Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Messaging Layer Security and stuff @ IETF105
Search
sylph01
August 30, 2019
Technology
0
990
Messaging Layer Security and stuff @ IETF105
Presented at IETF 105 Report Session @ ISOC-JP
https://www.isoc.jp/wiki.cgi?page=IETF105Update
sylph01
August 30, 2019
Tweet
Share
More Decks by sylph01
See All by sylph01
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.5k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
100
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
490
Introduction to C Extensions
sylph01
3
200
"Actual" Security in Microcontroller Ruby!?
sylph01
0
140
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
64
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
300
Adding Security to Microcontroller Ruby
sylph01
3
3.6k
Secure Messaging at IETF 118
sylph01
0
110
Other Decks in Technology
See All in Technology
CDKコード品質UP!ナイスな自作コンストラクタを作るための便利インターフェース
harukasakihara
2
230
Snowflake Intelligenceという名のAI Agentが切り開くデータ活用の未来とその実現に必要なこと@SnowVillage『Data Management #1 Summit 2025 Recap!!』
ryo_suzuki
1
160
OpenTelemetryセマンティック規約の恩恵とMackerel APMにおける活用例 / SRE NEXT 2025
mackerelio
3
2k
対話型音声AIアプリケーションの信頼性向上の取り組み
ivry_presentationmaterials
3
1k
振り返りTransit Gateway ~VPCをいい感じでつなげるために~
masakiokuda
3
210
United™️ Airlines®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedguide
0
800
今だから言えるセキュリティLT_Wordpress5.7.2未満を一斉アップデートせよ
cuebic9bic
2
170
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
110
CDK Vibe Coding Fes
tomoki10
1
630
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
flyaahelpguide
0
240
助けて! XからWaylandに移行しないと新しいGNOMEが使えなくなっちゃう 2025-07-12
nobutomurata
2
200
AI Ready API ─ AI時代に求められるAPI設計とは?/ AI-Ready API - Designing MCP and APIs in the AI Era
yokawasa
6
1.7k
Featured
See All Featured
Facilitating Awesome Meetings
lara
54
6.5k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.7k
Scaling GitHub
holman
460
140k
Designing for humans not robots
tammielis
253
25k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
How to train your dragon (web standard)
notwaldorf
96
6.1k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Making Projects Easy
brettharned
116
6.3k
Transcript
Messaging Layer Security, and other security related stuff Ryo Kajiwara
@ lepidum IETF105 Report Session, ISOC-JP
None
Messaging Layer Security (mls)
աڈʹͨ͠ࢿྉʹ͍ͭͯ ݕࡧͯ͠ग़ͯ͘Δࢿྉʹࢲ͕2018/8ʹͨ͠ࢿྉ͕ग़͖ͯ·͢ ͕ɺ۩ମతͳํࣜʹ͔ؔͯ͠ͳΓଟ͘ͷΞοϓσʔτ͕ೖͬͯ ͍·͢ɻ֓આ෦ʹؔͯ͠एׯͦΕΛྲྀ༻͍ͯ͠·͢ɻ https:/ /speakerdeck.com/sylph01/messaging-layer-security ۩ମతʹݴ͏ͱɺ17൪ͷεϥΠυҎ߱ͷ༰΄ͱΜͲݱࡏͷ υϥϑτʹ͍ͬͯ·ͤΜɻπϦʔͷܭࢉʹؔͯ͠Asynchronous Ratchet Treeͷ֓೦͚ͩࠓͷυϥϑτͰ͋Δఔ௨༻͠·͢ɻ
͜ΕԿʁ ෳਓͷάϧʔϓʹ͓͚ΔηΩϡΞϝοηʔδϯάͷͨΊͷ伴ަ ͷํ๏Λඪ४Խ͠Α͏ɺͱ͍͏Internet-Draft -> Working Groupɻ ͘͢͝ฏ͍ͨ͘͏ͱɺάϧʔϓνϟοτΛEnd-to-End҉߸Խ͢Δ ํ๏Λඪ४Խ͠Α͏ͥɺͱ͍͏༰ɻ
ηΩϡΞϝοηʔδϯάʁ ࠷ۙͷϝοηʔδϯάαʔϏεEnd-to-End҉߸Խ͕ී௨Ͱ͢ɻ • Signalʢ͕͜͜͠Γʣ • Facebook Messenger • WhatsApp •
LINE ͳͲEnd-to-End҉߸ԽΛطʹऔΓೖΕ͍ͯ·͢ɻ
WG Charter͔Βཁ ҎԼͷੑ࣭Λ࣋ͭάϧʔϓ伴ͷ߹ҙɾϝοηʔδอޢΛඞཁͱ͢ ΔΞϓϦέʔγϣϯ͕ଟ͘ଘࡏ͢ΔͨΊɺͦΕΛ࣮ݱ͍ͨ͠: ϝοηʔδͷൿີੑɺϝοηʔδͷશੑɾೝূɺϝϯόʔͷೝ ূɺඇಉظੑɺForward SecrecyɺPost-Compromise Securityɺε έʔϥϏϦςΟ
είʔϓʹ͍ͭͯ • ֤ϕϯμʔಠࣗϓϩτίϧͰ࣮ݱ͍ͯ͠ΔͨΊɺࣗͷϓϩ τίϧɾελοΫΛಠཱʹҡ࣋ཧ͢Δඞཁ͕͋Γɺ݁Ռͱ͠ ͯಠཱʹ࣭อূΛ͢Δඞཁ͕͋Δɻ • MLSϝοηʔδͷηΩϡϦςΟ෦ʹ͍ͭͯڞ௨ͷํ๏Λఏ ࣔ͢Δ͜ͱͰɺϓϩτίϧͷਖ਼ੑɾ҆શੑͷݕূ݁ՌΛڞ༗ Ͱ͖Δ͜ͱΛࢦ͢(shared validation
of the protocol)ɻ • 伴߹ҙҎ্ͷϝοηʔδϯάΞϓϦέʔγϣϯͷ interoperability/federationΛఏڙ͢ΔͷͰͳ͍
ඇಉظੑ(asynchronous usage) ͜͜Ͱ͍͏ʮඇಉظੑʯͱɺ2ਓͷϢʔβʔ͕ಉ࣌ʹΦϯϥΠϯ Ͱ͋Δ͜ͱΛཁٻ͢ΔΑ͏ͳMLSͷoperation͕ଘࡏ͍͚ͯ͠ͳ ͍ɺͱ͍͏ੑ࣭ͷ͜ͱɻ
Forward Secrecy ௨৴ϓϩτίϧͷੑ࣭Ͱɺظ伴(long-term key)ͷ࿐ʹΑͬͯա ڈͷηογϣϯΩʔͷ҆શੑ͕ࣦΘΕͳ͍ɺͱ͍͏ੑ࣭ɻ ʮաڈͷηογϣϯΩʔʯͷ҆શੑͳͷʹʮForwardʯʁˠϝο ηʔδΛૹͬͨ͋ͱকདྷʹΘͨͬͯηογϣϯΩʔͷ࿐ʹ͑ Δɺͱ͍͏ੑ࣭͔ͩΒɻ TLSͷจ຺ͰͷFSͱಉٛɻ·ͨɺ"Perfect" Forward
Secrecyͱ Forward SecrecyҰൠʹಉٛɻ
Post-Compromise Security ݫີͳఆٛͱͯ͠ "On Ends-to-Ends Encryption: Asynchronous Group Messaging with
Strong Security Guarantees" (Cohn-Gordon et al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ άϧʔϓϝϯόʔͷશͳঢ়ଶ(ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴) ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ ϓͷձ͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost- compromise securityΛ࣋ͭɺͱ͍͏ɻ FS/PCSmls-architectureͷ3.2.2.1Ͱఆٛ͞Ε͍ͯΔɻ
Documents • draft-ietf-mls-architecture-02 • draft-ietf-mls-protocol-07 • draft-omara-mls-federation-00
mls-architecture
લఏ • full messaging protocolͷ࣮Λҙਤ͍ͯ͠ͳ͍ (<-> XMPP) • wire encodingͷఆٛͰͳ͘ɺநతͳσʔλߏͷΈΛఆٛ
• άϧʔϓͷنas large as thousands
ׂ Messaging Service2ͭͷabstract serviceΛఏڙ͢Δ: • Authentication Service: long-term identityͷཧ •
long-term identity keyͷσΟεΧόϦʔαʔϏε • Delivery Service: ϝοηʔδͷड৴ͱ࠶ • ϝοηʔδͦͷͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴 ߹ҙʹඞཁͳkeying materialͷͷׂߦ͏ ಉҰαʔόʔͰΑ͍͕ɺׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ
ηΩϡϦςΟલఏͷิ 2.3.5: ΦϑϥΠϯͷϝϯόʔ͕ݹ͍伴Λ͍࣋ͬͯͨΒForward Secrecy/ Post-Compromise SecurityͷલఏͰ͋Δkeying materialͷআ/ஔ ෆՄೳɻMLS͜ͷͷରԠߦΘͳ͍(࣮Ͱղܾ͠Ζɺ ͱ͍͏͜ͱ͔)ɻ
ཁ݅ (Ұ෦ൈਮ) • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous) • एׯͷϝοηʔδϩε͕ൃੜͯ͠permanent exclusionʹͭͳ ͕Βͳ͍ •
ϚϧνσόΠεରԠ • ཤྺͷ෮ݩFS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ ڐՄ͠ͳ͍͕ଞͷํࣜͰΔ͜ͱߟ͑ΒΕΔ
ཁ݅ (Ұ෦ൈਮɺଓ͖) • ϖΠϩʔυͷϑΥʔϚοτΛԾఆ͠ͳ͍ • ෳͷMLS࣮͕federation͢Δ͜ͱ͋ΓಘΔ • ͕charterͱͯ͠είʔϓ֎ɺmls-federationͰ͍ͬͯΔ ༷ •
কདྷόʔδϣϯͱͷޓੑ
ηΩϡϦςΟཁ݅ • ΫϥΠΞϯτͱαʔόʔͷؒͷ௨৴TLSͳͲͰ҉߸Խ͞Ε͍ͯ Δ͜ͱΛԾఆ͢Δ͕ɺτϥϯεϙʔτͷcompromiseʹASʹ ΑΔidentity keys͕దʹೝূ͞Ε͍ͯΔݶΓ͑Δ • DSάϧʔϓͷprivate contentͷΞΫηεΛ࣋ͨͳ͍(ཧऀ ͕ϝοηʔδΛ͖ݟΔ͜ͱͰ͖ͳ͍)
• ϝϯόʔͷՃ/আ: MLSଞͷϝϯόʔʹΒͤΔ͜ͱͳ͘ϝ ϯόʔͷՃ/আΛߦ͏͜ͱΛڐՄ͠ͳ͍(ϓϩτίϧͷΈ ্ͦ͏ͳ͍ͬͯΔ)
mls-protocol
(എܠ)2 partiesͷ߹ղܾࡁΈ Signal Messaging ProtocolͰ༻͍ΒΕ͍ͯΔDouble Ratchetํࣜɻ "Ratchet"ʮҰਐΜͩΒΒͳ͍ʯͷͷྫ͑Ͱɺ҉߸ʹ ͓͚Δ"Ratchet"ͱϋογϡؔΛͬͯʮ৽͍͔͠Βաڈͷ ΛܭࢉͰ͖ͳ͍Α͏ʹͯ͠伴Λಋग़͢ΔʯΈͷ͜ͱɻ ͷΑ͏ʹͯ͠ϝοηʔδ͝ͱʹ伴Λߋ৽͢Δɻ
(എܠ)ʮͨ͘͞ΜʯͷࢀՃऀͷ߹͠ ΜͲ͍ Α͘औΒΕΔํ๏ɺطʹཱ͍֬ͯ͠ΔνϟϯωϧΛ௨ͯ͠ ʮsender keyʯΛҰํతʹbroadcastɺ֤ࢀՃऀͦͷʮsender keyʯͰ҉߸Խͨ͠ϝοηʔδΛૹ৴͢Δɺͱ͍͏ͷɻ "hash ratchet"Λ͏͜ͱͰForward Secrecy࣮ݱͰ͖Δ͕ɺҰ 伴͕ഁΒΕΔͱ伴Λߋ৽͢Δͷʹಉ͡ํ๏ΛΘͳͯ͘ͳΒ
ͣɺpost-compromise security͕ͳ͍ͱ͍͑Δɻ
Ͳ͏࣮ͬͯݱ͢Δʁ
None
None
None
None
Ͳ͏ͬͯάϧʔϓͷڞ༗ൿ ີΛ҆શʹڞ༗͢Δʁ ެ։伴҉߸(Diffie-Hellman)Ͱɺʮࣗͷൿີ伴ʯʴʮଞͷϝϯόʔ ͷൿີ伴ʯΛͬͯڞ༗ൿີΛಋग़͢Δɻશһͷൿີ伴Λ͍͍ͪ ͪ͏ͱܭࢉίετ͕ߴ͍ͷͰπϦʔߏΛऔ͍ͬͯΔɻ Asynchronous Ratchet Treeͱ͍͏Έ͕͜Εʹ૬͢Δ͕ɺҰൠ ੑΛอͭͨΊdraft-01͔Β"Ratchet Tree"ͱ͍͏ޠʹมߋ͞Ε͍ͯ
Δɻ
None
WG activity @ IETF 105
User Authentication Within Groups https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-mls- sessa-user-authentication-within-groups-00.pdf SignalͰظ伴͔ΒϩάΠϯ༻QRίʔυΛੜ͍ͯ͠Δɻ͜ΕͰ Post-Compromise Security͕ͳ͍ɻ
Epoch-Level Authenticationʢಛఆͷ࣌ͰͷΈ༗ޮͳϩάΠϯ༻ QRίʔυΛੜʣͷಋೖͱͦͷํ๏ͷఏҊɻ
Protocol Enhancements • group secretͷߋ৽ΛͰ͖ΔݶΓdefer͍ͨ͠ • ݱࡏgroupͷՃͷࡍʹϝοηʔδϯάͷ༗ແʹؔΘΒͣ group secretͷߋ৽͕ߦΘΕɺ݁ՌେྔͷDHԋࢉ͕ൃੜ͢Δ •
add/update/removeఆ࣌ؒͰࡁΉΑ͏ʹͳΔ͚ΕͲ ratchetʢsecretͷߋ৽ʣͷίετ͕ߴ͍ɺͱ͍͏τϨʔυΦ ϑ͕͋Δ
Protocol Enhancements • Server-Initiated Add • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ (Welcomeinit secretΛؚΉͷͰෆՄೳ) •
ݱࡏUser-Initiated AddͱGroup-Initiated AddผͷΈΛ ͍ͬͯΔ͕ɺinit secretඇಉظԽͰ͖Ε౷ҰͰ͖Δ͠ɺ ೝূ͞ΕͨϝϯόʔWelcomeΛ߹Ͱ͖ΔΑ͏ʹͳΔ • ͨͩ͠DH-like constructionͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ ʹՃ͑ͯݕূ͕͠ΜͲͦ͏
ਐḿ mls-protocol • draft-08: 10݄ͷinterim • draft-09: 11݄ͷIETF 106 •
WGLCΛࢦ͢ͱͷ͜ͱ
ࠓޙಈͷupdateΛ ใࠂ͍͚ͯ͠Εͱࢥ ͍·͢ ͋ͱάϧʔϓ伴߹ҙʹ͍ͭͯݹయతͳconstructionҎ֎Λ༻͍Δํ ๏͋Γͦ͏…ʁ
None
Other Security Related Topics
IoTؔͷ(teep, suit, rats)ଞͷํ͕͠Ό Δͱࢥ͏ͷͰলུ
oauth.xyz (࣮ࡍʹ͜ͷ໊લΛURLόʔʹಥͬࠐΉͱαΠτ͕ग़ͯ͘Δ) OAuth 2.0ଟ͘ͷϢʔεέʔεΛΧόʔͨ͠ΓηΩϡϦςΟ্ͷ ΛΧόʔ͢ΔͨΊʹଟ͘ͷ֦ு͕ग़͖͚ͯͨΕͲɺಉ͡ Λෳͷํ๏Ͱղܾ͢ΔΑ͏ͳෳࡶੑΛੜΈग़ͯ͠͠·ͬͨɻ τϥϯβΫγϣϯϞσϧ(Ұͭͷtransaction IDΛத৺ʹɺػೳΛ ͚͍ͯ͘͠߹τϥϯβΫγϣϯʹ伴ΛՃ͍ͯ͘͠ɺͱ͍ ͏ํࣜ)Ͱཧ͠ͳ͓ͦ͏ɺͱ͍͏ࢼΈɻ
Dragonblood ANRWͷinvited talkɻWPA3ͷDragonflyϋϯυγΣΠΫʹαΠυ νϟωϧ߈ܸ੬ऑੑ͕͋Γ·͢ɺͱ͍͏ɻ ύεϫʔυΛପԁۂઢ͋Δ͍༗ݶମ্ͷཁૉʹม͢Δࡍ(hash- to-curve/group)ͷ࣮͕·ͣ͘ɺύεϫʔυʹΑͬͯࢼߦճ͕ม Θͬͯ͠·͏ͨΊɺ࣮ߦ࣌ؒΛଌఆ͢Δ͜ͱͰύεϫʔυಛఆͷ ͨΊͷใΛऔΓग़ͤΔɻ ͳ͓ɺ͜ͷൃදͷ͋ͱ͞ΒʹՃͰCVE-2019-13377/13456͕ಉ ҰஶऀʹΑΓൃද͞Εͨɻ
TLS 1.3 Impact on Network Based Security Solutions TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏
յΕΔ͔ͷ·ͱΊɻյΕΔ͔Βͤɺͱ͍͏ओுͰͳ͘ɺӨڹ ൣғΛ໌Β͔ʹ͢Δ͜ͱΛతͱ͍ͯ͠Δͷɻʢͱ͍͑ɺଟ ͦ͏͍͏ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢ Δ͜ͱΛࢦ͍ͯ͠Δɻ https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-tls- sessb-tls-impact-on-network-security-00
ଟೖΓ͖Βͳ͍ͱࢥ͏DNS ؔࠓճׂѪ • ANRW: Oblivious DNS, Who Is Answering My
Queries (DNS interceptionͷଌఆ), What Can You Learn from an IP? • dnsop • add (Applications Doing DNS) Ͳ͔͜Ͱެ։༧ఆʁ