IETF Logo Mail Archive

Re: [TLS] Security review of TLS1.3 0-RTT

Kyle Nekritz <knekritz@fb.com> Thu, 04 May 2017 21:28 UTC

Return-Path: <prvs=62970e18b2=knekritz@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9A7129502 for <tls@ietfa.amsl.com>; Thu, 4 May 2017 14:28:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.731
X-Spam-Level:
X-Spam-Status: No, score=-0.731 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=i5SITW9i; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=Wi34fq3q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOJQaIL_DDQJ for <tls@ietfa.amsl.com>; Thu, 4 May 2017 14:28:06 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F151F120227 for <tls@ietf.org>; Thu, 4 May 2017 14:28:02 -0700 (PDT)
Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v44LLbC5002692; Thu, 4 May 2017 14:28:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=td62ue6J0SwwlKoF8CX8Nu1535C/2Wji8UkjmLR5g4o=; b=i5SITW9ixw7VqCDxUgbE/mftR+gEbuF+CPG+GepkUCAXu1c61KB5RnUdXlKWw+QIX7M4 CTyDc6HCbQWwbZQ/EGx3QM9/WgSYXJugTDGhPyJ/y7QfC/A0ITcQ5rj9zoPjQfrXfXr5 3GLrNbrnBK+ltoKrFaCrwRFoTceGqHiFlzw=
Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2a87hw17ff-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 04 May 2017 14:28:02 -0700
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.31) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 4 May 2017 17:28:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=td62ue6J0SwwlKoF8CX8Nu1535C/2Wji8UkjmLR5g4o=; b=Wi34fq3qAJWdwPRLZAoYDwrv/H2RGsTmMvBPvTFQFIdvsOCE08sszi/h1t2DYDihOLcxYIVWhFJGNN1H2sq6mGusI9wrWcHYJr53mpai8iUYkTWqkR1HvwJU+6DCzTRKtf/y8bkcVIh861qOW7fK5/jLctfFb6A8/ScqSs+RgWI=
Received: from MWHPR15MB1182.namprd15.prod.outlook.com (10.175.2.136) by MWHPR15MB1182.namprd15.prod.outlook.com (10.175.2.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1061.12; Thu, 4 May 2017 21:27:41 +0000
Received: from MWHPR15MB1182.namprd15.prod.outlook.com ([10.175.2.136]) by MWHPR15MB1182.namprd15.prod.outlook.com ([10.175.2.136]) with mapi id 15.01.1061.022; Thu, 4 May 2017 21:27:41 +0000
From: Kyle Nekritz <knekritz@fb.com>
To: Eric Rescorla <ekr@rtfm.com>, Colm MacCárthaigh <colm@allcosts.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Security review of TLS1.3 0-RTT
Thread-Index: AQHSw1NWfzhsEfLgEUy3mG3N+R1DLqHjghwAgADwDPA=
Date: Thu, 04 May 2017 21:27:40 +0000
Message-ID: <MWHPR15MB11825419AF296AE7EC26F3BDAFEA0@MWHPR15MB1182.namprd15.prod.outlook.com>
References: <CAAF6GDcKZj9F-eKAeVj0Uw4aX_EgQ4DuJczL4=fsaFyG9Yjcgw@mail.gmail.com> <CABcZeBNcnW9zEPZ4mEje1_ejR3npNFz65rw-6qUPn7cQt1Nz9w@mail.gmail.com>
In-Reply-To: <CABcZeBNcnW9zEPZ4mEje1_ejR3npNFz65rw-6qUPn7cQt1Nz9w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=fb.com;
x-originating-ip: [2620:10d:c091:200::2:713]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1182; 7:8WEyvmxt2v4Ya/ize5sYdnD8KgGgzmSSPSUrTSA9FTZMAfxpOSaNnQ63xbfleFZKZAexoApnrES/bwfbUMNnE2IpkNoA5LQYvS6pNbqIXdSwjprOc6y/ZO+W2Dm2edN55qSL7wiuKtGrMpJgeQuDgQjynZmYVp0ikoeHE9650qgdBa0wUbP/tXEtVyYGfXsmCSTIqcmCuNFISBadfdPjkX3eDL8cDNsIKAHIAVSTuWTN4fL1apWditu6mQghw7ZD33+EtG0nnWXEs+sfN54uIBLw4yc9S0Rux0nLN8wmYSoaUc6orBxKw8oovYVOAeKs2DeMhd1igB9opcxnKYdzzA==; 20:lgXoAxRWfX7nhKU+3T/06jKdh1lhU/3lgOnLXerrrMzvaaPIgeDT6Pqo/Kn1mAug2QJlWVLpteMNsK+X+6213Q6dNfDXR6Z7lv8TM7fFffrgvgwRsL8XMOzjHZikmxX7xBAYeUpo9508vPcKESVY52SCiNO4XGBnzbHR4XNqpOQ=
x-ms-office365-filtering-correlation-id: 22953d3b-4a0b-4b07-a784-08d493346555
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR15MB1182;
x-microsoft-antispam-prvs: <MWHPR15MB11826E1244BF153E23D3333AAFEA0@MWHPR15MB1182.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(166708455590820)(192374486261705)(21748063052155)(10436049006162);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123564025)(6072148); SRVR:MWHPR15MB1182; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1182;
x-forefront-prvs: 02973C87BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400002)(39400400002)(39410400002)(39450400003)(39840400002)(24454002)(377454003)(2906002)(77096006)(3660700001)(53546009)(3280700002)(25786009)(54356999)(86362001)(76176999)(50986999)(19609705001)(4326008)(38730400002)(189998001)(6246003)(6506006)(55016002)(99286003)(33656002)(7110500001)(6306002)(6436002)(606005)(53936002)(54896002)(9686003)(7696004)(7906003)(236005)(74316002)(2950100002)(2900100001)(8936002)(7736002)(102836003)(5660300001)(6116002)(15650500001)(122556002)(81166006)(478600001)(2420400007)(8676002)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1182; H:MWHPR15MB1182.namprd15.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR15MB11825419AF296AE7EC26F3BDAFEA0MWHPR15MB1182namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2017 21:27:41.0654 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1182
X-OriginatorOrg: fb.com
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-04_14:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/a_mBamgUiMkbCGPzMQm_7LuJy1o>
Subject: Re: [TLS] Security review of TLS1.3 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 21:28:10 -0000

> 1. A SHOULD-level requirement for server-side 0-RTT defense, explaining both session-cache and strike register styles and the merits of each.

First, a point of clarification, I think two issues have been conflated in this long thread:
1) Servers rejecting replayed 0-RTT data (using a single use session cache/strike register/replay cache/some other method)

There are definitely cases (i.e. application profiles) where this should be done. I think a general case HTTPS server is one. But I don’t think this is strictly necessary across the board (for every application using 0-RTT at all). DNS was brought up earlier in this thread as an example of a protocol that is likely quite workable without extra measures to prevent replay.

We already state “Protocols MUST NOT use 0-RTT data without a profile that defines its use.”. We could also describe methods that may be used to provide further replay protection. But I don’t think it’s appropriate to make a blanket requirement that *all* application protocols should require it.

I also consider it quite misleading to say TLS 1.3 is insecure without such a recommendation. Uses of TLS can be insecure, that does not mean the protocol itself is. It’s insecure to use TLS without properly authenticating the server. Some users of TLS do not do this correctly. I’d actually argue that it is easier to mess this up than it is to mess up a 0-RTT deployment (and it can result in worse consequences). That doesn’t mean we should require a particular method of authentication, for all uses of TLS.

2) Preventing clients from sending 0-RTT data multiple times (on separate connections) using the same PSK (for forward secrecy reasons)

I think this should be allowed. Otherwise, clients will not be able to retry 0-RTT requests that fail due to an unknown network error prior to receiving a NST (if they are out of cached PSKs). I’d expect the need for these retries to be larger with 0-RTT data, particularly when 0-RTT data is sent without even a transport roundtrip (in the case of TFO or QUIC). Servers are definitely not required to accept multiple 0-RTT connections using the same PSK, but I don’t think clients should be banned from attempting.

> 2. Document 0-RTT greasing in draft-ietf-tls-grease

I’m not convinced this is actually a productive thing to do in the same manner as grease, particularly if servers are taking anti-replay measures (in which case I see this being useful in a TLS testing tool like ssllabs, but not in actual deployments). I think we can leave this discussion for later though.

> 3. Adopt PR#448 (or some variant) so that session-id style implementations provide PFS.

Sounds good to me.

> 4. I would add to this that we recommend that proxy/CDN implementations signal which data is 0-RTT and which is 1-RTT to the back-end (this was in Colm's original message).

I’m not sure that the TLS 1.3 spec is the right place to make recommendations for this. I can see several reasonable approaches here, for example:
- Adding some kind of application level annotation (for example an HTTP header)
- Robustly preventing replay on the 0-RTT hop
- Sending proxied early data with a different TLS ContentType, etc.
I don’t see a need to specifically endorse any particular method here.


There was also a point brought up about the use of ticket_age without 0-RTT. I’m not aware of any use for ticket_age other than 0-RTT replay protection. I believe that ticket_age is sent with all PSKs mostly out of convenience/consistency. I don’t really have an objection to the current method, but I also wouldn’t be opposed to moving the ticket age to the early data extension, so that it is only sent along with 0-RTT data.
It also seems a little under-specified what implementations unable to compute a reasonable ticket age should send (for example in the case of a device without a real time clock, or with an external PSK).

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Wednesday, May 3, 2017 11:13 PM
To: Colm MacCárthaigh <colm@allcosts.net>
Cc: tls@ietf.org
Subject: Re: [TLS] Security review of TLS1.3 0-RTT

[Deliberately responding to the OP rather than to anyone in particular]

Hi folks,

I'm seeing a lot of back and forth about general philosophy and the
wisdom of 0-RTT but I think it would be useful if we focused on what
changes, if any, we need to make to the draft.

I made some proposals yesterday
(https://www.ietf.org/mail-archive/web/tls/current/msg23088.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tls_current_msg23088.html&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=_2BECf9OfW1r1aRWrL_pSbQeKMshyOm2NIVWF4GGBI0&s=XgHbUwT6upAsOin4T6P8ePs8i0ZFsnD-_BNvueeq83E&e=>).

Specifically:
1. A SHOULD-level requirement for server-side 0-RTT defense, explaining
both session-cache and strike register styles and the merits of each.

2. Document 0-RTT greasing in draft-ietf-tls-grease

3. Adopt PR#448 (or some variant) so that session-id style implementations
provide PFS.

4. I would add to this that we recommend that proxy/CDN implementations
signal which data is 0-RTT and which is 1-RTT to the back-end (this was in
Colm's original message).

Based on Colm's response, I think these largely hits the points he made
in his original message.

There's already a PR for #3 and I'll have PRs for #1 and #4 tomorrow.
What would be most helpful to me as Editor would be if people could review
these PRs and/or suggest other specific changes that we should make
to the document.

Thanks,
-Ekr




On Tue, May 2, 2017 at 7:44 AM, Colm MacCárthaigh <colm@allcosts.net<mailto:colm@allcosts.net>> wrote:
On Sunday at the TLS:DIV workshop I presented a summary of findings of a security review we did on TLS1.3 0-RTT, as part of implementing 1.3 in s2n. Thanks to feedback in the room I've now tightened up the findings from the review and posted them as an issue on the draft GitHub repo:

https://github.com/tlswg/tls13-spec/issues/1001

I'll summarize the summary: Naturally the focus was on forward secrecy and replay. On forward secrecy the main finding was that it's not necessary to trade off Forward Secrecy and 0-RTT. A single-use session cache can provide it, and with the modification that ekr has created in https://github.com/tlswg/tls13-spec/pull/998 , such a cache works for both pre-auth and post-auth tickets, and it allows clients to build up pools of meaningfully distinct tickets.

There's also an observation there that it should really be that clients "MUST" use tickets only once. Any re-use likely discloses the obfuscated ticket age, which is intended to be secret. Right now it's a "SHOULD".

On replay, the main finding is that what's in the draft is not workably secure, and the review includes 5 different attacks against 0-RTT data to illustrate that. Attacks 1 and 2 show that the kind of replay permitted by the draft is very different from the kind of replay permitted by dkg's existing downgrade-and-retry attack. I also go over why it very very difficult to many applications to achieve that idempotency, and why one idempotency pattern actually relies on non-replayable messages.

Attack 3 shows that idempotency is not sufficient, applications must also be free of measurable side-effects, which is not practical.  Attack 4 shows that 0-RTT breaks a common security mechanism: spoofing-resistant throttles. Attack 5 shows that 0-RTT replay-ability enables an additional form of traffic analysis.

The recommendation in the review is that implementations "MUST" prevent replays of 0-RTT section, with some additional discussion about why the existing advice is unlikely to be followed, and why consistent interoperability matters here.

Unfortunately, I wasn't aware until Friday that this review would be coming so late in the TLD1.3 draft process, and my apologies for that. I am now planning to attend the future WG in-person meetings and look forward to seeing many of you there.

--
Colm

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=_2BECf9OfW1r1aRWrL_pSbQeKMshyOm2NIVWF4GGBI0&s=6GIocGzW6wPK4EAlqDLIirNvsuQj7gWhYG_OzROR2qY&e=>

v2.23.0 | Report a Bug | By Email