Re: [TLS] Selfie attack

Mohit Sethi M <mohit.m.sethi@ericsson.com> Tue, 08 October 2019 19:07 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C45D61200BA for <tls@ietfa.amsl.com>; Tue, 8 Oct 2019 12:07:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QruJm8FlP_xx for <tls@ietfa.amsl.com>; Tue, 8 Oct 2019 12:07:57 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150049.outbound.protection.outlook.com [40.107.15.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EE21120071 for <tls@ietf.org>; Tue, 8 Oct 2019 12:07:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BKJBeT+F+Q7at9aoIpTJ3WBYeC7yqeq2O/nfZ5apiyn1iyl6228hFmCejy4HQtD5r/LLU1zH7knwCAXjNBJyeb0SgJUkmcAQb4HO5IqR9ixQuwGiGHQRZsaX4BKRTkdS+Qyza4OdlaCnUPBH8OQYdokExDeSdebElyI+FhMLxH5FitNibegaORdS74/ZefljAAcXVX9Q0tqcQ4+JSe7G9vzQRkKYMPwWBDX9ISZ6mJtehu3FgByN0A8anoOOeT8VbBfciCvZXgYxazyr9n2j5mmn6tgbJanyySOvAZNTC+vDrSLhtkrk7lnyaSiJFZT3DScAj+G0/6M8BSrG/x8HVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O03rEziaqDLbAlR0b3gLKmGgBLgfHT4eql1ExdO8o/0=; b=AJ0YLcHvtEQFEdpRGe/7KoAZ3SKPbLbve1kRLwiuZ4DXoa+7qnxQqxz5YK8VPPX9D2rjU2r1+ol0oQemPqU4G7S2opTTOt2tD1hDfdEPKCpbodVR8U4foxojwcDCj/ewOT6c1sqYeGl0GSSTt9kHtQbbffcgrcrY+whUzgAOA0DBphBH2PKpgQUV0kngJMoLpqAdfo83yO57xn2TyDpawtRS5RhQutzy9HRnPhbrumZtDr6bzniPFXMH575/0E2c60CkW1Qp2S5Q8p+Q2XXKpd8GRJwkToQLGAPQ9aJo4d/su6i+tZm/SlwGEIoHe4jB6aMk1/6dmvwKt0R21MfT5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O03rEziaqDLbAlR0b3gLKmGgBLgfHT4eql1ExdO8o/0=; b=mjY4PlJvJJBAfde+e9ob67RcOrHoB4hTekzZBG4dcTrgpbvCFeNSAAMMMHc8Is9jEbY6cuf50kF+R6TnIbrp8jMXeYUZOgNV0j6uz400bNY5OF8jQAYFY3BbAvWJ9LLgdBvE4LGaCciIEBsVfIS+/BMmej+DF1tMBXDnE38d2+E=
Received: from DB6PR0701MB2904.eurprd07.prod.outlook.com (10.168.84.145) by DB6PR0701MB2837.eurprd07.prod.outlook.com (10.168.83.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Tue, 8 Oct 2019 19:07:55 +0000
Received: from DB6PR0701MB2904.eurprd07.prod.outlook.com ([fe80::44f6:c300:7e19:6d75]) by DB6PR0701MB2904.eurprd07.prod.outlook.com ([fe80::44f6:c300:7e19:6d75%11]) with mapi id 15.20.2347.015; Tue, 8 Oct 2019 19:07:55 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Christian Huitema <huitema@huitema.net>, Christopher Wood <caw@heapingbits.net>, Mohit Sethi M <mohit.m.sethi@ericsson.com>, "TLS@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Selfie attack
Thread-Index: AQHVfb6JZ9ydCGu6h0WNgLEAne6JU6dQ9FwAgAAizgCAAAS3gA==
Date: Tue, 8 Oct 2019 19:07:55 +0000
Message-ID: <28313e8d-48d1-723e-9548-1e9fb3718491@ericsson.com>
References: <CY4PR1101MB227834A5DF828F000C6D1144DB890@CY4PR1101MB2278.namprd11.prod.outlook.com> <CACykbs2qp0EDa3pGfFpQY6rgruJD1f-6mZ_B5KF8kBkrXD9caw@mail.gmail.com> <CY4PR1101MB227871FEF520A88CF65BADF6DB890@CY4PR1101MB2278.namprd11.prod.outlook.com> <964aab95-1a42-df82-e8e4-cf7ee15ba0f8@ericsson.com> <AE2F1D6C-39AD-4C2F-BE03-FA2F189BBF4B@live.warwick.ac.uk> <896F89B2-37D0-4674-881D-FB9FE4874978@ericsson.com> <FE583332-1915-4B5A-AAAB-AD854CF336B8@live.warwick.ac.uk> <bb410c2a-6836-48a8-ac3d-de395f4c57d8@www.fastmail.com> <a0c560b0-8bca-d843-dac8-57c90c0488de@ericsson.com> <90ddc116-f5d9-4b22-8b80-e31835e09f10@www.fastmail.com> <a70e420c-eeab-b446-57a8-a496a0541f89@huitema.net>
In-Reply-To: <a70e420c-eeab-b446-57a8-a496a0541f89@huitema.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [2001:14bb:140:26ac:193b:4683:69c6:f65d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c9d9a21-a1e6-4934-2754-08d74c22d322
x-ms-traffictypediagnostic: DB6PR0701MB2837:|DB6PR0701MB2837:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DB6PR0701MB2837CDB0029BE6D028B40735D09A0@DB6PR0701MB2837.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2958;
x-forefront-prvs: 01842C458A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(376002)(396003)(39860400002)(366004)(189003)(199004)(11346002)(2501003)(6506007)(53546011)(102836004)(446003)(8676002)(81166006)(186003)(81156014)(46003)(25786009)(76176011)(99286004)(606006)(316002)(8936002)(58126008)(14444005)(6116002)(256004)(71200400001)(71190400001)(2906002)(236005)(6512007)(6436002)(6306002)(54896002)(6486002)(478600001)(6246003)(2616005)(110136005)(66946007)(66476007)(66556008)(14454004)(7736002)(966005)(36756003)(65956001)(229853002)(65806001)(5660300002)(31686004)(86362001)(486006)(66446008)(476003)(76116006)(31696002)(64756008); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0701MB2837; H:DB6PR0701MB2904.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WfNHcww65bh+OJm4O/TaiyFxMYWGr/qEJuMjR+Q34u4dxgILnGI8LyvFSHjwp97nUnAqYqqZN6ToqmrqttddmDN9nSABiPI3XLdcjQe/K4vEyt9OHLD+kp9zMQ9iWOS1ZxeaU1jbO/xzjoLGRvjjR1a/u/AJzErTh4SctTD/TrzrB91pEb8A6jmam8M+b/qAZItE6baoAb962+fwihDn3mMAY63eLRKDG+bRApabOpbNdYWnRWvrb7iH5eJnpPq/H3CnLsKDzkHZWs+D9iB0Lbpp4OnHDPCSe0CmIFJVBaRZK7HtopcFnIO4y8ZUHS4IQM6rP+CQ2Xut/wnHyyuDsOxRsl9dffj+Xsp8HYA44fmQSV9lKE6/M232NDqFCFPuR71BhF+5VFrg4Ic4BHSAMDtbhjQC4Yd7GBs5WehuLuOVnxNfP2yJXOaYGBuCVBdkp8XC3uHw9D1o6NePMhyuxg==
Content-Type: multipart/alternative; boundary="_000_28313e8d48d1723e95481e9fb3718491ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c9d9a21-a1e6-4934-2754-08d74c22d322
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 19:07:55.0324 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1cIxm2Ma3oYuJUj7blOP0N68rXYTV9u8BGJsJgGoQmKKZhflkzePEfzacQfFPl4sTqXs1k9dhhd9vVnyk4XHmoN3o6sA2+KXcISnr5Q/xnk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2837
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SdXSGmcxpZKGd-Dz9Wb2VPz6RX0>
Subject: Re: [TLS] Selfie attack
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2019 19:08:00 -0000

Hi Christian,

It was my poor attempt at explaining the attack. The attack can happen as long as a node sends outbound connections (as a TLS client) and accepts inbound connections (as a TLS server) with the same external PSK and identity. This is likely to happen in some form of group communication but not necessarily.

In such a scenario, a malicious node Eve can fool Alice to open a connection to herself (hence the name Selfie).

Admittedly, UKS/misbinding/selfie are somewhat hard to comprehend sometimes (at least for me).

--Mohit

On 10/8/19 9:51 PM, Christian Huitema wrote:

On 10/8/2019 9:46 AM, Christopher Wood wrote:

On Tue, Oct 8, 2019, at 2:55 AM, Mohit Sethi M wrote:



Hi Chris,

For the benefit of the list, let me summarize that the selfie attack is
only relevant where multiple parties share the same PSK and use the
same PSK for outgoing and incoming connections. These situations are
rather rare, but I accept that TLS is widely used (and sometimes
misused) in many places.


I may be getting old but the way Mohit writes it, it seems that the attack happens when the security of a group relies on a secret shared by all members of the group, and can then be compromised when one of the group members misbehaves. How is that a new threat? If groups are defined by a shared secret, then corruption of a group member reveals that shared secret to the attacker and open the path for all kinds of exploitation. In what sense is the "selfie" attack different from that generic threat?

-- Christian Huitema



_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls