IETF Logo Mail Archive

[stir] Potential security vulnerability in STIR/DIV

Jack Rickard <Jack.Rickard@metaswitch.com> Wed, 22 July 2020 16:47 UTC

Return-Path: <Jack.Rickard@metaswitch.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 348663A0AFD; Wed, 22 Jul 2020 09:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metaswitch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHx4KUlhJP83; Wed, 22 Jul 2020 09:47:31 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2123.outbound.protection.outlook.com [40.107.94.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A47F3A0AF8; Wed, 22 Jul 2020 09:47:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Od3ny0us13GDw+IQol9k5Of0xQRFicT5YX0ty68f0CLirlpx7JDX4wNkjxV+OJ7oEIw3dr2mmnOet2PsrMgyKbhGlL2SSCeqq01tMjJt9B+fE3nal7rMo/5kN0yFzbCvz4i7zLnElSw8LhHd3HODiAFnem5egKhPNJm5uJiscwio2QMMG4gBWGiss5/VNcSuSwIeBXOo0WaE6oomk0r1oWfjEAbrI3NklD3LyabhFm2ajtVO9/wRVDcX2Bhxd0nRAn2xgN2cyjkeoaAcgQj9LLUw8a9dF5VE4wwSw0M2BHOQY3oof95Au8sb1GZDVzSAwflpSx6z5kHr0HUkbzAhhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/flyUbqqqz48pFYmNys2R1QKT/I40+0jqqQbxjwXbnA=; b=HMe0hmGiOrGJgkhXaEx9bR2LMyiT+fSO15wM4zX3xefsOhtB13O1fNV0dr88SZSa89xNiA9MJFUzWiB+npfUoUnxzV2IpY/VREKaRaJN44dlNCY5fX+T5k8Ni1FRz7Du6+HqtskePOIlXZjeFG+s0WdE9ta/sRqTej74/GfhszdOT3Xb74cL0yOZqhm7nXeMNTphaymGX5CPAuNkcNxyVf2OM6lHBBg9lPBeFviVUofC+Pvvjqr6LrkUomKU8D3TY/QdnsZNDAI8CUGMrZFhQVIp1TzEDxSu/DsjE5MPeGfJecqlSd50DA8+DQ7tKLSSnhkZ6Qh6Ql/FJwhXfI/BWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=metaswitch.com; dmarc=pass action=none header.from=metaswitch.com; dkim=pass header.d=metaswitch.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaswitch.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/flyUbqqqz48pFYmNys2R1QKT/I40+0jqqQbxjwXbnA=; b=rxN0m72gm73VrHtVw88E4GJg31VVg0nvTBwheCz5FuLGQMVRgT8o8OU2QiQHn7WwCKWJEC6AHxfH1DJYdsAyjuS+ylBvJu+RMuzCPagS+Bw/H9TLuaxmDMET59+jUkCzMJodC22D8CXYZ+LR7fFDNmTIOSwMubHDHN5C5OK6Zxo=
Received: from BYAPR02MB5189.namprd02.prod.outlook.com (2603:10b6:a03:62::29) by BYAPR02MB4711.namprd02.prod.outlook.com (2603:10b6:a03:49::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.17; Wed, 22 Jul 2020 16:47:29 +0000
Received: from BYAPR02MB5189.namprd02.prod.outlook.com ([fe80::85af:617:4f9f:b2c3]) by BYAPR02MB5189.namprd02.prod.outlook.com ([fe80::85af:617:4f9f:b2c3%7]) with mapi id 15.20.3195.026; Wed, 22 Jul 2020 16:47:29 +0000
From: Jack Rickard <Jack.Rickard@metaswitch.com>
To: "stir@ietf.org" <stir@ietf.org>, "draft-ietf-stir-passport-divert@ietf.org" <draft-ietf-stir-passport-divert@ietf.org>, "Peterson, Jon" <jon.peterson@team.neustar>
Thread-Topic: Potential security vulnerability in STIR/DIV
Thread-Index: AdZgO7RfMuiVRPd/TYi0mhEaKJnUqQ==
Date: Wed, 22 Jul 2020 16:47:28 +0000
Message-ID: <BYAPR02MB5189FF21A49BA034796C44F1F3790@BYAPR02MB5189.namprd02.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=metaswitch.com;
x-originating-ip: [84.92.33.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d2a3a2f0-66a1-43c9-75ca-08d82e5eebcd
x-ms-traffictypediagnostic: BYAPR02MB4711:
x-ld-processed: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR02MB4711928145B02AA235FB1EF7F3790@BYAPR02MB4711.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H+yCI4uwHOJkvPHLwOmSCK70FckcrzZldNGKu24WeqhK+duJi9mZwUgu5kbclIlccmEp0Db//LKCcYn+ds6Qk60+4n+PucekLdaS2ikt54loHV1oj/6MPAv9Ka+Dh1N8dLEXFqVL1qD8djxf/CE7AfocJKkx4NAepCYx6uvnD67oUEq1Hv4JyG+zg+zTmYa9w9Acv7Wxj7B0a9mxCByL60oDp5KLCELQg5b7ny6PhSUHWdhnBQIrEw87vjfUt2vrMF5sE+gxHUYr6LJ2c8g8htcsoZEMT2jv2ScjjzCrP5fz0uSzdVzmrO+LO9AhNTSO26/IjHh/MZmAB0Y7XDHU/Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR02MB5189.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(346002)(39850400004)(366004)(396003)(376002)(186003)(52536014)(45080400002)(55016002)(5660300002)(9686003)(478600001)(316002)(33656002)(71200400001)(86362001)(66446008)(66946007)(76116006)(64756008)(26005)(9326002)(2906002)(8936002)(15650500001)(7696005)(6506007)(83380400001)(8676002)(110136005)(66476007)(66556008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: X8pXeYsS5HCbioTDaoF/YhLjhePqqmIS50heImiHrHGMtqDxc1TZm9NFCr/7w7PEzBvsKrfCMh6PGkXgk+gNbytSiJ7E/QZWRchlP9anEbVwxXn3CVhlcmjUIIPfDPfIhSnnuCPGLoYAcjRKMN9GkLE+8tH/AZ/B0w7jUbTAUZfLeowWPfEogReIXCnfVm8OfMJ1LjJngsulxCGCPyu0JmkTkwyaOHGLXMfCFZINuF2TKgXzX9tNs4wxeO1JoILYz028d77PsymiBLACcItRw3g0Eq9SH0Ce9wifsoXuHymzloWNTorGntySLCfhWDUAtfSFORsDBCEu1Q30tzhu3hT0Wfus3P4+o12575UTlW8mIbXL2C+4fC++528E6Zfa/F6BPjKq2OtGDj76FsqysDaS1UwjdoszFyNeIEkSlWc0B6c9Dr9cxVhlqedVZEuylHjrOEj+bqiz+RWVHnohePXO8xKi2ciaQM831kiZDks=
Content-Type: multipart/alternative; boundary="_000_BYAPR02MB5189FF21A49BA034796C44F1F3790BYAPR02MB5189namp_"
MIME-Version: 1.0
X-OriginatorOrg: metaswitch.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR02MB5189.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d2a3a2f0-66a1-43c9-75ca-08d82e5eebcd
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 16:47:28.9620 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wal16np95XlAruZX8iNOxCOQ/h3Dt4AUxkzBrzfve5+Obyb1j56SxW1hMHVcmorYCaw6tIPsjkvjfiUtk7B0kA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB4711
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/dMliPalzQv5zVOLoZxGNIjPmM84>
Subject: [stir] Potential security vulnerability in STIR/DIV
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 16:47:33 -0000

Hello,

I believe I've come across a security vulnerability in the STIR system that is made exploitable by the introduction of DIV passports, that I haven't seen discussed here in any detail (sorry if it has been). There are currently mitigations for it in the passport spec, however I don't believe they go far enough to prevent this attack.

The high level summary is that an attacker can impersonate an entity that called them by pretending they redirected that call to the recipient.

An example:

Trusted: A party trusted by Subject, which Attacker wishes to impersonate
Attacker: The party wishing to impersonate Trusted
Subject: The intended target of Attacker, who will see a verified call coming from Trusted


  1.  Attacker gets Trusted to call them.

This is a reasonable operation, and is actually quite a common feature of support companies so you don't have to sit on hold.

  1.  Attacker answers/rejects the call and saves off the SHAKEN passport for Trusted -> Attacker.
  2.  Attacker sets up a redirect from them to their intended Subject.
  3.  Attacker constructs a call (claiming to be) from Trusted to Attacker with the previously saved SHAKEN passport.
  4.  The call will be verified, then redirected to Subject with a DIV passport for Attacker -> Subject.

This does rely on the certificate signing the DIV to belong to a trusted entity, this seems possible, as the redirect could be carried out by Attacker's service provider.
Attacker's SP may refuse to redirect after some time due to IaT timeouts, but this is not required by the spec and I believe this can be worked around by, for example, repeatedly bouncing new calls off an accomplice.

  1.  Subject receives a call claiming to be from Trusted (albeit redirected from Attacker) with a valid passport chain of Trusted -> Attacker -> Subject.

Both passports will be signed by trusted entities: Trusted's SP and Attacker's SP.
IaT doesn't provide much protection here as, in the presence of DIV passports, the valid time range must be set reasonably high to allow for the possibility of ring-arounds.
The origid and attest will be associated with Trusted, eroding any automated databases of robocalls based on the origid.



The "mky" claim seems to be the solution that is currently built into passports, however, it is currently optional, and as far as I am aware using certificates to authenticate the ends of a media stream is very rare in practice.

Unfortunately, I'm not able to come up with a solution and I am hoping that is where you will be able to step in. I believe to avoid this, there needs to be more validation of the media stream that is created, either in the form of more data being signed or enforcing that the media participants are authenticated.

Thank you,
Jack Rickard | Software Engineer | Metaswitch
The Faster Way Forward
Office +44 20 8196 9801
Metaswitch is a Microsoft company

v2.23.0 | Report a Bug | By Email