Re: [stir] Anti-spam with blind signatures
"Asveren, Tolga" <tasveren@sonusnet.com> Sun, 30 July 2017 15:07 UTC
Return-Path: <tasveren@sonusnet.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 387C3131F5C for <stir@ietfa.amsl.com>; Sun, 30 Jul 2017 08:07:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=sonusnetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYtJG5eLiISu for <stir@ietfa.amsl.com>; Sun, 30 Jul 2017 08:07:25 -0700 (PDT)
Received: from us-smtp-delivery-126.mimecast.com (us-smtp-delivery-126.mimecast.com [216.205.24.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BE5C131E9F for <stir@ietf.org>; Sun, 30 Jul 2017 08:07:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=SonusNetworks.onmicrosoft.com; s=selector1-sonusnet-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+7uzGHxbyD3as6cSWh8Y7dpwrI4lGwSkkmajuaPa2Gc=; b=kAdpWLwysScxUKOP6HHfg+n4ovZCpms8XirOiTbqzwIIbPrOw+SHH5456+e3bPg8Osl3RYgtmZfDD59+FxnjAGb4vWmEiiVY7FephWlONxZpHmOUPcLTeDKw4wENYKmUYdoo5lXzeadS0qIyuGRgxiORXoMpyB48mbLDTD6F3f8=
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01lp0112.outbound.protection.outlook.com [207.46.163.112]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-209-ccm3IZEWPlCf3Ixu7rQYKA-1; Sun, 30 Jul 2017 11:07:19 -0400
Received: from SN2PR03MB2350.namprd03.prod.outlook.com (10.166.210.141) by SN2PR03MB2302.namprd03.prod.outlook.com (10.166.210.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.22; Sun, 30 Jul 2017 15:07:17 +0000
Received: from SN2PR03MB2350.namprd03.prod.outlook.com ([10.166.210.141]) by SN2PR03MB2350.namprd03.prod.outlook.com ([10.166.210.141]) with mapi id 15.01.1304.022; Sun, 30 Jul 2017 15:07:17 +0000
From: "Asveren, Tolga" <tasveren@sonusnet.com>
To: Eric Rescorla <ekr@rtfm.com>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] Anti-spam with blind signatures
Thread-Index: AQHTB8NsrmnCkV6ifkW4ov4tq/1rlaJsSelg
Date: Sun, 30 Jul 2017 15:07:17 +0000
Message-ID: <SN2PR03MB23504C99C1EB2700DB9C519DB2BD0@SN2PR03MB2350.namprd03.prod.outlook.com>
References: <CABcZeBOpLyNPwO5_vXEn7h8Up06wg2KVHLLHbg0ECY1zs-3VZw@mail.gmail.com>
In-Reply-To: <CABcZeBOpLyNPwO5_vXEn7h8Up06wg2KVHLLHbg0ECY1zs-3VZw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [73.29.18.75]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN2PR03MB2302; 20:rDMUs5T91OTEYocmCz07IBBXu85tUeq8qTXn6VYrTY1STXUTldC/MtOR5PbOpRXe+zH373+oc2NVhh8Orpk6lsvmaSDp9nauN81uMBtGWk9rIimruAijX9bU5/AHGmWRk3vgtpB64lITQOuDSavwwx1vUi8QhyLm6fD0Cw+t9EM=
x-ms-office365-filtering-correlation-id: c56f86fa-6da0-4c86-fac1-08d4d75cab21
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:SN2PR03MB2302;
x-ms-traffictypediagnostic: SN2PR03MB2302:
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-microsoft-antispam-prvs: <SN2PR03MB2302C5C370D0F6EB0B33444CB2BD0@SN2PR03MB2302.namprd03.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(6041248)(20161123562025)(20161123560025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN2PR03MB2302; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN2PR03MB2302;
x-forefront-prvs: 0384275935
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39450400003)(39410400002)(39400400002)(39830400002)(377454003)(189002)(199003)(3846002)(77096006)(2501003)(97736004)(33656002)(7696004)(7736002)(229853002)(2950100002)(6246003)(14454004)(966005)(81166006)(8676002)(38730400002)(86362001)(81156014)(2900100001)(3280700002)(6506006)(8936002)(5660300001)(66066001)(74316002)(53936002)(53546010)(3660700001)(25786009)(55016002)(236005)(54896002)(6306002)(9686003)(76176999)(54356999)(50986999)(478600001)(2906002)(606006)(101416001)(99286003)(6436002)(189998001)(68736007)(19609705001)(102836003)(6116002)(790700001)(105586002)(106356001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN2PR03MB2302; H:SN2PR03MB2350.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: sonusnet.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2017 15:07:17.3395 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR03MB2302
X-MC-Unique: ccm3IZEWPlCf3Ixu7rQYKA-1
Content-Type: multipart/alternative; boundary="_000_SN2PR03MB23504C99C1EB2700DB9C519DB2BD0SN2PR03MB2350namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/SDC_n1ANXntPA0U6RS2kJRuxJ28>
Subject: Re: [stir] Anti-spam with blind signatures
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jul 2017 15:07:29 -0000
A few questions: i- What are the options to avoid IP linkage if sender is a smart-device, i.e. no STIR-aware GW is involved? ii- How would this be used for scenarios involving a STIR-aware GW? Would GW use a different K_temp for each individual calling identity? iii- Is there a real need for this if a GW is involved? A GW can anyhow rate limit ingress calls (also for other reasons) based on calling identity. Thanks, Tolga From: stir [mailto:stir-bounces@ietf.org] On Behalf Of Eric Rescorla Sent: Friday, July 28, 2017 1:03 PM To: stir@ietf.org Subject: [stir] Anti-spam with blind signatures As Jon mentioned in Prague, our best privacy story is to encrypt the PASSporT under the recipient's public key, thus protecting the *sender's* identity (though of course not the recipient's [0]). However, the problem now becomes that unauthenticated senders can just spam the CPS. We can significantly mitigate this issue by forcing senders to authenticate each time they want to send an encrypted PASSporT but decoupling that authentication from the actual PASSporT. This comes at a small privacy cost of leaking the velocity at which a caller makes calls (or technically, stores PASSporTs) but not to whom. In order to do this, we can use "blind signatures" [1]. The basic protocol flow is as follows: Sender CPS Authenticate to CPS ---------------------> Blinded(K_temp) -------------------------> <------------- Sign(K_cps, Blinded(K_temp)) [Disconnect] Sign(K_cps, K_temp)) Sign(K_temp, E(K_receiver, PASSporT)) ---> In the first phase, the sender connects to the CPS, authenticates, and sends a blinded version of a freshly generated public key. The CPS returns a signed version of that blinded key. The sender can then unblind the key and gets a signature on K_temp from the CPS Then later, when it wants to send something, the sender connects to the CPS anonymously (note: need to avoid IP linkage here) and sends both the signed K_temp and its own signature over the encrypted PASSporT. The CPS verifies both signatures and if they verify, stores the encrypted passport (discarding the signatures). This design lets the CPS rate limit how many PASSporTs a given sender can store just by counting how many times K_temp appears (there are things we might do to make this easier). Obviously, this isn't perfect because you can't tell if a sender is just sending bogus data, and I don't know how to fix that yet, but it's a big improvement over the status quo. -Ekr [0] Though we could probably get *some* traction here by bucketing these blobs by some granularity courser than recipient identity, such as taking a prefix of H(recipient_pub). [1] https://en.wikipedia.org/wiki/Blind_signature. The way this works is that I can give you a "blinded" version of some message M. You then sign the blinded version and send me the signature, and I "unblind" the signature and recover a signature on M.
- [stir] Anti-spam with blind signatures Eric Rescorla
- Re: [stir] Anti-spam with blind signatures Asveren, Tolga
- Re: [stir] Anti-spam with blind signatures Eric Rescorla