IETF Logo Mail Archive

Re: [stir] DKIM-like key mgmt approach - MITM

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 12 June 2013 17:13 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E6E721E808C for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 10:13:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.517
X-Spam-Level:
X-Spam-Status: No, score=-102.517 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vqiDSJpXzDW for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 10:13:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id D958621E805E for <stir@ietf.org>; Wed, 12 Jun 2013 10:13:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id F19ACBEAA; Wed, 12 Jun 2013 18:13:21 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iN0oKFkFUx2f; Wed, 12 Jun 2013 18:13:21 +0100 (IST)
Received: from [IPv6:2001:770:10:203:24c6:3ab1:3e3d:b83f] (unknown [IPv6:2001:770:10:203:24c6:3ab1:3e3d:b83f]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CE7F3BEA4; Wed, 12 Jun 2013 18:13:21 +0100 (IST)
Message-ID: <51B8AC31.3030608@cs.tcd.ie>
Date: Wed, 12 Jun 2013 18:13:21 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: Hadriel Kaplan <hadriel.kaplan@oracle.com>
References: <9CC39DA7-8610-4284-B51E-5FA7E2A59C0F@neustar.biz> <51B225E9.8050206@bbiw.net> <200A4AFC-8397-4AF8-806B-4B5FC2CB6313@neustar.biz> <51B2283A.6070207@bbiw.net> <025FF36A-457A-4106-936C-7BDFC5ECA167@neustar.biz> <51B22C29.8010502@dcrocker.net> <A2C525DE-C215-41ED-B260-654B3E11C3DD@neustar.biz> <51B231CE.7010908@dcrocker.net> <51B63552.3020607@cs.tcd.ie> <07DEB0E9-FB4B-4582-AE62-3673E52B6313@neustar.biz> <51B63E06.9040705@dcrocker.net> <9E8E21BE-2AD8-4239-8547-5BE543982CBD@neustar.biz> <00C069FD01E0324C9FFCADF539701DB3A03DB413@ex2k10mb2.corp.yaanatech.com> <208038CE-DD6B-4670-92CC-D91CFD770C52@cs.columbia.edu> <51B84A0D.1000702@cs.tcd.ie> <3B763E54-DE72-4855-A6AB-18E9A4DAC54F@oracle.com>
In-Reply-To: <3B763E54-DE72-4855-A6AB-18E9A4DAC54F@oracle.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: stir@ietf.org, Michael Hammer <michael.hammer@yaanatech.com>, Henning Schulzrinne <hgs@cs.columbia.edu>
Subject: Re: [stir] DKIM-like key mgmt approach - MITM
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 17:13:48 -0000

On 06/12/2013 05:56 PM, Hadriel Kaplan wrote:
> 
> On Jun 12, 2013, at 6:14 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
>> One concern I have though is whether or not it'd be ok to leave
>> open potential spoof calls launched from e.g. a zombied home router
>> to a callee on the home network. If the final model had exactly
>> the same security properties as DKIM, then that would be an issue.
>> If the final model were based on Brian's 5280-based ideas that
>> threat would probably not be an issue. Or there may be ways to
>> look up a signer public key over a TLS channel that'd work too.
> 
> I understand what a "zombied home router" is and what a "callee on the home network" is, but I don't understand the case you're talking about.  Can you describe the scenario for how the attack would work/behave?

I guess bad-guy hacks my home router, then initiates a call from
or via there to me in my living room making it look like the call
comes from my bank.

If the key management was precisely the same as DKIM's then he'd
be able to feed me a public key to make it look like his signature
is ok for the bank's telephone number since I use my home router
for DNS as well. (Assuming my UA doesn't insist on DNSSEC.)

> One type of attack that we might have to worry about, that might be called a MITM attack because the attacker becomes a type of MITM during the attack: a malicious callee receiving a call and using the received signature to initiate an outbound call during the short time the signature is valid, spoofing the original caller.  
> 
> This is described in:
> http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack-00

Don't have time to read that right now, will look later.

S

> 
> Basically it boils down to us needing to distinguish legitimate call-forwarding from malicious call-forwarding.  Unfortunately none of the possible solutions for it are very palatable, imho.
> 
> -hadriel
> 
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
> 
>

v2.23.0 | Report a Bug | By Email