 30 Nov 2023 11:50:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701373829; x=1701978629; darn=ietf.org; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:from:to:cc:subject:date:message-id:reply-to; bh=jVKDSL6oD4Aor0lu2JdAl6qHN1IEcKfvsw58pMIzwxU=; b=TkL2dVM64TqCYpejYhpNpPtEUirSNobr45wm0DIXHGjuPICK2FKJcDLAjz2LZToAt/ AsVWf+sLxFqSH0SZRWjgqHoB6pz8HO6NpZcwsQHOWnItktBocfh1c/pZLaoUD7GToKuW 7h2w9Wy84UaYzLjYa3bKIgelOLEtvZEQigYnNJRV3x20PsxyN7fG32w4VCyuI5s7GkJ3 tRAPASz7BDt9JtqKMIh7OnXO/4QiZMlK4VB30Tg3UB7wOwkb+Zk5xE5mW0fOmCgwRU2/ ctmxcRtombJ3gdtWCpK3WS/NBLip1yDfM7Xt17ORbm0Pw1VVz0c08JRsqFCb88Y+5guJ NjxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701373829; x=1701978629; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jVKDSL6oD4Aor0lu2JdAl6qHN1IEcKfvsw58pMIzwxU=; b=UInmRbeXolOjzPS+ISueO4zQWmAT8DPYsH8l54qJ3G4alzAbvY7MeltnC9ujvfvE8L 1B4xzmEllkvHH0VasCVaGpLNRWOfj6CNFkCLqTfWeUMztMOnXhx/6JPA1h/0yRYoq9rg /JFNN1rTSTUDt4JG1f2jeicjyYlosTBgvrUktTwvPOYtLKfXQErGI4lQnm3LgBCLWFkf bRD5/sSCIpfg3pg7ZE9BVHKi7K+zpbHvcegcLU2HiGjswrTvDKNcWrtT1AlHsDEBw4Wa ZD8r3G7piD0wWMSp6GGTYy4WfwkALceO+TMATFjeVdR8xXrvC/PdPANBVWQD+RQBoOM3 bKIQ==
X-Gm-Message-State: AOJu0YxsVbnBasNrtf/4cp/kjxdJg851yqrg74F/qNNvcgM2Jqkdt9yQ Qi+Eq7FM8T89u8CK1PaNBpJzbreeEQ==
X-Google-Smtp-Source: AGHT+IHYw0UVwEThkuZSt5wyJDlAUzRE3F1vVUWHmpYd9acN6s0vLPR+DjF4Pm6iD4EoIekHIr8M1g==
X-Received: by 2002:a05:620a:802:b0:77d:9aa8:80f0 with SMTP id s2-20020a05620a080200b0077d9aa880f0mr18397119qks.70.1701373828941; Thu, 30 Nov 2023 11:50:28 -0800 (PST)
Received: from smtpclient.apple (pool-108-6-220-132.nycmny.fios.verizon.net. [108.6.220.132]) by smtp.gmail.com with ESMTPSA id tq20-20020a05620a3d1400b0077a02b8b504sm774343qkn.52.2023.11.30.11.50.28 for <stir@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Nov 2023 11:50:28 -0800 (PST)
From: Josh Brown <josh9051@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\))
Message-Id: <57C3B58B-8ACD-4709-8D35-B48FF9462BD1@gmail.com>
Date: Thu, 30 Nov 2023 14:50:16 -0500
To: stir@ietf.org
X-Mailer: Apple Mail (2.3731.600.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/CHvKb9vCTRGYvYKoX-5EPvW8U3s>
Subject: [stir] STIR/SHAKEN Privacy Concerns
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2023 19:50:31 -0000
Hello All, My name is Josh Brown. I am a student at the University of Michigan, working with Paul Grubbs. We are currently researching the STIR/SHAKEN protocol and privacy questions raised by its mandate in the United States. We have identified a few core privacy concerns both with the cryptography and within real world implementations. I am reaching out to the working group to ask if these concerns have been considered and whether there are any plans to rectify these issues. Of course, if we have made a mistake in our understanding of the protocol, we would be interested in improving our understanding as well. Our first concern lies with non-repudiability in the STIR/SHAKEN protocol. In the absence of STIR/SHAKEN, there exists no cryptographic mechanism to definitively prove the occurrence of a call - only someone observing the call as it happens knows it took place. However, with the implementation of STIR/SHAKEN, originating providers sign call metadata during the creation of the PASSporT. This means that a party possessing the signature can now convince anyone a call took place - or, more precisely, convince anyone that the originating provider said the call took place. (For context, a similar non-repudiability property of DKIM signatures for emails is now regarded by many researchers as a serious design flaw.) Our second concern is with the wide popularity of third-party authentication and verification services. Numerous companies offer these products as a service. Originating providers use the third party authentication service to generate signatures for their call metadata. Terminating providers use the third party verification service to verify said signatures and other information pertaining to the call metadata. Put simply, when using STIR/SHAKEN these third parties have complete access to all call metadata. This is concerning because call metadata is often very sensitive and the working group even has proposals to expand the amount of metadata included. Our third concern is in the Out-of-Band SHAKEN protocol, which is used for legacy providers that use pre-digital telephony infrastructure. Out-of-Band SHAKEN requires the use of a third party that stores metadata about calls in pre-digital telephone networks. This third party has access, again, to all call metadata. We are interested in any and all comments. Please feel free to reply with any questions, clarifications, or corrections. Best, Josh
- [stir] STIR/SHAKEN Privacy Concerns Josh Brown
- Re: [stir] STIR/SHAKEN Privacy Concerns Peterson, Jon
- Re: [stir] STIR/SHAKEN Privacy Concerns Alec Fenichel
- Re: [stir] STIR/SHAKEN Privacy Concerns Richard Shockey
- Re: [stir] STIR/SHAKEN Privacy Concerns Richard Shockey
- Re: [stir] STIR/SHAKEN Privacy Concerns Josh Brown