IETF Logo Mail Archive

Re: [xmpp] IQ Handling vulnerabilities

Waqas Hussain <waqas20@gmail.com> Fri, 07 February 2014 16:40 UTC

Return-Path: <waqas20@gmail.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EFF21A0500 for <xmpp@ietfa.amsl.com>; Fri, 7 Feb 2014 08:40:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9t9iRpGJMxt for <xmpp@ietfa.amsl.com>; Fri, 7 Feb 2014 08:40:16 -0800 (PST)
Received: from mail-ve0-x230.google.com (mail-ve0-x230.google.com [IPv6:2607:f8b0:400c:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id 0BC801A01B9 for <xmpp@ietf.org>; Fri, 7 Feb 2014 08:40:15 -0800 (PST)
Received: by mail-ve0-f176.google.com with SMTP id oz11so2904571veb.7 for <xmpp@ietf.org>; Fri, 07 Feb 2014 08:40:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=QYIppubNE75dK7uSXelw9jgvzoxKmGJa/9gEOJDbiZA=; b=XmzRNZuaErn0t0SBuEsp3w5i/aEC2HvssO3OUZBRPE8WkYOO6wvinzVrarfY08uUrj MwkWFvlDBWPexw5fO1U6h0b+fI5H2vHLSUZVwRBhnEvU/Ux7244vkaBrWvg+6jggoEWW Uky0/7RSABWrkE47+gazjNfDrJ1mn6Iyqj+EGA0lPvIssbVu3Uw0fgOhgBgMqkwqeOy7 Dg6hpPHRSKdKUKW+RAXQ6pMdw6ecwtutYi86cBM7KLhnNyXClyPMw3W7ywzK/21UakkO f/Hp3bFuOC6CNCBtmnOQ7kVnS2J6c6gmWLp7MiP/crd6ZpHe+L+X1K5HKGKd8C1ceTIg Yj/A==
X-Received: by 10.220.164.80 with SMTP id d16mr10968586vcy.15.1391791215739; Fri, 07 Feb 2014 08:40:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.74.104 with HTTP; Fri, 7 Feb 2014 08:39:55 -0800 (PST)
In-Reply-To: <CAOb_Fnx31sVsQMZxG7E0gpv+gSNwfSuOPcEhsCZ2mJS2zFqh_Q@mail.gmail.com>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com> <2F5E925F-021D-408E-91D9-3CC5BEB6BEC6@nostrum.com> <48F4D361-4403-47E6-862D-FBDDDEBCC642@xnyhps.nl> <CF1A369C.38BE2%jhildebr@cisco.com> <CAKHUCzyCwKbmnUoXLHW=XzYbiFrcg-dQsDojGUnA-_r3qK+_Vg@mail.gmail.com> <CAOb_Fnx31sVsQMZxG7E0gpv+gSNwfSuOPcEhsCZ2mJS2zFqh_Q@mail.gmail.com>
From: Waqas Hussain <waqas20@gmail.com>
Date: Fri, 07 Feb 2014 11:39:55 -0500
Message-ID: <CALm9TZ-+fYOpQVPX4KxEP6RXhMJJGDy-_bGR3KzLQA+aGd5U0w@mail.gmail.com>
To: Kevin Smith <kevin@kismith.co.uk>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Ben Campbell <ben@nostrum.com>, XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 16:40:19 -0000

On Fri, Feb 7, 2014 at 10:57 AM, Kevin Smith <kevin@kismith.co.uk> wrote:
> On Fri, Feb 7, 2014 at 3:50 PM, Dave Cridland <dave@cridland.net> wrote:
>> On Fri, Feb 7, 2014 at 3:10 PM, Joe Hildebrand (jhildebr)
>> <jhildebr@cisco.com> wrote:
>>>
>>> On 2/7/14 2:46 AM, "Thijs Alkemade" <thijs@xnyhps.nl> wrote:
>>>
>>> >The property we really want from ids is that predicting the next one(s)
>>> >given
>>> >some historic ones is hard.
>>>
>>> (as individual)
>>>
>>> I agree with everything you said to this point.  However, I think we need
>>> to strengthen this a little: we want to ensure predicting the next one(s)
>>> in *any* way is hard.
>>>
>>> Luckily using the from address also mitigates this need slightly for some
>>> of the use cases.
>>
>>
>> What are the attacks possible against an entity using predictable stanza
>> ids, but which otherwise acts properly (ie, checks to/from on responses,
>> etc)?
>>
>> I'm a bit confused - if an entity isn't checking the to/from of the
>> responses, then sure there's a slew of attacks possible. If it *also* has
>> predictable ids, then the attacks are easier - but they're the same attacks.
>> Aren't they?
>
> Yes and no. By far the biggest issue here is the stanza-faking one,
> and predictable ids are a part of what's needed to make the simplest
> attack, but aren't actually the broken bit.
>
> There are various unlikely (and arguably unimportant, I suppose)
> issues around being able to observe where in a stream a client is. As
> an incredibly contrived example, client A shows client B an id that
> means "You are the first person I'm sending a message to this session"
> and user A says to user B "I'm busy chatting to C in another window".
>

I'll note that cryptographically secure randomness comes with a cost.
With many operating systems (e.g., Linux) generating tons of truly
random IDs (/dev/random) will lead to a system constantly starved for
entropy (and no, /dev/urandom is not cryptographically secure in
Linux). If crypto-level randomness is not required, then your IDs are
predictable. It's harder than incrementing counters, but not by much.

If the problem here is that something simple like incrementing IDs
leak state across remote JIDs, then a simple solution is to use a
separate incrementing counter for separate remote JIDs. A CSPRNG is
unnecessary and expensive.

--
Waqas Hussain

v2.23.0 | Report a Bug | By Email