IETF Logo Mail Archive

Re: [stir] Potential security vulnerability in STIR/DIV

Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 24 July 2020 16:11 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32FDE3A0ECB for <stir@ietfa.amsl.com>; Fri, 24 Jul 2020 09:11:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBs6Sxg6iYBM for <stir@ietfa.amsl.com>; Fri, 24 Jul 2020 09:10:58 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2054.outbound.protection.outlook.com [40.107.236.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE22A3A0EC6 for <stir@ietf.org>; Fri, 24 Jul 2020 09:10:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JOMcVC5QMDDm++rtaCpbxPxeM8i8ZuyJL4b7qLGjKqKCUh3e4xon/IhkCm7oEDJDXZf6mIa6TRHpJepco7+IvRJzwZcdAMmEvtev0Z6M5zlMsZN5ddEOVJxNHcsENbLys0T4cR4DPFfQjRHQEXCIi+jNwRDQfe9QFhT0E5NBmuU5ePHRRVF0AMO28q+dIOdlf9VUEZHpG3nRYpAQ/1eKyP84Giq+hbo8lqo99MAZmon7nUCokTCVRLBUEBlm6eoX6gVJ58h7Cg/rQW49jkABMMjaQNYRPyVp10MvS8t7pYWdAGC1mnRvz0fcVXaDtn60xD4wkb4PLALPfrP2qSnrhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=33d1NzNtiGb/lJZr6p309Mf95S3KenYClNXEKjw0/Y8=; b=OvebqmXEfCxHkzmI7KMMzlgsTfZdHSaCkPNRuoolGg0gZXlniNjSNHE0mpu4VXuNnnKK1pqsCCif0U2F+uxeH56g6xtg6a5bWyxBBKs3c2g5YV9fxUnRHbwsZh0wTvSPjeozVoInAP1/jYU/ey4/517BhlzFqxFzjslQNPwgdg/+2A/qpsnLOTJ7NOEWZR55ifJI4RZnPveeJiOOldwOHamz24871MlngsYvjGrk1tRXOeVWtMAJbdEWA8NCfezl9yeXclMp9aYtnuEgSk5nzazk9Cwa/8k6Aqj4iePTFxjBoWYN7HMSjRi51CM+luTByLl5lQDGIerGy9NMtey8WA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=33d1NzNtiGb/lJZr6p309Mf95S3KenYClNXEKjw0/Y8=; b=hMWYkvO+oU9FDhjnQxe2bCUptYk7aVFtzQC5KNyhUcnImwheRIPaRoRU2U5Kq4QV+TapYEQAYd/X1Ys/ms/aSzyE+MpoX/zWYl6Vd7YhX+cQLRnBlrBgq/yygqkOyDXhHQlT+TyG2JIrhHR8mX8hOi6CsNDHnvgEDDC7xzC4fXg=
Received: from CY4PR06CA0055.namprd06.prod.outlook.com (2603:10b6:903:13d::17) by SA0PR12MB4414.namprd12.prod.outlook.com (2603:10b6:806:9a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Fri, 24 Jul 2020 16:10:56 +0000
Received: from CY1NAM02FT056.eop-nam02.prod.protection.outlook.com (2603:10b6:903:13d:cafe::ca) by CY4PR06CA0055.outlook.office365.com (2603:10b6:903:13d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.21 via Frontend Transport; Fri, 24 Jul 2020 16:10:56 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT056.mail.protection.outlook.com (10.152.74.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.10 via Frontend Transport; Fri, 24 Jul 2020 16:10:55 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 06OGArK7024932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <stir@ietf.org>; Fri, 24 Jul 2020 12:10:54 -0400
To: stir@ietf.org
References: <BYAPR02MB5189FF21A49BA034796C44F1F3790@BYAPR02MB5189.namprd02.prod.outlook.com> <89AC11DC-7E1A-4D1E-9CB8-96C98E790EF5@team.neustar> <BYAPR02MB5189A165DCE3CDE106FEDD6EF3760@BYAPR02MB5189.namprd02.prod.outlook.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <f0b2b1e9-1dad-0b45-6ccc-3b51a315c4b3@alum.mit.edu>
Date: Fri, 24 Jul 2020 12:10:53 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <BYAPR02MB5189A165DCE3CDE106FEDD6EF3760@BYAPR02MB5189.namprd02.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0a87aadb-9afd-40f2-c889-08d82fec256f
X-MS-TrafficTypeDiagnostic: SA0PR12MB4414:
X-Microsoft-Antispam-PRVS: <SA0PR12MB44145D4D278C4F2057C3F2C8F9770@SA0PR12MB4414.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Wk6XnuqkiYVYbpl+zOpa6qOUfZbq2SIafOq7qh4x7XVfnihS3ZLpeGS58ZfoWtcZqxcCCcbHUoLTse82VhtU6M1PepVcrgNujaT34MCubBFRS9r8dEalOta/RsmUBMmxsKFKASM/x2xNznQ4pgnhahEZ+mcPShKi9oqOR1aX5z3cs/VyRVYs1gzAMtibaGXK5s1CipNWySRg1Fa1I5qfYF2Esh/ytUqgBUjrAmwF0HzBrFp7uE//mng3iW7WeBmbxFbfEepexwrxjq2TC+6AsQ4zO4wKnSlEsGOo1SXSNVGhkdfll4QA6Ea1xOlFRj78y6NoB7j0FdRpxI0k5OL9CxZsr2dhgyh5ffEunFRdWeVallR3t4DCBskXC6l1tlr6XrsSydOAWODbCmQaSVsZA6ZqDaJppJQEKEoNbGPkg29mDOLak5YwPzfz/IMR71gz
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFTY:; SFS:(136003)(346002)(39860400002)(396003)(376002)(46966005)(786003)(8936002)(316002)(82740400003)(70206006)(86362001)(70586007)(6916009)(75432002)(5660300002)(31686004)(47076004)(31696002)(356005)(8676002)(82310400002)(36906005)(7596003)(2906002)(53546011)(26005)(186003)(83380400001)(336012)(956004)(2616005)(15650500001)(508600001)(43740500002); DIR:OUT; SFP:1101;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jul 2020 16:10:55.7066 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a87aadb-9afd-40f2-c889-08d82fec256f
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: CY1NAM02FT056.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4414
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/l5Ge56tFwJUvjxSYy1_Squj5UIY>
Subject: Re: [stir] Potential security vulnerability in STIR/DIV
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 16:11:00 -0000

See below

On 7/23/20 9:22 AM, Jack Rickard wrote:
> I agree that div does make this kind of attack more difficult, and 
> requiring that there is some trust of every retargeting entity does make 
> sense. My assumption was that by only trusting the signers of the 
> passports I can trust the orig is the entity calling me, I now see you 
> have to trust the signers and the diverting parties. To clarify this I 
> propose that something like your explanation is added to the spec, i.e.
> 
> It is Carol who needs to decide if a forwarded call from Bob should be 
> trusted or not – “div” is certainly not suggesting that trust is 
> automatic, nor that the presence of a “div” that correctly chains to the 
> original PASSporT is a substitute for the policy and trust decision made 
> on the terminating side of a call. As with baseline STIR, just because 
> something validates at a protocol level doesn’t mean you should trust 
> it, nor that local policy does not determine how you treat calls.
> 
> To be clear, my original email was based on the belief that div 
> passports would provide a "chain-of-trust", allowing you to essentially 
> ignore that diversions had occurred once you had established there was a 
> valid chain of div passports from the originator to the final 
> destination. Although, after reading your response I realise that's not 
> the case.
> 
> My worry is that this model makes div difficult to use and police in 
> practice, specifically:
> 
>   * This model makes implementations more complicated as you can't
>     separate verification from policy decisions. You have to filter out
>     untrusted parties before doing the chain finding step of
>     verification, as otherwise you might decide upon a chain containing
>     an untrusted party when there does exist a valid chain containing
>     only trusted parties (granted this situation is unlikely).
>   * This model introduces complexity in what should be displayed to a
>     user, the simple verified/not verified can't be used unless you
>     require complete trust of all diverting parties, and that could
>     cause false negatives.
>   * If a diverted call does get reported as a robocall, it's not clear
>     whose reputation should be tarnished. It may have been that the
>     original caller was a robocaller and the call got legitimately
>     diverted to you, or it was the below attack where the caller is
>     trustworthy but the diverter was the robocaller.

When a call is diverted, isn't it possible for the diverting party to be 
in the media path? If so then you ought not accept diverted calls unless 
you really trust the diverting party.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email