Re: [SWMP] My understanding so far
Roland Weber <ossfwot@dubioso.net> Thu, 20 September 2007 17:33 UTC
Return-path: <swmp-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IYPuE-0005i2-PH; Thu, 20 Sep 2007 13:33:38 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IYPuC-0005a7-Ns for swmp@ietf.org; Thu, 20 Sep 2007 13:33:36 -0400
Received: from moutng.kundenserver.de ([212.227.126.187]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IYPu8-0006Nr-P4 for swmp@ietf.org; Thu, 20 Sep 2007 13:33:33 -0400
Received: from e180013223.adsl.alicedsl.de [85.180.13.223] (helo=[85.180.13.223]) by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis), id 0ML2xA-1IYPtn16zS-0002V5; Thu, 20 Sep 2007 19:33:31 +0200
Message-ID: <46F2AEF8.4090406@dubioso.net>
Date: Thu, 20 Sep 2007 19:33:44 +0200
From: Roland Weber <ossfwot@dubioso.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070807 SeaMonkey/1.1.4
MIME-Version: 1.0
To: swmp@ietf.org
Subject: Re: [SWMP] My understanding so far
References: <OFFA72042F.751DC694-ON85257348.006F170E-85257348.0070D266@lotus.com> <46D88058.8070008@dubioso.net> <46D894F6.1090901@mediamachines.com>
In-Reply-To: <46D894F6.1090901@mediamachines.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V01U2FsdGVkX1+9Zqkc2SgAgzqCyLoAYS1tnY20dWxFPn3sWpb ka/UfOjyEDmdWmcpBmX6i3PV3PhBXf//ZS6/BWrK/5Ef1h0vOt RvciBY/gLtp7D51pmhObUfT0M8jTlBO
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
X-BeenThere: swmp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion of a Simple Wide-area Multiuser-3D Protocol <swmp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/swmp>, <mailto:swmp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/swmp>
List-Post: <mailto:swmp@ietf.org>
List-Help: <mailto:swmp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/swmp>, <mailto:swmp-request@ietf.org?subject=subscribe>
Errors-To: swmp-bounces@ietf.org
Hi Jay, sorry for the late reply, I had little time to spare. Jay C. Weber wrote: > Roland Weber wrote: >> Tickets are used similar to session cookies. When a network >> element X opens the initial channel to Y, it sends a message >> "HELLO, I am X and here is your ticket YtoX for contacting me". > Yes and tickets usually have an expiration time/date (a date is part of the > ticket and the whole thing is digitally-signed to prevent tampering) in order to > address the man-in-the-middle attacks to which you alluded before. In the web world, there is a distinction between session cookies (like jsessionid) with an inactivity timeout, and authentication cookies (like the LTPA cookie in WebSphere Application Server), which have an expiration time. The LTPA cookie fits your description: it is encrypted and has an expiration time, in addition to user credentials. It is used for Single Sign-On: one server issues the ticket, others receive and verify it. However, the session is tracked by the standard jsessionid. In SWMP, as discussed so far, the ticket is only sent back to the server where it came from. That server will probably not bother to decrypt it, since it can just as well compare the encrypted data bit by bit. I don't really see the purpose of the encryption here. Since a timestamp is encrypted, it will not be possible to guess from one ticket what the next will be. But that would also be achieved by any cryptographically strong pseudo random number generator. On the other hand, expiration of the ticket requires re-issuing tickets during a session. A ticket that is simply copied into a message will not protect against man-in-the-middle attacks. The MITM can take it from the intercepted message and pass it on in a modified message. As discussed so far, an attacker doesn't even need to be in the middle. It is sufficient to spy on one UDP packet to hijack the respective channel in the direction of the sent packet. Just fire a few messages with the ticket, and increment the message IDs by 5 instead of 1 each time. The receiver will accept the forged messages because they have the correct ticket, and ignore all messages from the genuine sender because their ID is too low. Switching to a hashing technique has some advantages over this, though at the price of hash computation. Firstly, the ticket is only sent in plain during the initial handshake on the main TCP channel. The hash in the UDP packets will not allow an eavesdropper to guess the ticket and forge messages. If the hash is computed over the message header only, MITM attacks are still possible. If the hash is computed over the full message, message integrity can be verified. A MITM could still selectively drop messages, but not forge them. If so desired, the ticket exchange on the main channel can be protected by standard mechanisms like TLS or SASL. Secondly, the paper says that ticket size is not fixed. So a server might have some clients that use a 32 bit random number as the ticket, and others that use 3 kbyte BLOBs as tickets. If updates are to be sent to all clients, those with a large ticket would need different and more messages than those with the small tickets. We can discuss that stuff in detail when we tackle authentication. As long as anyone can connect to anyone else and get a ticket, MITM attacks are pretty pointless ;-) Does your implementation have authentication mechanisms in place? cheers, Roland _______________________________________________ SWMP mailing list SWMP@ietf.org https://www1.ietf.org/mailman/listinfo/swmp
- Re: [SWMP] Re: faster field messages john_patterson
- [SWMP] My understanding so far john_patterson
- Re: [SWMP] My understanding so far Roland Weber
- Re: [SWMP] My understanding so far Jay C. Weber
- Re: [SWMP] My understanding so far john_patterson
- RE: [SWMP] My understanding so far Tony Parisi
- [SWMP] semantic layers Jay C. Weber
- [SWMP] field-creation semantics Jay C. Weber
- [SWMP] introducing RPC to an asynchronous protocol Jay C. Weber
- [SWMP] Re: semantic layers john_patterson
- [SWMP] faster field messages Jay C. Weber
- [SWMP] Re: field-creation semantics john_patterson
- [SWMP] Re: introducing RPC to an asynchronous pro… john_patterson
- RE: [SWMP] introducing RPC to an asynchronous pro… Tony Parisi
- RE: [SWMP] semantic layers Tony Parisi
- [SWMP] Re: faster field messages john_patterson
- [SWMP] Re: faster field messages Jay C. Weber
- [SWMP] Re: faster field messages john_patterson
- [SWMP] Re: faster field messages Jay C. Weber
- [SWMP] Re: faster field messages john_patterson
- RE: [SWMP] introducing RPC to an asynchronous pro… john_patterson
- RE: [SWMP] introducing RPC to an asynchronous pro… Tony Parisi
- Re: [SWMP] Re: faster field messages Roland Weber
- Re: [SWMP] My understanding so far Roland Weber
- Re: [SWMP] Re: faster field messages Roland Weber
- Re: [SWMP] My understanding so far john_patterson
- Re: [SWMP] My understanding so far Roland Weber
- Re: [SWMP] My understanding so far Jay C. Weber
- Re: [SWMP] My understanding so far Roland Weber