IETF Logo Mail Archive

Re: [TLS] Security review of TLS1.3 0-RTT

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 03 May 2017 09:17 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1189312941C for <tls@ietfa.amsl.com>; Wed, 3 May 2017 02:17:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.401
X-Spam-Level:
X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ieUz_0MfRuLD for <tls@ietfa.amsl.com>; Wed, 3 May 2017 02:17:50 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EF6E12943C for <tls@ietf.org>; Wed, 3 May 2017 02:15:07 -0700 (PDT)
Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LlESk-1dgXyJ10VC-00b1JM; Wed, 03 May 2017 11:15:05 +0200
To: Colm MacCárthaigh <colm@allcosts.net>, "tls@ietf.org" <tls@ietf.org>
References: <CAAF6GDcKZj9F-eKAeVj0Uw4aX_EgQ4DuJczL4=fsaFyG9Yjcgw@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <cb518e35-c214-d11d-a068-c454b2e7ea6a@gmx.net>
Date: Wed, 03 May 2017 11:15:03 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAAF6GDcKZj9F-eKAeVj0Uw4aX_EgQ4DuJczL4=fsaFyG9Yjcgw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="BCNt5k9BiMNIiFinQE5PRFO8w6bgXDsT7"
X-Provags-ID: V03:K0:apQQaNFlKm7oyDj29i3eMKmchSlrh2ZrB6dmNlJFGBR+lztnEo8 JoK/gmoafXcDlvddyxxkQ71CQjgAoqgPUFr6pPogGhDv7w/CUwTYQ9N4QZZ3VsWfBGacj1Z ++8ld7i6sjZ8LaH+txMDb4NadV3bFBbvSEd+tWfzanNuYAuC5myCXcyupt/y0Vv1mHl2mkO sMuqZScBjcQiHaQs4FVMQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:0G1nvrqWc7w=:9reI+hUO8fp6IQed1YRoxS qYJHRngofkBBCCCh0u74xKfkpARAQ1T4UR5/zZYp+2ZZ4hBB3QfwD0niqaRqrs9/QgL6Q1UTX CX4ADH6VXM/4GigXmJyQR3AjsvY1pCRqWdjvyYoLSGXCE+PMiWgsLFsp4Q7OMNBsQ6YiNoBSy t8N2jy7Mxjh+UTvQJ5OAL3jJY/TLE3OWhm2q4WZ53W2tV+PWENhdNw2+5YFaVD+JrX+M3NtOK zaB+JW3e+mUfQF7R0dVXP+CDMwJjjwPusSHuLVCBQgmTVCZoUj8TrYNDp4FkWGEx3kTp6mjRS MRKovFW0F3xVrnsXwG8mA1tUvSpQUrPoJL2KABypV77QcWXXVwrC9nW8I/Mia7ldD2PPYrO+6 FwD3StGvhtfSdEYhiREySw9NsoUjV4rjLoZyPeVwaA74yeRnFubcwA17HUdj6qMIa/cEw5Lxa 8juGPS5waJpxK53al8geoYFHcVhO/suky2cia/ZaeruhU82lq4gS7+UmZHt05Lj80l4xYIVeC RH+rV1/2wxDEYWx8Pyuv2R7BH5yoxc6cZMYVZ1aXFbbZQ0rA+9+TC/Ef3EET2JJyrdnbCZU8B S4mAEIJshT0FsImWRtn1k3rV5PEjhKcB7BmP07mZV6GN7NgZ3d1ApYpNeTp6VAVrBD1CFhSZr oMIK7TQCctaMKXf1GGv/90Buel67G/kM3rJ5CKbmaWlxAPIZ+Z6CR6fyYM4k5nVT9avOHqsMJ IKfVUH5bcsPSyHhRBRebFfUL5u+8x9UMt7+hz8YmQQZ0LzcPlNmCQ3urDV0=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AY5Wf26wmxEPgPOfL5KYZBsDppE>
Subject: Re: [TLS] Security review of TLS1.3 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 09:17:53 -0000

Hi Colm,

thanks for your review.

I disagree with your assessment in a few places.

First, talk about tickets and point out that distributing the session
key for encrypting the ticket content (Session Ticket Encryption Keys
(STEKs)) is a challenge and raises security concerns. You point to
Akamai CDN and their huge number of hosts.

The TLS 1.3 ticket concept combines three types of tickets approaches
standardized for earlier versions of TLS, namely session resumption
(which caches keys on both sides), and RFC 5077, which allows you to use
self-contained tokens aka tickets in the style of Kerberos tickets.
Finally, you could use RFC 5077 with references to tickets but you loose
the stateless nature (since you have to write keys, and other necessary
parameters in a database).

Which approach is best depends on your infrastructure.

When you use TLS in your environment you need to make a few decisions
about the algorithms you want to support, key lengths, etc. You also
have to determine what ticket concept you want. Maybe the right decision
for a deployment that has to synchronize STEKs across so many hosts
isn't a great idea.

Second, you talk about 0-RTT and replay attacks. In a 0-RTT exchange you
cannot rely on the nonce exchange for replay protection (as it was done
in earlier TLS versions). Instead, you have to rely on other replay
protection mechanisms, and taking the application semantic into account
is obvious approach. Clearly 0-RTT is not applicable to all environments
and hence the spec contains a warning: "Protocols MUST NOT use 0-RTT
data without a profile that defines its use."

What I could, however, imagine is to add either in the TLS handshake or
at the application layer something like a timestamp or a sequence number
so that the server-side can check for replays. This is what has been
done with other security protocols in the past. Is the TLS layer the
right place or the application layer? Hard to say.

Minor issues:

You also suggest that 0-RTT supports PFS. The definition of PFS
unfortunately is not super helpful here when there are so many keys in
play. The PFS definition talks about the loss of the long-term key. What
you care about is the potential loss of the STEKs, which is not a
long-term key.

You write: "Any client that attempts to use a ticket multiple times will
also likely leak the obfuscated_ticket_age value, which is intended to
be secret." The obfuscated_ticket_age is not secret - it is sent in the
clear. What is supposed to be kept confidential is the ticket age. I
have been wondering myself what the privacy value of the
obfuscated_ticket_age, and the ticket age is and I am still not
convinced that it provides much benefit.

Ciao
Hannes

PS: You talk about OATH in this paragraph:

"
To avoid simple spoofing risks, many such systems perform throttling
post-authentication. For example the request may be signed
cryptographically (see the AWS SIGv4 signing protocol or the OATH
signing process), that signature is verified prior to throttling. This
post-authentication property is one reason why such protocols are
designed to be extremely fast to verify, which often means as much
cryptography as possible must be pre-computed, making random nonces
infeasible in many cases.
"

What you actually mean is OAuth (OATH is a different effort also related
to earlier IETF work on one-time-passwords). Your reference points to an
old OAuth specification that has been replaced by OAuth 2.0, which does
not use the same application layer signing anymore.

On 05/02/2017 04:44 PM, Colm MacCárthaigh wrote:
> On Sunday at the TLS:DIV workshop I presented a summary of findings of a
> security review we did on TLS1.3 0-RTT, as part of implementing 1.3 in
> s2n. Thanks to feedback in the room I've now tightened up the findings
> from the review and posted them as an issue on the draft GitHub repo:
> 
> https://github.com/tlswg/tls13-spec/issues/1001
> 
> I'll summarize the summary: Naturally the focus was on forward secrecy
> and replay. On forward secrecy the main finding was that it's not
> necessary to trade off Forward Secrecy and 0-RTT. A single-use session
> cache can provide it, and with the modification that ekr has created
> in https://github.com/tlswg/tls13-spec/pull/998
> <https://github.com/tlswg/tls13-spec/pull/998> , such a cache works for
> both pre-auth and post-auth tickets, and it allows clients to build up
> pools of meaningfully distinct tickets.
> 
> There's also an observation there that it should really be that clients
> "MUST" use tickets only once. Any re-use likely discloses the obfuscated
> ticket age, which is intended to be secret. Right now it's a "SHOULD". 
> 
> On replay, the main finding is that what's in the draft is not workably
> secure, and the review includes 5 different attacks against 0-RTT data
> to illustrate that. Attacks 1 and 2 show that the kind of replay
> permitted by the draft is very different from the kind of replay
> permitted by dkg's existing downgrade-and-retry attack. I also go over
> why it very very difficult to many applications to achieve that
> idempotency, and why one idempotency pattern actually relies on
> non-replayable messages. 
> 
> Attack 3 shows that idempotency is not sufficient, applications must
> also be free of measurable side-effects, which is not practical.  Attack
> 4 shows that 0-RTT breaks a common security mechanism:
> spoofing-resistant throttles. Attack 5 shows that 0-RTT replay-ability
> enables an additional form of traffic analysis. 
> 
> The recommendation in the review is that implementations "MUST" prevent
> replays of 0-RTT section, with some additional discussion about why the
> existing advice is unlikely to be followed, and why consistent
> interoperability matters here. 
> 
> Unfortunately, I wasn't aware until Friday that this review would be
> coming so late in the TLD1.3 draft process, and my apologies for that. I
> am now planning to attend the future WG in-person meetings and look
> forward to seeing many of you there. 
> 
> -- 
> Colm
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email