Re: [TLS] Selfie attack
Mohit Sethi M <mohit.m.sethi@ericsson.com> Fri, 11 October 2019 12:33 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C1E1120019 for <tls@ietfa.amsl.com>; Fri, 11 Oct 2019 05:33:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TV73eqXasRvP for <tls@ietfa.amsl.com>; Fri, 11 Oct 2019 05:33:46 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on061f.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::61f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EB55120071 for <tls@ietf.org>; Fri, 11 Oct 2019 05:33:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RP+tuVqzpBQbi+cvdw1KYarV5OSd1SltkBS1miMnliAHulZI4riro1fA102/gpnxxnNCwDMx021FX6ah6Cr8f+NKd4MKv9dMHiuLkpaPuRuZVLZp23k9t88W1D1kUZjfjHmnENPBgdYqPqj3+SDYA/3RHMxK22uqbMO4RIIYY0FW1tDxXsloRHUIBfuBw98Sdu57qkn8XBAzuk0wdUToLDLOTTGgT9vfazIiujaWT/HEgeIyx6qBCHXnee2A+50e16uJQ6ruCWFq4ukV3FEX8AEBbxUbhiMuq31/L3+2N9rbIw7358draf7gcBe//95MmnYBgnuG/VzonvGhEg+NsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1dnlAjHuKE06Qwf9vi8GvzU/1uvmV1Xk+tLCzCG9to=; b=eX5ph1ulEzJQfzP/ilgJFR8EbBSmXHqUNv8D5doVuM0QYRCwVrss03hm6LMXfljL4Qlas+Dzt1LLPAS5hjhUmm2uGl88XA596qruQ6+A89Pq7xCyhnPlMQzjtlwti592b3lFk2FuIObmSTKFq5WOE/lUoY3fVqtZTOHKHvrfzKjIEwEsmAepkgB2HcZqqEKfv+K0gofqE+yawqnZkrcPb2fBUw+UcWNCm/btuYhOu4wygPTisKYEsZvLcsqUOjVZ4V4u5DEJEz7lGneKi+dHYEHKrc+fJL50seNjOEp6iSp1kB9KAN6fo/LdmBXnjSeeNDgnQjh33DhsIGdxowUffA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S1dnlAjHuKE06Qwf9vi8GvzU/1uvmV1Xk+tLCzCG9to=; b=I1/PazG29fw5xfdyUawEkqRfI4aSYmWmaoy1yNtQhkH/Z2cEuOSpmcmsuI0w4MIclaBMqc4c0Ha/wW6mW64hYUg/kNyfXVZCV7/DAh28R/Hfdo2VxAO/CtgD+f4Lk6zSt8QfF6aRCSXqfnK2NEWKUaJw/bL1Kuo+93UQ8H9Kfig=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2892.eurprd07.prod.outlook.com (10.168.94.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.13; Fri, 11 Oct 2019 12:33:43 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::f073:9f5c:2438:ea1f]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::f073:9f5c:2438:ea1f%6]) with mapi id 15.20.2347.016; Fri, 11 Oct 2019 12:33:43 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Christopher Wood <caw@heapingbits.net>, Christian Huitema <huitema@huitema.net>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Selfie attack
Thread-Index: AQHVfb6JZ9ydCGu6h0WNgLEAne6JU6dQ9FwAgAAizgCAAFMEAIAD+pGA
Date: Fri, 11 Oct 2019 12:33:43 +0000
Message-ID: <1f34cc42-45be-a580-a889-ab9bb60a7f38@ericsson.com>
References: <CY4PR1101MB227834A5DF828F000C6D1144DB890@CY4PR1101MB2278.namprd11.prod.outlook.com> <CACykbs2qp0EDa3pGfFpQY6rgruJD1f-6mZ_B5KF8kBkrXD9caw@mail.gmail.com> <CY4PR1101MB227871FEF520A88CF65BADF6DB890@CY4PR1101MB2278.namprd11.prod.outlook.com> <964aab95-1a42-df82-e8e4-cf7ee15ba0f8@ericsson.com> <AE2F1D6C-39AD-4C2F-BE03-FA2F189BBF4B@live.warwick.ac.uk> <896F89B2-37D0-4674-881D-FB9FE4874978@ericsson.com> <FE583332-1915-4B5A-AAAB-AD854CF336B8@live.warwick.ac.uk> <bb410c2a-6836-48a8-ac3d-de395f4c57d8@www.fastmail.com> <a0c560b0-8bca-d843-dac8-57c90c0488de@ericsson.com> <90ddc116-f5d9-4b22-8b80-e31835e09f10@www.fastmail.com> <a70e420c-eeab-b446-57a8-a496a0541f89@huitema.net> <3a51cdaa-d04c-48b8-89b9-07d1510dba1a@www.fastmail.com>
In-Reply-To: <3a51cdaa-d04c-48b8-89b9-07d1510dba1a@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [82.203.244.107]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3d73b379-b684-4eb2-5b96-08d74e474115
x-ms-traffictypediagnostic: HE1PR0701MB2892:|HE1PR0701MB2892:
x-ms-exchange-purlcount: 2
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <HE1PR0701MB28923352DD2E48981D9A2873D0970@HE1PR0701MB2892.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3513;
x-forefront-prvs: 0187F3EA14
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(39860400002)(376002)(396003)(346002)(199004)(189003)(186003)(71190400001)(76116006)(6306002)(6246003)(66946007)(66476007)(66446008)(66556008)(64756008)(110136005)(6512007)(478600001)(71200400001)(6506007)(2501003)(53546011)(14454004)(966005)(99286004)(102836004)(76176011)(26005)(6486002)(316002)(8676002)(31686004)(6436002)(58126008)(5660300002)(86362001)(7736002)(305945005)(6116002)(31696002)(81166006)(8936002)(14444005)(256004)(2906002)(3846002)(11346002)(446003)(2616005)(476003)(25786009)(486006)(229853002)(65806001)(65956001)(36756003)(66066001)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2892; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QpJ6acyBJzRpSEjA5AZjLpqUoU0TGAXxkD/dcmF+fUqgqOwU7LSMAufMVFeoxzoC+mcvKIALNAWVlgW9ltY5/CAgTBxdlfIOo6Znd8VGXMHO7gNTIppZyxQSTFluCtPAr3cf0SPaassMjDdIIxWPsjExQ739IwXZdX2D0qdSgSwJ1tGUu0u7NctHdECKdMwnGu2i+clvwMVzaDZXWhVYntug+klIkan6/IHS6qD/GkwpfICjqH5G2+fSr3sVtydFsPkYgQe8hF9KDmJsnPuQufig8foOYenXVh3DpRaOa57NlC9gXgFTbIKIWSa7yEtkp+zwpg66TCitOrBF4+54FxBHa67jTpOkC1tEzKCItB/gpuyMgp21AC5qZeKtjHKMi6lfBmYXf1aMZO6SgHXUwuUbquQ0uVTlEZPacVunenwnoeo0GZjdSYPA0t0nNLpla21iylSeaOM3tfRg9UbyrQ==
Content-Type: text/plain; charset="utf-8"
Content-ID: <2046589C269D67498AD64AC9B0E5FD02@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d73b379-b684-4eb2-5b96-08d74e474115
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2019 12:33:43.6078 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: c8yQL9zkpw3slMmQYtHxOZcph5Vmgw4PgBtAtBLE98kxDDvWJx7kjejE29TZWXdPDhofCttMondwdT5v9eIogSiP/yqeEHnnZr0Fa4Z3evo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2892
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9FOmbDmlwMvKhkGIS6taqfi9gsE>
Subject: Re: [TLS] Selfie attack
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Oct 2019 12:33:50 -0000
Hi Chris and Christian, I would disagree. The important thing to note is that the selfie attack is not a traditional insider attack where someone with the PSK misbehaves. If you look at the paper (https://eprint.iacr.org/2019/347), you will notice that Eve can fool Alice into opening a connection with herself without knowing the PSK that Alice shares with Bob. If Eve knew the PSK, then certainly it could pretend to be any one of the parties in the group that shares the PSK. --Mohit On 10/9/19 2:48 AM, Christopher Wood wrote: > On Tue, Oct 8, 2019, at 11:51 AM, Christian Huitema wrote: >> >> On 10/8/2019 9:46 AM, Christopher Wood wrote: >> >>> On Tue, Oct 8, 2019, at 2:55 AM, Mohit Sethi M wrote: >>>> >> Hi Chris, >> >> For the benefit of the list, let me summarize that the selfie attack is >> only relevant where multiple parties share the same PSK and use the >> same PSK for outgoing and incoming connections. These situations are >> rather rare, but I accept that TLS is widely used (and sometimes >> misused) in many places. >> >> >> I may be getting old but the way Mohit writes it, it seems that the >> attack happens when the security of a group relies on a secret shared >> by all members of the group, and can then be compromised when one of >> the group members misbehaves. How is that a new threat? If groups are >> defined by a shared secret, then corruption of a group member reveals >> that shared secret to the attacker and open the path for all kinds of >> exploitation. In what sense is the "selfie" attack different from that >> generic threat? > In my opinion, it's not. > > Best, > Chris > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Distinguishing between external/resumption … Owen Friel (ofriel)
- Re: [TLS] Distinguishing between external/resumpt… Jonathan Hoyland
- Re: [TLS] Distinguishing between external/resumpt… Owen Friel (ofriel)
- Re: [TLS] Distinguishing between external/resumpt… Jonathan Hoyland
- Re: [TLS] Distinguishing between external/resumpt… Richard Barnes
- Re: [TLS] Distinguishing between external/resumpt… Jonathan Hoyland
- Re: [TLS] Distinguishing between external/resumpt… Richard Barnes
- Re: [TLS] Distinguishing between external/resumpt… Christian Huitema
- Re: [TLS] Distinguishing between external/resumpt… Nico Williams
- Re: [TLS] Distinguishing between external/resumpt… Richard Barnes
- Re: [TLS] Distinguishing between external/resumpt… Jonathan Hoyland
- Re: [TLS] Distinguishing between external/resumpt… Nico Williams
- Re: [TLS] Distinguishing between external/resumpt… Richard Barnes
- Re: [TLS] Distinguishing between external/resumpt… Nico Williams
- Re: [TLS] Distinguishing between external/resumpt… Mohit Sethi M
- Re: [TLS] Distinguishing between external/resumpt… Nikos Mavrogiannopoulos
- Re: [TLS] Distinguishing between external/resumpt… Rob Sayre
- Re: [TLS] Distinguishing between external/resumpt… Rob Sayre
- [TLS] Selfie attack was Re: Distinguishing betwee… Mohit Sethi M
- Re: [TLS] Selfie attack was Re: Distinguishing be… Hao, Feng
- Re: [TLS] Selfie attack was Re: Distinguishing be… John Mattsson
- Re: [TLS] Selfie attack was Re: Distinguishing be… Viktor Dukhovni
- Re: [TLS] Selfie attack was Re: Distinguishing be… Hao, Feng
- Re: [TLS] Selfie attack was Re: Distinguishing be… Christopher Wood
- Re: [TLS] Selfie attack Mohit Sethi M
- Re: [TLS] Selfie attack John Mattsson
- Re: [TLS] Selfie attack Mohit Sethi M
- Re: [TLS] Selfie attack Christopher Wood
- Re: [TLS] Selfie attack Christian Huitema
- Re: [TLS] Selfie attack Mohit Sethi M
- Re: [TLS] Selfie attack Christopher Wood
- Re: [TLS] Selfie attack was Re: Distinguishing be… Hao, Feng
- Re: [TLS] Selfie attack John Mattsson
- Re: [TLS] Selfie attack Mohit Sethi M
- Re: [TLS] Selfie attack Mohit Sethi M
- Re: [TLS] Selfie attack Mohit Sethi M
- Re: [TLS] Selfie attack John Mattsson