[VIPR] Hashing the Caller-ID to increase privacy in PVP
Marc Petit-Huguenin <petithug@acm.org> Tue, 18 October 2011 19:46 UTC
Return-Path: <petithug@acm.org>
X-Original-To: vipr@ietfa.amsl.com
Delivered-To: vipr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 159C221F8D14 for <vipr@ietfa.amsl.com>;
Tue, 18 Oct 2011 12:46:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.149
X-Spam-Level:
X-Spam-Status: No, score=-102.149 tagged_above=-999 required=5 tests=[AWL=0.451,
BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3D0NIV95X9VP for
<vipr@ietfa.amsl.com>; Tue, 18 Oct 2011 12:46:34 -0700 (PDT)
Received: from implementers.org (implementers.org
[IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with
ESMTP id 4806C21F8CC9 for <vipr@ietf.org>;
Tue, 18 Oct 2011 12:46:34 -0700 (PDT)
Received: from [IPv6:2001:470:1f05:616:213:d4ff:fe04:3e08] (shalmaneser.org
[IPv6:2001:470:1f05:616:213:d4ff:fe04:3e08]) (using TLSv1 with cipher
AES256-SHA (256/256 bits)) (Client CN "petithug", Issuer "implementers.org"
(verified OK)) by implementers.org (Postfix) with ESMTPS id 04B6A204AD for
<vipr@ietf.org>; Tue, 18 Oct 2011 19:38:39 +0000 (UTC)
Message-ID: <4E9DD795.2090603@acm.org>
Date: Tue, 18 Oct 2011 12:46:29 -0700
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.23) Gecko/20111010 Iceowl/1.0b2 Icedove/3.1.15
MIME-Version: 1.0
To: "vipr@ietf.org" <vipr@ietf.org>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: [VIPR] Hashing the Caller-ID to increase privacy in PVP
X-BeenThere: vipr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Verification Involving PSTN Reachability working group <vipr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vipr>,
<mailto:vipr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vipr>
List-Post: <mailto:vipr@ietf.org>
List-Help: <mailto:vipr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vipr>,
<mailto:vipr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2011 19:46:35 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 During the last conference call, the proposal for using hash to protect the privacy of the caller in VIPR was summarily dismissed. I would like to give it another shot. The idea is that when using method "a", the Caller-ID is hashed using the bcrypt hash algorithm[1], and the resulting hash is passed in the login of the SRP-TLS transaction. On the PVP server side the code retrieves the list of all calls made to the called number (which is in clear), extracts the salt from the hash, rehashes the Caller-ID of the calls selected, and selects the most recent call that have a Caller-ID that matches the hash received. Now a VIPR domain that would want to now the Caller-ID of the callers of a specific phone number will have to hash a good part of the E.164 space to have a chance to find the Caller-ID. If the target is a 1800 number, so the attacker can restrict the search space to the +1 prefix, it will need to hash in average half this space, which is something like 1.3 billion numbers. The beauty of the bcrypt algorithm is that the number of rekeying rounds is configurable, and so it can be increased as the hardware becomes faster. For example on my computer, it takes 1.3 ms to hash a US number when using 2^4 rounds, but 100 ms when using 2^10 rounds. That means that it will take 4 years to hash half of the USA phone numbers on one processor (adding more processors decreases the hash time linearly). The number of rounds could be a parameter of the VIPR overlay. Here's what the login could look like: a:vs=7f5a8630b6365bf2;op=$2a$10$uhNBlMT5O063n5/YMlg3Y.xTmZuHMeAFbSxhwSacX87aujFxPvoxG;tp=+16504614667;r=1000; Exercise for the skeptical: Make a phone call to the originating phone number in this example... [1] http://www.usenix.org/event/usenix99/provos/provos.pdf - -- Marc Petit-Huguenin Personal email: marc@petit-huguenin.org Professional email: petithug@acm.org Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6d15QACgkQ9RoMZyVa61d02gCdFQ9UrUPImamyFj5XJTqUTY7R OFkAoI178ri6Mjpx32LDVtXpmYOb8ldM =Rvv3 -----END PGP SIGNATURE-----
- [VIPR] Hashing the Caller-ID to increase privacy … Marc Petit-Huguenin