Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Messaging Layer Security and stuff @ IETF105

Avatar for sylph01 sylph01
August 30, 2019

Messaging Layer Security and stuff @ IETF105

Presented at IETF 105 Report Session @ ISOC-JP https://www.isoc.jp/wiki.cgi?page=IETF105Update

Avatar for sylph01

sylph01

August 30, 2019
Tweet

More Decks by sylph01

Other Decks in Technology

Transcript

  1. Post-Compromise Security ݫີͳఆٛͱͯ͠͸ "On Ends-to-Ends Encryption: Asynchronous Group Messaging with

    Strong Security Guarantees" (Cohn-Gordon et al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ άϧʔϓϝϯόʔͷ׬શͳঢ়ଶ(௕ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴) ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ ϓͷձ࿩͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost- compromise securityΛ࣋ͭɺͱ͍͏ɻ FS/PCS͸mls-architectureͷ3.2.2.1Ͱ΋ఆٛ͞Ε͍ͯΔɻ
  2. ໾ׂ Messaging Service͸2ͭͷabstract serviceΛఏڙ͢Δ: • Authentication Service: long-term identityͷ؅ཧ •

    long-term identity keyͷσΟεΧόϦʔαʔϏε • Delivery Service: ϝοηʔδͷड৴ͱ࠶഑෍ • ϝοηʔδͦͷ΋ͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴 ߹ҙʹඞཁͳkeying materialͷ഑෍ͷ໾ׂ΋ߦ͏ ಉҰαʔόʔͰ΋Α͍͕ɺ໾ׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ
  3. ཁ݅ (Ұ෦ൈਮ) • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous) • एׯͷϝοηʔδϩε͕ൃੜͯ͠΋permanent exclusionʹͭͳ ͕Βͳ͍ •

    ϚϧνσόΠεରԠ • ཤྺͷ෮ݩ͸FS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ͸ ڐՄ͠ͳ͍͕ଞͷํࣜͰ΍Δ͜ͱ͸ߟ͑ΒΕΔ
  4. Protocol Enhancements • Server-Initiated Add • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ (Welcome͸init secretΛؚΉͷͰෆՄೳ) •

    ݱࡏ͸User-Initiated AddͱGroup-Initiated Add͸ผͷ࢓૊ΈΛ ࢖͍ͬͯΔ͕ɺinit secret΋ඇಉظԽͰ͖Ε͹౷ҰͰ͖Δ͠ɺ ೝূ͞Εͨϝϯόʔ͸WelcomeΛ߹੒Ͱ͖ΔΑ͏ʹͳΔ • ͨͩ͠DH-like construction΁ͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ ʹՃ͑ͯݕূ͕͠ΜͲͦ͏
  5. TLS 1.3 Impact on Network Based Security Solutions TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏

    յΕΔ͔ͷ·ͱΊɻյΕΔ͔Β௚ͤɺͱ͍͏ओுͰ͸ͳ͘ɺӨڹ ൣғΛ໌Β͔ʹ͢Δ͜ͱΛ໨తͱ͍ͯ͠Δ΋ͷɻʢͱ͸͍͑ɺଟ ෼ͦ͏͍͏࿩΋ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢ Δ͜ͱΛ໨ࢦ͍ͯ͠Δɻ https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-tls- sessb-tls-impact-on-network-security-00
  6. ଟ෼ೖΓ͖Βͳ͍ͱࢥ͏DNS ؔ܎͸ࠓճ͸ׂѪ • ANRW: Oblivious DNS, Who Is Answering My

    Queries (DNS interceptionͷଌఆ), What Can You Learn from an IP? • dnsop • add (Applications Doing DNS) Ͳ͔͜Ͱެ։༧ఆʁ