Re: [VoT] Security Problem with Primary Credential Usage

Julian White <jwhite@nu-d.com> Fri, 13 May 2016 07:53 UTC

Return-Path: <jwhite@nu-d.com>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7B412D0E9 for <vot@ietfa.amsl.com>; Fri, 13 May 2016 00:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nu-d.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gQTwG1R7S9cm for <vot@ietfa.amsl.com>; Fri, 13 May 2016 00:53:17 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEE0212D0E6 for <vot@ietf.org>; Fri, 13 May 2016 00:53:16 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id g17so15776764wme.1 for <vot@ietf.org>; Fri, 13 May 2016 00:53:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nu-d.com; s=nud; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6RORb0DYnSBJNzOdTLb6sr1ZvTuJq7Izca782DuAoU8=; b=TRyLYx1C0g55PSrikZ/Wtk7dS37wPQTPnV47SEQfp7M9yY9LrY38qtdIGVf4qn3Yve drUVfjoYNc4yVR8Ggr7idyjUoub+dw86k2G1B1fd70DdzSHZAWTbYMk7XEbkvCnTSa34 2qeWP91THnc87VOuymOH9KKwch68AHLzbZJ7s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6RORb0DYnSBJNzOdTLb6sr1ZvTuJq7Izca782DuAoU8=; b=FFscqPasckStmG3xIrUkeRvoI8WHQWAkeWPiHHyrbWm9r023Akf3TU8IEEVVmRs+rH sDqaiBbdA95uKl679Z6ijPE3Py2D+nldficKEfA9RPRc9NNVabTZlrQAjNV+NJJ3rwv/ uwk52E4gi8IrA2UvyaIKyL4bib9gJ3dNXtwx+kJb0fwVhcM7IPAo1b6jRbpByrWgpxRz x8TuRAwxUPH+5xqxAYnjL2fRR7qCPY2hWw/9VI9ggaQpK6gDa2jmVjWnojnV3QMuDHQb ho4yi0CvnUOAWB69zCvBNwicJt5T9TygwT2c7KBAoBUIFtRSZIXt0GKkk2lQ0ZX0qm84 BIRQ==
X-Gm-Message-State: AOPr4FWTPjGDxPNi1Mmlb5kxBApzwZDlxNHCT9BKQlf//hL2GXzf5lUXF9DnAExZVjZAFvOmecH74/PclP7qlUYn
X-Received: by 10.194.223.41 with SMTP id qr9mr14081115wjc.61.1463125995497; Fri, 13 May 2016 00:53:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.202.130 with HTTP; Fri, 13 May 2016 00:52:55 -0700 (PDT)
In-Reply-To: <CAL4gWiJJtsEPk=5+vrtQpx4zsV04jjtZPh0CpxZs7cPBJxJa5w@mail.gmail.com>
References: <1523279479.20160508222427@CryptoPhoto.com> <CAL4gWiJDg4CDFpwGm-AAJXig9f8HXYNyCRUrm+yirs5ntSfiNw@mail.gmail.com> <753DBE1F-3891-4BB6-811B-5B8682A81A28@mit.edu> <CAL4gWiJJtsEPk=5+vrtQpx4zsV04jjtZPh0CpxZs7cPBJxJa5w@mail.gmail.com>
From: Julian White <jwhite@nu-d.com>
Date: Fri, 13 May 2016 08:52:55 +0100
Message-ID: <CAL4gWiLS+Z15QApwLTiLw4rT8xQW4ALQL5aP6BD0=m6RxvMLSg@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary=001a11c3a52a3941690532b491b3
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/vqixmoJ1aTmO7YTAkaIglOeIl_o>
Cc: Chris <cnd@geek.net.au>, vot@ietf.org
Subject: Re: [VoT] Security Problem with Primary Credential Usage
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 07:53:20 -0000

Justin,

For my own clarity, can the RP pass a request for a specific trustmark, or
list of trustmarks that it will accept? The text seems to imply that they
will get whatever trustmark the IdP sends and have to make a decision based
on that each time. In reality, since the evaluation of the trustmark is a
cumbersome manual process I suspect RP's will whitelist trustmarks that
they will accept so then it seems inefficient for and IdP to return a
response under a trustmark the RP won't accept.

Thanks,

Julian.

On 12 May 2016 at 19:49, Julian White <jwhite@nu-d.com>; wrote:

> That makes sense, tho that didn't come across in the description of the
> trustmark.
>
> Julian
> On 12 May 2016 19:45, "Justin Richer" <jricher@mit.edu>; wrote:
>
>> We explicitly left those kinds of things out of the vector as they’d
>> really be related to the IdP itself and not the authentication transaction
>> to which the VoT refers. In other words, the security of the IdP is related
>> to the trust framework and assessment of the IdP and it can be published as
>> part of the IdP’s discovery documents and associated trust marks. This is
>> information that is going to remain the same regardless of the transaction.
>>
>> This is also part of why you need to have a trustmark context to
>> interpret the VoT in.
>>
>>  — Justin
>>
>> On May 12, 2016, at 11:11 AM, Julian White <jwhite@nu-d.com>; wrote:
>>
>> Hi,
>>
>> I have a number of comments and questions (see attached), many of which
>> are related to the issues raised by Chris, some maybe my misunderstanding
>> coming in half way through the drafting tho.
>>
>> I, like Chris, also think there needs to be something more explicit
>> around the "security" of the IdP authentication which includes the measures
>> to try and detect 'odd' things (like MITM). I would also go one step
>> further in that I also want to know about the maturity of the IdP's
>> "security", its of no use to me if they have really good credentials but
>> store all the data in the clear on their website or have a load of
>> administrative back-doors that could let anyone generate a valid
>> authentication response.
>>
>> It feels like we need to do more work in this area.
>>
>> Regards,
>>
>> Julian.
>>
>> On 8 May 2016 at 13:24, Chris <cnd@geek.net.au>; wrote:
>>
>>> Hi All,
>>>
>>> I think there is a critical flaw in section 3.2 of
>>> https://tools.ietf.org/html/draft-richer-vectors-of-trust-02 (Primary
>>> Credential Usage)
>>>
>>> Mutual-authentication is missing.  When no provision is made to prevent
>>> man-in-the-middle, credential harvesting, spoof, phishing, malware, or
>>> other common threats, this renders all possible vectors C0, Ca, Cb, Cd, Ce,
>>> Cf, and others *equally* untrustworthy.
>>>
>>> We should consider inclusion either for the overall strength of the
>>> authentication process, or some breakdown of either all the techniques used
>>> or the strength of protection employed to thwart at least common attack
>>> scenarios.
>>>
>>> This problem gets tricky quite fast:
>>>
>>> Do we identify the authentication technology vendor? (if yes - who works
>>> out their resistance strength to common attacks?  what about different
>>> modes?)
>>> Do we broadly identify the techniques (whos opinions count as to whether
>>> or not the technique is effective and against what threats?)
>>> Do we identify or classify the threats and indicate which ones were
>>> mitigated (who should be trusted to decide if these really were mitigated?)
>>>
>>> For example - tamper-proof hardware digital certificate devices with
>>> biometrics unlocks are totally useless, if the user paid no attention to a
>>> broken SSL warning, or has malware.  They're also equally useless in most
>>> corporate environments that use deep-packet inspection firewalls - and
>>> "unexpected certificates" (eg. from DPI or malicious) carry their own
>>> privacy problems (eg: passwords are not as "protected" as you think).  Much
>>> more common authentication "protection" of course, are two-step or sms one
>>> time codes - which are equally useless when an end user can be tricked into
>>> revealing them to spoof sites.
>>>
>>> 91% of successful break-ins start from phishing.  Right now, every
>>> vector is pointing one way - we need at least one "Vector of Trust" to
>>> point *back* the other way!
>>>
>>> How about a 5th vector - "S" for "Security", which somehow allows an RP
>>> a level of confidence in the protection afforded to the user's actual
>>> authentication process, in terms of (or at least considering) a wide range
>>> of (and all common) modern threats.
>>>
>>> Chris.
>>>
>>> _______________________________________________
>>> vot mailing list
>>> vot@ietf.org
>>> https://www.ietf.org/mailman/listinfo/vot
>>>
>>>
>> <draft-richer-vectors-of-trust-02.docx>
>> _______________________________________________
>> vot mailing list
>> vot@ietf.org
>> https://www.ietf.org/mailman/listinfo/vot
>>
>>
>>