Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Messaging Layer Security and stuff @ IETF105
Search
sylph01
August 30, 2019
Technology
0
790
Messaging Layer Security and stuff @ IETF105
Presented at IETF 105 Report Session @ ISOC-JP
https://www.isoc.jp/wiki.cgi?page=IETF105Update
sylph01
August 30, 2019
Tweet
Share
More Decks by sylph01
See All by sylph01
Adding Security to Microcontroller Ruby
sylph01
1
170
Secure Messaging at IETF 118
sylph01
0
36
Adventures in the Dungeons of OpenSSL
sylph01
0
310
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
200
Build and Learn Rails Authentication
sylph01
8
1.8k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
180
DNS Encryption and Its Controversies
sylph01
0
630
Email, Messaging, and SSI/DID (再放送)
sylph01
0
1.2k
Action Mailbox in Action
sylph01
1
3k
Other Decks in Technology
See All in Technology
拓展QA日常工作的邊界
line_developers_tw
PRO
0
620
Google Cloud Next '24 Recap in ZOZO AIにより変わる開発 運用/Development and operation changed by AI
gachimuchiengineer
0
210
サービス開発におけるVue3とTypeScriptの親和性について
tsukuha
10
1.8k
Deno で作る快適な “as Code” プラットフォーム – TSKaigi 2024
pizzacat83
4
320
Taking Flight with Tailwind CSS
opdavies
0
4.3k
B2C、B2B プロダクトマネジメントの違い(および思考の罠) / B2C, B2B PM and reduction fallacy
ykmc09
5
2.5k
Real World Type Puzzle and Code Generation
yukukotani
4
640
エムスリーマルチデバイスチーム紹介資料 / Introduction of M3 Multi Device Team
m3_engineering
1
170
TDD - Test Driven Drupal
opdavies
0
3k
Domain-driven Design: A Complete Example
ewolff
2
260
エンジニアゼロの組織から内製開発の DX をどう実現したのか / How did we achieve DX in in-house development in an organization with zero engineers?
genkiogasawara
7
3.1k
Dungeons and Dragons and Rails
joelq
0
250
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
26
5.9k
Side Projects
sachag
451
41k
BBQ
matthewcrist
80
8.8k
GraphQLとの向き合い方2022年版
quramy
33
13k
Rails Girls Zürich Keynote
gr2m
91
13k
What's in a price? How to price your products and services
michaelherold
238
11k
Typedesign – Prime Four
hannesfritz
36
2.1k
Clear Off the Table
cherdarchuk
86
310k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
26
2.3k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
Agile that works and the tools we love
rasmusluckow
325
20k
Transcript
Messaging Layer Security, and other security related stuff Ryo Kajiwara
@ lepidum IETF105 Report Session, ISOC-JP
None
Messaging Layer Security (mls)
աڈʹͨ͠ࢿྉʹ͍ͭͯ ݕࡧͯ͠ग़ͯ͘Δࢿྉʹࢲ͕2018/8ʹͨ͠ࢿྉ͕ग़͖ͯ·͢ ͕ɺ۩ମతͳํࣜʹ͔ؔͯ͠ͳΓଟ͘ͷΞοϓσʔτ͕ೖͬͯ ͍·͢ɻ֓આ෦ʹؔͯ͠एׯͦΕΛྲྀ༻͍ͯ͠·͢ɻ https:/ /speakerdeck.com/sylph01/messaging-layer-security ۩ମతʹݴ͏ͱɺ17൪ͷεϥΠυҎ߱ͷ༰΄ͱΜͲݱࡏͷ υϥϑτʹ͍ͬͯ·ͤΜɻπϦʔͷܭࢉʹؔͯ͠Asynchronous Ratchet Treeͷ֓೦͚ͩࠓͷυϥϑτͰ͋Δఔ௨༻͠·͢ɻ
͜ΕԿʁ ෳਓͷάϧʔϓʹ͓͚ΔηΩϡΞϝοηʔδϯάͷͨΊͷ伴ަ ͷํ๏Λඪ४Խ͠Α͏ɺͱ͍͏Internet-Draft -> Working Groupɻ ͘͢͝ฏ͍ͨ͘͏ͱɺάϧʔϓνϟοτΛEnd-to-End҉߸Խ͢Δ ํ๏Λඪ४Խ͠Α͏ͥɺͱ͍͏༰ɻ
ηΩϡΞϝοηʔδϯάʁ ࠷ۙͷϝοηʔδϯάαʔϏεEnd-to-End҉߸Խ͕ී௨Ͱ͢ɻ • Signalʢ͕͜͜͠Γʣ • Facebook Messenger • WhatsApp •
LINE ͳͲEnd-to-End҉߸ԽΛطʹऔΓೖΕ͍ͯ·͢ɻ
WG Charter͔Βཁ ҎԼͷੑ࣭Λ࣋ͭάϧʔϓ伴ͷ߹ҙɾϝοηʔδอޢΛඞཁͱ͢ ΔΞϓϦέʔγϣϯ͕ଟ͘ଘࡏ͢ΔͨΊɺͦΕΛ࣮ݱ͍ͨ͠: ϝοηʔδͷൿີੑɺϝοηʔδͷશੑɾೝূɺϝϯόʔͷೝ ূɺඇಉظੑɺForward SecrecyɺPost-Compromise Securityɺε έʔϥϏϦςΟ
είʔϓʹ͍ͭͯ • ֤ϕϯμʔಠࣗϓϩτίϧͰ࣮ݱ͍ͯ͠ΔͨΊɺࣗͷϓϩ τίϧɾελοΫΛಠཱʹҡ࣋ཧ͢Δඞཁ͕͋Γɺ݁Ռͱ͠ ͯಠཱʹ࣭อূΛ͢Δඞཁ͕͋Δɻ • MLSϝοηʔδͷηΩϡϦςΟ෦ʹ͍ͭͯڞ௨ͷํ๏Λఏ ࣔ͢Δ͜ͱͰɺϓϩτίϧͷਖ਼ੑɾ҆શੑͷݕূ݁ՌΛڞ༗ Ͱ͖Δ͜ͱΛࢦ͢(shared validation
of the protocol)ɻ • 伴߹ҙҎ্ͷϝοηʔδϯάΞϓϦέʔγϣϯͷ interoperability/federationΛఏڙ͢ΔͷͰͳ͍
ඇಉظੑ(asynchronous usage) ͜͜Ͱ͍͏ʮඇಉظੑʯͱɺ2ਓͷϢʔβʔ͕ಉ࣌ʹΦϯϥΠϯ Ͱ͋Δ͜ͱΛཁٻ͢ΔΑ͏ͳMLSͷoperation͕ଘࡏ͍͚ͯ͠ͳ ͍ɺͱ͍͏ੑ࣭ͷ͜ͱɻ
Forward Secrecy ௨৴ϓϩτίϧͷੑ࣭Ͱɺظ伴(long-term key)ͷ࿐ʹΑͬͯա ڈͷηογϣϯΩʔͷ҆શੑ͕ࣦΘΕͳ͍ɺͱ͍͏ੑ࣭ɻ ʮաڈͷηογϣϯΩʔʯͷ҆શੑͳͷʹʮForwardʯʁˠϝο ηʔδΛૹͬͨ͋ͱকདྷʹΘͨͬͯηογϣϯΩʔͷ࿐ʹ͑ Δɺͱ͍͏ੑ࣭͔ͩΒɻ TLSͷจ຺ͰͷFSͱಉٛɻ·ͨɺ"Perfect" Forward
Secrecyͱ Forward SecrecyҰൠʹಉٛɻ
Post-Compromise Security ݫີͳఆٛͱͯ͠ "On Ends-to-Ends Encryption: Asynchronous Group Messaging with
Strong Security Guarantees" (Cohn-Gordon et al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ άϧʔϓϝϯόʔͷશͳঢ়ଶ(ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴) ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ ϓͷձ͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost- compromise securityΛ࣋ͭɺͱ͍͏ɻ FS/PCSmls-architectureͷ3.2.2.1Ͱఆٛ͞Ε͍ͯΔɻ
Documents • draft-ietf-mls-architecture-02 • draft-ietf-mls-protocol-07 • draft-omara-mls-federation-00
mls-architecture
લఏ • full messaging protocolͷ࣮Λҙਤ͍ͯ͠ͳ͍ (<-> XMPP) • wire encodingͷఆٛͰͳ͘ɺநతͳσʔλߏͷΈΛఆٛ
• άϧʔϓͷنas large as thousands
ׂ Messaging Service2ͭͷabstract serviceΛఏڙ͢Δ: • Authentication Service: long-term identityͷཧ •
long-term identity keyͷσΟεΧόϦʔαʔϏε • Delivery Service: ϝοηʔδͷड৴ͱ࠶ • ϝοηʔδͦͷͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴 ߹ҙʹඞཁͳkeying materialͷͷׂߦ͏ ಉҰαʔόʔͰΑ͍͕ɺׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ
ηΩϡϦςΟલఏͷิ 2.3.5: ΦϑϥΠϯͷϝϯόʔ͕ݹ͍伴Λ͍࣋ͬͯͨΒForward Secrecy/ Post-Compromise SecurityͷલఏͰ͋Δkeying materialͷআ/ஔ ෆՄೳɻMLS͜ͷͷରԠߦΘͳ͍(࣮Ͱղܾ͠Ζɺ ͱ͍͏͜ͱ͔)ɻ
ཁ݅ (Ұ෦ൈਮ) • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous) • एׯͷϝοηʔδϩε͕ൃੜͯ͠permanent exclusionʹͭͳ ͕Βͳ͍ •
ϚϧνσόΠεରԠ • ཤྺͷ෮ݩFS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ ڐՄ͠ͳ͍͕ଞͷํࣜͰΔ͜ͱߟ͑ΒΕΔ
ཁ݅ (Ұ෦ൈਮɺଓ͖) • ϖΠϩʔυͷϑΥʔϚοτΛԾఆ͠ͳ͍ • ෳͷMLS࣮͕federation͢Δ͜ͱ͋ΓಘΔ • ͕charterͱͯ͠είʔϓ֎ɺmls-federationͰ͍ͬͯΔ ༷ •
কདྷόʔδϣϯͱͷޓੑ
ηΩϡϦςΟཁ݅ • ΫϥΠΞϯτͱαʔόʔͷؒͷ௨৴TLSͳͲͰ҉߸Խ͞Ε͍ͯ Δ͜ͱΛԾఆ͢Δ͕ɺτϥϯεϙʔτͷcompromiseʹASʹ ΑΔidentity keys͕దʹೝূ͞Ε͍ͯΔݶΓ͑Δ • DSάϧʔϓͷprivate contentͷΞΫηεΛ࣋ͨͳ͍(ཧऀ ͕ϝοηʔδΛ͖ݟΔ͜ͱͰ͖ͳ͍)
• ϝϯόʔͷՃ/আ: MLSଞͷϝϯόʔʹΒͤΔ͜ͱͳ͘ϝ ϯόʔͷՃ/আΛߦ͏͜ͱΛڐՄ͠ͳ͍(ϓϩτίϧͷΈ ্ͦ͏ͳ͍ͬͯΔ)
mls-protocol
(എܠ)2 partiesͷ߹ղܾࡁΈ Signal Messaging ProtocolͰ༻͍ΒΕ͍ͯΔDouble Ratchetํࣜɻ "Ratchet"ʮҰਐΜͩΒΒͳ͍ʯͷͷྫ͑Ͱɺ҉߸ʹ ͓͚Δ"Ratchet"ͱϋογϡؔΛͬͯʮ৽͍͔͠Βաڈͷ ΛܭࢉͰ͖ͳ͍Α͏ʹͯ͠伴Λಋग़͢ΔʯΈͷ͜ͱɻ ͷΑ͏ʹͯ͠ϝοηʔδ͝ͱʹ伴Λߋ৽͢Δɻ
(എܠ)ʮͨ͘͞ΜʯͷࢀՃऀͷ߹͠ ΜͲ͍ Α͘औΒΕΔํ๏ɺطʹཱ͍֬ͯ͠ΔνϟϯωϧΛ௨ͯ͠ ʮsender keyʯΛҰํతʹbroadcastɺ֤ࢀՃऀͦͷʮsender keyʯͰ҉߸Խͨ͠ϝοηʔδΛૹ৴͢Δɺͱ͍͏ͷɻ "hash ratchet"Λ͏͜ͱͰForward Secrecy࣮ݱͰ͖Δ͕ɺҰ 伴͕ഁΒΕΔͱ伴Λߋ৽͢Δͷʹಉ͡ํ๏ΛΘͳͯ͘ͳΒ
ͣɺpost-compromise security͕ͳ͍ͱ͍͑Δɻ
Ͳ͏࣮ͬͯݱ͢Δʁ
None
None
None
None
Ͳ͏ͬͯάϧʔϓͷڞ༗ൿ ີΛ҆શʹڞ༗͢Δʁ ެ։伴҉߸(Diffie-Hellman)Ͱɺʮࣗͷൿີ伴ʯʴʮଞͷϝϯόʔ ͷൿີ伴ʯΛͬͯڞ༗ൿີΛಋग़͢Δɻશһͷൿີ伴Λ͍͍ͪ ͪ͏ͱܭࢉίετ͕ߴ͍ͷͰπϦʔߏΛऔ͍ͬͯΔɻ Asynchronous Ratchet Treeͱ͍͏Έ͕͜Εʹ૬͢Δ͕ɺҰൠ ੑΛอͭͨΊdraft-01͔Β"Ratchet Tree"ͱ͍͏ޠʹมߋ͞Ε͍ͯ
Δɻ
None
WG activity @ IETF 105
User Authentication Within Groups https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-mls- sessa-user-authentication-within-groups-00.pdf SignalͰظ伴͔ΒϩάΠϯ༻QRίʔυΛੜ͍ͯ͠Δɻ͜ΕͰ Post-Compromise Security͕ͳ͍ɻ
Epoch-Level Authenticationʢಛఆͷ࣌ͰͷΈ༗ޮͳϩάΠϯ༻ QRίʔυΛੜʣͷಋೖͱͦͷํ๏ͷఏҊɻ
Protocol Enhancements • group secretͷߋ৽ΛͰ͖ΔݶΓdefer͍ͨ͠ • ݱࡏgroupͷՃͷࡍʹϝοηʔδϯάͷ༗ແʹؔΘΒͣ group secretͷߋ৽͕ߦΘΕɺ݁ՌେྔͷDHԋࢉ͕ൃੜ͢Δ •
add/update/removeఆ࣌ؒͰࡁΉΑ͏ʹͳΔ͚ΕͲ ratchetʢsecretͷߋ৽ʣͷίετ͕ߴ͍ɺͱ͍͏τϨʔυΦ ϑ͕͋Δ
Protocol Enhancements • Server-Initiated Add • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ (Welcomeinit secretΛؚΉͷͰෆՄೳ) •
ݱࡏUser-Initiated AddͱGroup-Initiated AddผͷΈΛ ͍ͬͯΔ͕ɺinit secretඇಉظԽͰ͖Ε౷ҰͰ͖Δ͠ɺ ೝূ͞ΕͨϝϯόʔWelcomeΛ߹Ͱ͖ΔΑ͏ʹͳΔ • ͨͩ͠DH-like constructionͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ ʹՃ͑ͯݕূ͕͠ΜͲͦ͏
ਐḿ mls-protocol • draft-08: 10݄ͷinterim • draft-09: 11݄ͷIETF 106 •
WGLCΛࢦ͢ͱͷ͜ͱ
ࠓޙಈͷupdateΛ ใࠂ͍͚ͯ͠Εͱࢥ ͍·͢ ͋ͱάϧʔϓ伴߹ҙʹ͍ͭͯݹయతͳconstructionҎ֎Λ༻͍Δํ ๏͋Γͦ͏…ʁ
None
Other Security Related Topics
IoTؔͷ(teep, suit, rats)ଞͷํ͕͠Ό Δͱࢥ͏ͷͰলུ
oauth.xyz (࣮ࡍʹ͜ͷ໊લΛURLόʔʹಥͬࠐΉͱαΠτ͕ग़ͯ͘Δ) OAuth 2.0ଟ͘ͷϢʔεέʔεΛΧόʔͨ͠ΓηΩϡϦςΟ্ͷ ΛΧόʔ͢ΔͨΊʹଟ͘ͷ֦ு͕ग़͖͚ͯͨΕͲɺಉ͡ Λෳͷํ๏Ͱղܾ͢ΔΑ͏ͳෳࡶੑΛੜΈग़ͯ͠͠·ͬͨɻ τϥϯβΫγϣϯϞσϧ(Ұͭͷtransaction IDΛத৺ʹɺػೳΛ ͚͍ͯ͘͠߹τϥϯβΫγϣϯʹ伴ΛՃ͍ͯ͘͠ɺͱ͍ ͏ํࣜ)Ͱཧ͠ͳ͓ͦ͏ɺͱ͍͏ࢼΈɻ
Dragonblood ANRWͷinvited talkɻWPA3ͷDragonflyϋϯυγΣΠΫʹαΠυ νϟωϧ߈ܸ੬ऑੑ͕͋Γ·͢ɺͱ͍͏ɻ ύεϫʔυΛପԁۂઢ͋Δ͍༗ݶମ্ͷཁૉʹม͢Δࡍ(hash- to-curve/group)ͷ࣮͕·ͣ͘ɺύεϫʔυʹΑͬͯࢼߦճ͕ม Θͬͯ͠·͏ͨΊɺ࣮ߦ࣌ؒΛଌఆ͢Δ͜ͱͰύεϫʔυಛఆͷ ͨΊͷใΛऔΓग़ͤΔɻ ͳ͓ɺ͜ͷൃදͷ͋ͱ͞ΒʹՃͰCVE-2019-13377/13456͕ಉ ҰஶऀʹΑΓൃද͞Εͨɻ
TLS 1.3 Impact on Network Based Security Solutions TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏
յΕΔ͔ͷ·ͱΊɻյΕΔ͔Βͤɺͱ͍͏ओுͰͳ͘ɺӨڹ ൣғΛ໌Β͔ʹ͢Δ͜ͱΛతͱ͍ͯ͠Δͷɻʢͱ͍͑ɺଟ ͦ͏͍͏ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢ Δ͜ͱΛࢦ͍ͯ͠Δɻ https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-tls- sessb-tls-impact-on-network-security-00
ଟೖΓ͖Βͳ͍ͱࢥ͏DNS ؔࠓճׂѪ • ANRW: Oblivious DNS, Who Is Answering My
Queries (DNS interceptionͷଌఆ), What Can You Learn from an IP? • dnsop • add (Applications Doing DNS) Ͳ͔͜Ͱެ։༧ఆʁ