Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Messaging Layer Security and stuff @ IETF105
Search
sylph01
August 30, 2019
Technology
0
1k
Messaging Layer Security and stuff @ IETF105
Presented at IETF 105 Report Session @ ISOC-JP
https://www.isoc.jp/wiki.cgi?page=IETF105Update
sylph01
August 30, 2019
Tweet
Share
More Decks by sylph01
See All by sylph01
Updates on MLS on Ruby (and maybe more)
sylph01
1
180
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
88
PicoRuby's Networking is Incomplete
sylph01
1
43
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.6k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
130
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
600
Introduction to C Extensions
sylph01
3
210
"Actual" Security in Microcontroller Ruby!?
sylph01
0
150
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
72
Other Decks in Technology
See All in Technology
Snowflake Intelligenceにはこうやって立ち向かう!クラシルが考えるAI Readyなデータ基盤と活用のためのDataOps
gappy50
0
290
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
200
新アイテムをどう使っていくか?みんなであーだこーだ言ってみよう / 20250911-rpi-jam-tokyo
akkiesoft
0
370
疎結合でスキーマ駆動開発を実現するイベントバスの設計
hacomono
PRO
0
120
20250912_RPALT_データを集める→とっ散らかる問題_Obsidian紹介
ratsbane666
0
100
Create Ruby native extension gem with Go
sue445
0
140
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
kawabeaver
0
440
AIの最新技術&テーマをつまんで紹介&フリートークするシリーズ:はじめてのローカルLLM
stanaka26
0
110
Codeful Serverless / 一人運用でもやり抜く力
_kensh
7
460
職種の壁を溶かして開発サイクルを高速に回す~情報透明性と職種越境から考えるAIフレンドリーな職種間連携~
daitasu
0
210
KotlinConf 2025_イベントレポート
sony
1
140
20250913_JAWS_sysad_kobe
takuyay0ne
2
260
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
36
6.9k
For a Future-Friendly Web
brad_frost
180
9.9k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Gamification - CAS2011
davidbonilla
81
5.4k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
The Invisible Side of Design
smashingmag
301
51k
Site-Speed That Sticks
csswizardry
10
830
Automating Front-end Workflow
addyosmani
1370
200k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
113
20k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Transcript
Messaging Layer Security, and other security related stuff Ryo Kajiwara
@ lepidum IETF105 Report Session, ISOC-JP
None
Messaging Layer Security (mls)
աڈʹͨ͠ࢿྉʹ͍ͭͯ ݕࡧͯ͠ग़ͯ͘Δࢿྉʹࢲ͕2018/8ʹͨ͠ࢿྉ͕ग़͖ͯ·͢ ͕ɺ۩ମతͳํࣜʹ͔ؔͯ͠ͳΓଟ͘ͷΞοϓσʔτ͕ೖͬͯ ͍·͢ɻ֓આ෦ʹؔͯ͠एׯͦΕΛྲྀ༻͍ͯ͠·͢ɻ https:/ /speakerdeck.com/sylph01/messaging-layer-security ۩ମతʹݴ͏ͱɺ17൪ͷεϥΠυҎ߱ͷ༰΄ͱΜͲݱࡏͷ υϥϑτʹ͍ͬͯ·ͤΜɻπϦʔͷܭࢉʹؔͯ͠Asynchronous Ratchet Treeͷ֓೦͚ͩࠓͷυϥϑτͰ͋Δఔ௨༻͠·͢ɻ
͜ΕԿʁ ෳਓͷάϧʔϓʹ͓͚ΔηΩϡΞϝοηʔδϯάͷͨΊͷ伴ަ ͷํ๏Λඪ४Խ͠Α͏ɺͱ͍͏Internet-Draft -> Working Groupɻ ͘͢͝ฏ͍ͨ͘͏ͱɺάϧʔϓνϟοτΛEnd-to-End҉߸Խ͢Δ ํ๏Λඪ४Խ͠Α͏ͥɺͱ͍͏༰ɻ
ηΩϡΞϝοηʔδϯάʁ ࠷ۙͷϝοηʔδϯάαʔϏεEnd-to-End҉߸Խ͕ී௨Ͱ͢ɻ • Signalʢ͕͜͜͠Γʣ • Facebook Messenger • WhatsApp •
LINE ͳͲEnd-to-End҉߸ԽΛطʹऔΓೖΕ͍ͯ·͢ɻ
WG Charter͔Βཁ ҎԼͷੑ࣭Λ࣋ͭάϧʔϓ伴ͷ߹ҙɾϝοηʔδอޢΛඞཁͱ͢ ΔΞϓϦέʔγϣϯ͕ଟ͘ଘࡏ͢ΔͨΊɺͦΕΛ࣮ݱ͍ͨ͠: ϝοηʔδͷൿີੑɺϝοηʔδͷશੑɾೝূɺϝϯόʔͷೝ ূɺඇಉظੑɺForward SecrecyɺPost-Compromise Securityɺε έʔϥϏϦςΟ
είʔϓʹ͍ͭͯ • ֤ϕϯμʔಠࣗϓϩτίϧͰ࣮ݱ͍ͯ͠ΔͨΊɺࣗͷϓϩ τίϧɾελοΫΛಠཱʹҡ࣋ཧ͢Δඞཁ͕͋Γɺ݁Ռͱ͠ ͯಠཱʹ࣭อূΛ͢Δඞཁ͕͋Δɻ • MLSϝοηʔδͷηΩϡϦςΟ෦ʹ͍ͭͯڞ௨ͷํ๏Λఏ ࣔ͢Δ͜ͱͰɺϓϩτίϧͷਖ਼ੑɾ҆શੑͷݕূ݁ՌΛڞ༗ Ͱ͖Δ͜ͱΛࢦ͢(shared validation
of the protocol)ɻ • 伴߹ҙҎ্ͷϝοηʔδϯάΞϓϦέʔγϣϯͷ interoperability/federationΛఏڙ͢ΔͷͰͳ͍
ඇಉظੑ(asynchronous usage) ͜͜Ͱ͍͏ʮඇಉظੑʯͱɺ2ਓͷϢʔβʔ͕ಉ࣌ʹΦϯϥΠϯ Ͱ͋Δ͜ͱΛཁٻ͢ΔΑ͏ͳMLSͷoperation͕ଘࡏ͍͚ͯ͠ͳ ͍ɺͱ͍͏ੑ࣭ͷ͜ͱɻ
Forward Secrecy ௨৴ϓϩτίϧͷੑ࣭Ͱɺظ伴(long-term key)ͷ࿐ʹΑͬͯա ڈͷηογϣϯΩʔͷ҆શੑ͕ࣦΘΕͳ͍ɺͱ͍͏ੑ࣭ɻ ʮաڈͷηογϣϯΩʔʯͷ҆શੑͳͷʹʮForwardʯʁˠϝο ηʔδΛૹͬͨ͋ͱকདྷʹΘͨͬͯηογϣϯΩʔͷ࿐ʹ͑ Δɺͱ͍͏ੑ࣭͔ͩΒɻ TLSͷจ຺ͰͷFSͱಉٛɻ·ͨɺ"Perfect" Forward
Secrecyͱ Forward SecrecyҰൠʹಉٛɻ
Post-Compromise Security ݫີͳఆٛͱͯ͠ "On Ends-to-Ends Encryption: Asynchronous Group Messaging with
Strong Security Guarantees" (Cohn-Gordon et al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ άϧʔϓϝϯόʔͷશͳঢ়ଶ(ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴) ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ ϓͷձ͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost- compromise securityΛ࣋ͭɺͱ͍͏ɻ FS/PCSmls-architectureͷ3.2.2.1Ͱఆٛ͞Ε͍ͯΔɻ
Documents • draft-ietf-mls-architecture-02 • draft-ietf-mls-protocol-07 • draft-omara-mls-federation-00
mls-architecture
લఏ • full messaging protocolͷ࣮Λҙਤ͍ͯ͠ͳ͍ (<-> XMPP) • wire encodingͷఆٛͰͳ͘ɺநతͳσʔλߏͷΈΛఆٛ
• άϧʔϓͷنas large as thousands
ׂ Messaging Service2ͭͷabstract serviceΛఏڙ͢Δ: • Authentication Service: long-term identityͷཧ •
long-term identity keyͷσΟεΧόϦʔαʔϏε • Delivery Service: ϝοηʔδͷड৴ͱ࠶ • ϝοηʔδͦͷͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴 ߹ҙʹඞཁͳkeying materialͷͷׂߦ͏ ಉҰαʔόʔͰΑ͍͕ɺׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ
ηΩϡϦςΟલఏͷิ 2.3.5: ΦϑϥΠϯͷϝϯόʔ͕ݹ͍伴Λ͍࣋ͬͯͨΒForward Secrecy/ Post-Compromise SecurityͷલఏͰ͋Δkeying materialͷআ/ஔ ෆՄೳɻMLS͜ͷͷରԠߦΘͳ͍(࣮Ͱղܾ͠Ζɺ ͱ͍͏͜ͱ͔)ɻ
ཁ݅ (Ұ෦ൈਮ) • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous) • एׯͷϝοηʔδϩε͕ൃੜͯ͠permanent exclusionʹͭͳ ͕Βͳ͍ •
ϚϧνσόΠεରԠ • ཤྺͷ෮ݩFS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ ڐՄ͠ͳ͍͕ଞͷํࣜͰΔ͜ͱߟ͑ΒΕΔ
ཁ݅ (Ұ෦ൈਮɺଓ͖) • ϖΠϩʔυͷϑΥʔϚοτΛԾఆ͠ͳ͍ • ෳͷMLS࣮͕federation͢Δ͜ͱ͋ΓಘΔ • ͕charterͱͯ͠είʔϓ֎ɺmls-federationͰ͍ͬͯΔ ༷ •
কདྷόʔδϣϯͱͷޓੑ
ηΩϡϦςΟཁ݅ • ΫϥΠΞϯτͱαʔόʔͷؒͷ௨৴TLSͳͲͰ҉߸Խ͞Ε͍ͯ Δ͜ͱΛԾఆ͢Δ͕ɺτϥϯεϙʔτͷcompromiseʹASʹ ΑΔidentity keys͕దʹೝূ͞Ε͍ͯΔݶΓ͑Δ • DSάϧʔϓͷprivate contentͷΞΫηεΛ࣋ͨͳ͍(ཧऀ ͕ϝοηʔδΛ͖ݟΔ͜ͱͰ͖ͳ͍)
• ϝϯόʔͷՃ/আ: MLSଞͷϝϯόʔʹΒͤΔ͜ͱͳ͘ϝ ϯόʔͷՃ/আΛߦ͏͜ͱΛڐՄ͠ͳ͍(ϓϩτίϧͷΈ ্ͦ͏ͳ͍ͬͯΔ)
mls-protocol
(എܠ)2 partiesͷ߹ղܾࡁΈ Signal Messaging ProtocolͰ༻͍ΒΕ͍ͯΔDouble Ratchetํࣜɻ "Ratchet"ʮҰਐΜͩΒΒͳ͍ʯͷͷྫ͑Ͱɺ҉߸ʹ ͓͚Δ"Ratchet"ͱϋογϡؔΛͬͯʮ৽͍͔͠Βաڈͷ ΛܭࢉͰ͖ͳ͍Α͏ʹͯ͠伴Λಋग़͢ΔʯΈͷ͜ͱɻ ͷΑ͏ʹͯ͠ϝοηʔδ͝ͱʹ伴Λߋ৽͢Δɻ
(എܠ)ʮͨ͘͞ΜʯͷࢀՃऀͷ߹͠ ΜͲ͍ Α͘औΒΕΔํ๏ɺطʹཱ͍֬ͯ͠ΔνϟϯωϧΛ௨ͯ͠ ʮsender keyʯΛҰํతʹbroadcastɺ֤ࢀՃऀͦͷʮsender keyʯͰ҉߸Խͨ͠ϝοηʔδΛૹ৴͢Δɺͱ͍͏ͷɻ "hash ratchet"Λ͏͜ͱͰForward Secrecy࣮ݱͰ͖Δ͕ɺҰ 伴͕ഁΒΕΔͱ伴Λߋ৽͢Δͷʹಉ͡ํ๏ΛΘͳͯ͘ͳΒ
ͣɺpost-compromise security͕ͳ͍ͱ͍͑Δɻ
Ͳ͏࣮ͬͯݱ͢Δʁ
None
None
None
None
Ͳ͏ͬͯάϧʔϓͷڞ༗ൿ ີΛ҆શʹڞ༗͢Δʁ ެ։伴҉߸(Diffie-Hellman)Ͱɺʮࣗͷൿີ伴ʯʴʮଞͷϝϯόʔ ͷൿີ伴ʯΛͬͯڞ༗ൿີΛಋग़͢Δɻશһͷൿີ伴Λ͍͍ͪ ͪ͏ͱܭࢉίετ͕ߴ͍ͷͰπϦʔߏΛऔ͍ͬͯΔɻ Asynchronous Ratchet Treeͱ͍͏Έ͕͜Εʹ૬͢Δ͕ɺҰൠ ੑΛอͭͨΊdraft-01͔Β"Ratchet Tree"ͱ͍͏ޠʹมߋ͞Ε͍ͯ
Δɻ
None
WG activity @ IETF 105
User Authentication Within Groups https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-mls- sessa-user-authentication-within-groups-00.pdf SignalͰظ伴͔ΒϩάΠϯ༻QRίʔυΛੜ͍ͯ͠Δɻ͜ΕͰ Post-Compromise Security͕ͳ͍ɻ
Epoch-Level Authenticationʢಛఆͷ࣌ͰͷΈ༗ޮͳϩάΠϯ༻ QRίʔυΛੜʣͷಋೖͱͦͷํ๏ͷఏҊɻ
Protocol Enhancements • group secretͷߋ৽ΛͰ͖ΔݶΓdefer͍ͨ͠ • ݱࡏgroupͷՃͷࡍʹϝοηʔδϯάͷ༗ແʹؔΘΒͣ group secretͷߋ৽͕ߦΘΕɺ݁ՌେྔͷDHԋࢉ͕ൃੜ͢Δ •
add/update/removeఆ࣌ؒͰࡁΉΑ͏ʹͳΔ͚ΕͲ ratchetʢsecretͷߋ৽ʣͷίετ͕ߴ͍ɺͱ͍͏τϨʔυΦ ϑ͕͋Δ
Protocol Enhancements • Server-Initiated Add • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ (Welcomeinit secretΛؚΉͷͰෆՄೳ) •
ݱࡏUser-Initiated AddͱGroup-Initiated AddผͷΈΛ ͍ͬͯΔ͕ɺinit secretඇಉظԽͰ͖Ε౷ҰͰ͖Δ͠ɺ ೝূ͞ΕͨϝϯόʔWelcomeΛ߹Ͱ͖ΔΑ͏ʹͳΔ • ͨͩ͠DH-like constructionͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ ʹՃ͑ͯݕূ͕͠ΜͲͦ͏
ਐḿ mls-protocol • draft-08: 10݄ͷinterim • draft-09: 11݄ͷIETF 106 •
WGLCΛࢦ͢ͱͷ͜ͱ
ࠓޙಈͷupdateΛ ใࠂ͍͚ͯ͠Εͱࢥ ͍·͢ ͋ͱάϧʔϓ伴߹ҙʹ͍ͭͯݹయతͳconstructionҎ֎Λ༻͍Δํ ๏͋Γͦ͏…ʁ
None
Other Security Related Topics
IoTؔͷ(teep, suit, rats)ଞͷํ͕͠Ό Δͱࢥ͏ͷͰলུ
oauth.xyz (࣮ࡍʹ͜ͷ໊લΛURLόʔʹಥͬࠐΉͱαΠτ͕ग़ͯ͘Δ) OAuth 2.0ଟ͘ͷϢʔεέʔεΛΧόʔͨ͠ΓηΩϡϦςΟ্ͷ ΛΧόʔ͢ΔͨΊʹଟ͘ͷ֦ு͕ग़͖͚ͯͨΕͲɺಉ͡ Λෳͷํ๏Ͱղܾ͢ΔΑ͏ͳෳࡶੑΛੜΈग़ͯ͠͠·ͬͨɻ τϥϯβΫγϣϯϞσϧ(Ұͭͷtransaction IDΛத৺ʹɺػೳΛ ͚͍ͯ͘͠߹τϥϯβΫγϣϯʹ伴ΛՃ͍ͯ͘͠ɺͱ͍ ͏ํࣜ)Ͱཧ͠ͳ͓ͦ͏ɺͱ͍͏ࢼΈɻ
Dragonblood ANRWͷinvited talkɻWPA3ͷDragonflyϋϯυγΣΠΫʹαΠυ νϟωϧ߈ܸ੬ऑੑ͕͋Γ·͢ɺͱ͍͏ɻ ύεϫʔυΛପԁۂઢ͋Δ͍༗ݶମ্ͷཁૉʹม͢Δࡍ(hash- to-curve/group)ͷ࣮͕·ͣ͘ɺύεϫʔυʹΑͬͯࢼߦճ͕ม Θͬͯ͠·͏ͨΊɺ࣮ߦ࣌ؒΛଌఆ͢Δ͜ͱͰύεϫʔυಛఆͷ ͨΊͷใΛऔΓग़ͤΔɻ ͳ͓ɺ͜ͷൃදͷ͋ͱ͞ΒʹՃͰCVE-2019-13377/13456͕ಉ ҰஶऀʹΑΓൃද͞Εͨɻ
TLS 1.3 Impact on Network Based Security Solutions TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏
յΕΔ͔ͷ·ͱΊɻյΕΔ͔Βͤɺͱ͍͏ओுͰͳ͘ɺӨڹ ൣғΛ໌Β͔ʹ͢Δ͜ͱΛతͱ͍ͯ͠Δͷɻʢͱ͍͑ɺଟ ͦ͏͍͏ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢ Δ͜ͱΛࢦ͍ͯ͠Δɻ https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-tls- sessb-tls-impact-on-network-security-00
ଟೖΓ͖Βͳ͍ͱࢥ͏DNS ؔࠓճׂѪ • ANRW: Oblivious DNS, Who Is Answering My
Queries (DNS interceptionͷଌఆ), What Can You Learn from an IP? • dnsop • add (Applications Doing DNS) Ͳ͔͜Ͱެ։༧ఆʁ