Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Messaging Layer Security and stuff @ IETF105
Search
sylph01
August 30, 2019
Technology
0
940
Messaging Layer Security and stuff @ IETF105
Presented at IETF 105 Report Session @ ISOC-JP
https://www.isoc.jp/wiki.cgi?page=IETF105Update
sylph01
August 30, 2019
Tweet
Share
More Decks by sylph01
See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
91
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
31
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
250
Adding Security to Microcontroller Ruby
sylph01
2
3.3k
Secure Messaging at IETF 118
sylph01
0
84
Adventures in the Dungeons of OpenSSL
sylph01
0
530
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
330
Build and Learn Rails Authentication
sylph01
8
2.1k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
310
Other Decks in Technology
See All in Technology
Raycast Favorites × Script Command で実現するお手軽情報チェック
smasato
1
140
システム・ML活用を広げるdbtのデータモデリング / Expanding System & ML Use with dbt Modeling
i125
1
320
PHPで印刷所に入稿できる名札データを作る / Generating Print-Ready Name Tag Data with PHP
tomzoh
0
180
2/18 Making Security Scale: メルカリが考えるセキュリティ戦略 - Coincheck x LayerX x Mercari
jsonf
0
180
分解して理解する Aspire
nenonaninu
2
1k
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
200
Oracle Database Technology Night #87-1 : Exadata Database Service on Exascale Infrastructure(ExaDB-XS)サービス詳細
oracle4engineer
PRO
1
170
PHPカンファレンス名古屋-テックリードの経験から学んだ設計の教訓
hayatokudou
2
540
AWSアカウントのセキュリティ自動化、どこまで進める? 最適な設計と実践ポイント
yuobayashi
7
540
【詳説】コンテンツ配信 システムの複数機能 基盤への拡張
hatena
0
230
MIMEと文字コードの闇
hirachan
2
1.4k
ExaDB-XSで利用されているExadata Exascaleについて
oracle4engineer
PRO
3
240
Featured
See All Featured
The Invisible Side of Design
smashingmag
299
50k
A Philosophy of Restraint
colly
203
16k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Designing for Performance
lara
604
68k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.2k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Designing Experiences People Love
moore
140
23k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.5k
Building Adaptive Systems
keathley
40
2.4k
Designing for humans not robots
tammielis
250
25k
Transcript
Messaging Layer Security, and other security related stuff Ryo Kajiwara
@ lepidum IETF105 Report Session, ISOC-JP
None
Messaging Layer Security (mls)
աڈʹͨ͠ࢿྉʹ͍ͭͯ ݕࡧͯ͠ग़ͯ͘Δࢿྉʹࢲ͕2018/8ʹͨ͠ࢿྉ͕ग़͖ͯ·͢ ͕ɺ۩ମతͳํࣜʹ͔ؔͯ͠ͳΓଟ͘ͷΞοϓσʔτ͕ೖͬͯ ͍·͢ɻ֓આ෦ʹؔͯ͠एׯͦΕΛྲྀ༻͍ͯ͠·͢ɻ https:/ /speakerdeck.com/sylph01/messaging-layer-security ۩ମతʹݴ͏ͱɺ17൪ͷεϥΠυҎ߱ͷ༰΄ͱΜͲݱࡏͷ υϥϑτʹ͍ͬͯ·ͤΜɻπϦʔͷܭࢉʹؔͯ͠Asynchronous Ratchet Treeͷ֓೦͚ͩࠓͷυϥϑτͰ͋Δఔ௨༻͠·͢ɻ
͜ΕԿʁ ෳਓͷάϧʔϓʹ͓͚ΔηΩϡΞϝοηʔδϯάͷͨΊͷ伴ަ ͷํ๏Λඪ४Խ͠Α͏ɺͱ͍͏Internet-Draft -> Working Groupɻ ͘͢͝ฏ͍ͨ͘͏ͱɺάϧʔϓνϟοτΛEnd-to-End҉߸Խ͢Δ ํ๏Λඪ४Խ͠Α͏ͥɺͱ͍͏༰ɻ
ηΩϡΞϝοηʔδϯάʁ ࠷ۙͷϝοηʔδϯάαʔϏεEnd-to-End҉߸Խ͕ී௨Ͱ͢ɻ • Signalʢ͕͜͜͠Γʣ • Facebook Messenger • WhatsApp •
LINE ͳͲEnd-to-End҉߸ԽΛطʹऔΓೖΕ͍ͯ·͢ɻ
WG Charter͔Βཁ ҎԼͷੑ࣭Λ࣋ͭάϧʔϓ伴ͷ߹ҙɾϝοηʔδอޢΛඞཁͱ͢ ΔΞϓϦέʔγϣϯ͕ଟ͘ଘࡏ͢ΔͨΊɺͦΕΛ࣮ݱ͍ͨ͠: ϝοηʔδͷൿີੑɺϝοηʔδͷશੑɾೝূɺϝϯόʔͷೝ ূɺඇಉظੑɺForward SecrecyɺPost-Compromise Securityɺε έʔϥϏϦςΟ
είʔϓʹ͍ͭͯ • ֤ϕϯμʔಠࣗϓϩτίϧͰ࣮ݱ͍ͯ͠ΔͨΊɺࣗͷϓϩ τίϧɾελοΫΛಠཱʹҡ࣋ཧ͢Δඞཁ͕͋Γɺ݁Ռͱ͠ ͯಠཱʹ࣭อূΛ͢Δඞཁ͕͋Δɻ • MLSϝοηʔδͷηΩϡϦςΟ෦ʹ͍ͭͯڞ௨ͷํ๏Λఏ ࣔ͢Δ͜ͱͰɺϓϩτίϧͷਖ਼ੑɾ҆શੑͷݕূ݁ՌΛڞ༗ Ͱ͖Δ͜ͱΛࢦ͢(shared validation
of the protocol)ɻ • 伴߹ҙҎ্ͷϝοηʔδϯάΞϓϦέʔγϣϯͷ interoperability/federationΛఏڙ͢ΔͷͰͳ͍
ඇಉظੑ(asynchronous usage) ͜͜Ͱ͍͏ʮඇಉظੑʯͱɺ2ਓͷϢʔβʔ͕ಉ࣌ʹΦϯϥΠϯ Ͱ͋Δ͜ͱΛཁٻ͢ΔΑ͏ͳMLSͷoperation͕ଘࡏ͍͚ͯ͠ͳ ͍ɺͱ͍͏ੑ࣭ͷ͜ͱɻ
Forward Secrecy ௨৴ϓϩτίϧͷੑ࣭Ͱɺظ伴(long-term key)ͷ࿐ʹΑͬͯա ڈͷηογϣϯΩʔͷ҆શੑ͕ࣦΘΕͳ͍ɺͱ͍͏ੑ࣭ɻ ʮաڈͷηογϣϯΩʔʯͷ҆શੑͳͷʹʮForwardʯʁˠϝο ηʔδΛૹͬͨ͋ͱকདྷʹΘͨͬͯηογϣϯΩʔͷ࿐ʹ͑ Δɺͱ͍͏ੑ࣭͔ͩΒɻ TLSͷจ຺ͰͷFSͱಉٛɻ·ͨɺ"Perfect" Forward
Secrecyͱ Forward SecrecyҰൠʹಉٛɻ
Post-Compromise Security ݫີͳఆٛͱͯ͠ "On Ends-to-Ends Encryption: Asynchronous Group Messaging with
Strong Security Guarantees" (Cohn-Gordon et al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ άϧʔϓϝϯόʔͷશͳঢ়ଶ(ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴) ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ ϓͷձ͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost- compromise securityΛ࣋ͭɺͱ͍͏ɻ FS/PCSmls-architectureͷ3.2.2.1Ͱఆٛ͞Ε͍ͯΔɻ
Documents • draft-ietf-mls-architecture-02 • draft-ietf-mls-protocol-07 • draft-omara-mls-federation-00
mls-architecture
લఏ • full messaging protocolͷ࣮Λҙਤ͍ͯ͠ͳ͍ (<-> XMPP) • wire encodingͷఆٛͰͳ͘ɺநతͳσʔλߏͷΈΛఆٛ
• άϧʔϓͷنas large as thousands
ׂ Messaging Service2ͭͷabstract serviceΛఏڙ͢Δ: • Authentication Service: long-term identityͷཧ •
long-term identity keyͷσΟεΧόϦʔαʔϏε • Delivery Service: ϝοηʔδͷड৴ͱ࠶ • ϝοηʔδͦͷͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴 ߹ҙʹඞཁͳkeying materialͷͷׂߦ͏ ಉҰαʔόʔͰΑ͍͕ɺׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ
ηΩϡϦςΟલఏͷิ 2.3.5: ΦϑϥΠϯͷϝϯόʔ͕ݹ͍伴Λ͍࣋ͬͯͨΒForward Secrecy/ Post-Compromise SecurityͷલఏͰ͋Δkeying materialͷআ/ஔ ෆՄೳɻMLS͜ͷͷରԠߦΘͳ͍(࣮Ͱղܾ͠Ζɺ ͱ͍͏͜ͱ͔)ɻ
ཁ݅ (Ұ෦ൈਮ) • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous) • एׯͷϝοηʔδϩε͕ൃੜͯ͠permanent exclusionʹͭͳ ͕Βͳ͍ •
ϚϧνσόΠεରԠ • ཤྺͷ෮ݩFS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ ڐՄ͠ͳ͍͕ଞͷํࣜͰΔ͜ͱߟ͑ΒΕΔ
ཁ݅ (Ұ෦ൈਮɺଓ͖) • ϖΠϩʔυͷϑΥʔϚοτΛԾఆ͠ͳ͍ • ෳͷMLS࣮͕federation͢Δ͜ͱ͋ΓಘΔ • ͕charterͱͯ͠είʔϓ֎ɺmls-federationͰ͍ͬͯΔ ༷ •
কདྷόʔδϣϯͱͷޓੑ
ηΩϡϦςΟཁ݅ • ΫϥΠΞϯτͱαʔόʔͷؒͷ௨৴TLSͳͲͰ҉߸Խ͞Ε͍ͯ Δ͜ͱΛԾఆ͢Δ͕ɺτϥϯεϙʔτͷcompromiseʹASʹ ΑΔidentity keys͕దʹೝূ͞Ε͍ͯΔݶΓ͑Δ • DSάϧʔϓͷprivate contentͷΞΫηεΛ࣋ͨͳ͍(ཧऀ ͕ϝοηʔδΛ͖ݟΔ͜ͱͰ͖ͳ͍)
• ϝϯόʔͷՃ/আ: MLSଞͷϝϯόʔʹΒͤΔ͜ͱͳ͘ϝ ϯόʔͷՃ/আΛߦ͏͜ͱΛڐՄ͠ͳ͍(ϓϩτίϧͷΈ ্ͦ͏ͳ͍ͬͯΔ)
mls-protocol
(എܠ)2 partiesͷ߹ղܾࡁΈ Signal Messaging ProtocolͰ༻͍ΒΕ͍ͯΔDouble Ratchetํࣜɻ "Ratchet"ʮҰਐΜͩΒΒͳ͍ʯͷͷྫ͑Ͱɺ҉߸ʹ ͓͚Δ"Ratchet"ͱϋογϡؔΛͬͯʮ৽͍͔͠Βաڈͷ ΛܭࢉͰ͖ͳ͍Α͏ʹͯ͠伴Λಋग़͢ΔʯΈͷ͜ͱɻ ͷΑ͏ʹͯ͠ϝοηʔδ͝ͱʹ伴Λߋ৽͢Δɻ
(എܠ)ʮͨ͘͞ΜʯͷࢀՃऀͷ߹͠ ΜͲ͍ Α͘औΒΕΔํ๏ɺطʹཱ͍֬ͯ͠ΔνϟϯωϧΛ௨ͯ͠ ʮsender keyʯΛҰํతʹbroadcastɺ֤ࢀՃऀͦͷʮsender keyʯͰ҉߸Խͨ͠ϝοηʔδΛૹ৴͢Δɺͱ͍͏ͷɻ "hash ratchet"Λ͏͜ͱͰForward Secrecy࣮ݱͰ͖Δ͕ɺҰ 伴͕ഁΒΕΔͱ伴Λߋ৽͢Δͷʹಉ͡ํ๏ΛΘͳͯ͘ͳΒ
ͣɺpost-compromise security͕ͳ͍ͱ͍͑Δɻ
Ͳ͏࣮ͬͯݱ͢Δʁ
None
None
None
None
Ͳ͏ͬͯάϧʔϓͷڞ༗ൿ ີΛ҆શʹڞ༗͢Δʁ ެ։伴҉߸(Diffie-Hellman)Ͱɺʮࣗͷൿີ伴ʯʴʮଞͷϝϯόʔ ͷൿີ伴ʯΛͬͯڞ༗ൿີΛಋग़͢Δɻશһͷൿີ伴Λ͍͍ͪ ͪ͏ͱܭࢉίετ͕ߴ͍ͷͰπϦʔߏΛऔ͍ͬͯΔɻ Asynchronous Ratchet Treeͱ͍͏Έ͕͜Εʹ૬͢Δ͕ɺҰൠ ੑΛอͭͨΊdraft-01͔Β"Ratchet Tree"ͱ͍͏ޠʹมߋ͞Ε͍ͯ
Δɻ
None
WG activity @ IETF 105
User Authentication Within Groups https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-mls- sessa-user-authentication-within-groups-00.pdf SignalͰظ伴͔ΒϩάΠϯ༻QRίʔυΛੜ͍ͯ͠Δɻ͜ΕͰ Post-Compromise Security͕ͳ͍ɻ
Epoch-Level Authenticationʢಛఆͷ࣌ͰͷΈ༗ޮͳϩάΠϯ༻ QRίʔυΛੜʣͷಋೖͱͦͷํ๏ͷఏҊɻ
Protocol Enhancements • group secretͷߋ৽ΛͰ͖ΔݶΓdefer͍ͨ͠ • ݱࡏgroupͷՃͷࡍʹϝοηʔδϯάͷ༗ແʹؔΘΒͣ group secretͷߋ৽͕ߦΘΕɺ݁ՌେྔͷDHԋࢉ͕ൃੜ͢Δ •
add/update/removeఆ࣌ؒͰࡁΉΑ͏ʹͳΔ͚ΕͲ ratchetʢsecretͷߋ৽ʣͷίετ͕ߴ͍ɺͱ͍͏τϨʔυΦ ϑ͕͋Δ
Protocol Enhancements • Server-Initiated Add • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ (Welcomeinit secretΛؚΉͷͰෆՄೳ) •
ݱࡏUser-Initiated AddͱGroup-Initiated AddผͷΈΛ ͍ͬͯΔ͕ɺinit secretඇಉظԽͰ͖Ε౷ҰͰ͖Δ͠ɺ ೝূ͞ΕͨϝϯόʔWelcomeΛ߹Ͱ͖ΔΑ͏ʹͳΔ • ͨͩ͠DH-like constructionͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ ʹՃ͑ͯݕূ͕͠ΜͲͦ͏
ਐḿ mls-protocol • draft-08: 10݄ͷinterim • draft-09: 11݄ͷIETF 106 •
WGLCΛࢦ͢ͱͷ͜ͱ
ࠓޙಈͷupdateΛ ใࠂ͍͚ͯ͠Εͱࢥ ͍·͢ ͋ͱάϧʔϓ伴߹ҙʹ͍ͭͯݹయతͳconstructionҎ֎Λ༻͍Δํ ๏͋Γͦ͏…ʁ
None
Other Security Related Topics
IoTؔͷ(teep, suit, rats)ଞͷํ͕͠Ό Δͱࢥ͏ͷͰলུ
oauth.xyz (࣮ࡍʹ͜ͷ໊લΛURLόʔʹಥͬࠐΉͱαΠτ͕ग़ͯ͘Δ) OAuth 2.0ଟ͘ͷϢʔεέʔεΛΧόʔͨ͠ΓηΩϡϦςΟ্ͷ ΛΧόʔ͢ΔͨΊʹଟ͘ͷ֦ு͕ग़͖͚ͯͨΕͲɺಉ͡ Λෳͷํ๏Ͱղܾ͢ΔΑ͏ͳෳࡶੑΛੜΈग़ͯ͠͠·ͬͨɻ τϥϯβΫγϣϯϞσϧ(Ұͭͷtransaction IDΛத৺ʹɺػೳΛ ͚͍ͯ͘͠߹τϥϯβΫγϣϯʹ伴ΛՃ͍ͯ͘͠ɺͱ͍ ͏ํࣜ)Ͱཧ͠ͳ͓ͦ͏ɺͱ͍͏ࢼΈɻ
Dragonblood ANRWͷinvited talkɻWPA3ͷDragonflyϋϯυγΣΠΫʹαΠυ νϟωϧ߈ܸ੬ऑੑ͕͋Γ·͢ɺͱ͍͏ɻ ύεϫʔυΛପԁۂઢ͋Δ͍༗ݶମ্ͷཁૉʹม͢Δࡍ(hash- to-curve/group)ͷ࣮͕·ͣ͘ɺύεϫʔυʹΑͬͯࢼߦճ͕ม Θͬͯ͠·͏ͨΊɺ࣮ߦ࣌ؒΛଌఆ͢Δ͜ͱͰύεϫʔυಛఆͷ ͨΊͷใΛऔΓग़ͤΔɻ ͳ͓ɺ͜ͷൃදͷ͋ͱ͞ΒʹՃͰCVE-2019-13377/13456͕ಉ ҰஶऀʹΑΓൃද͞Εͨɻ
TLS 1.3 Impact on Network Based Security Solutions TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏
յΕΔ͔ͷ·ͱΊɻյΕΔ͔Βͤɺͱ͍͏ओுͰͳ͘ɺӨڹ ൣғΛ໌Β͔ʹ͢Δ͜ͱΛతͱ͍ͯ͠Δͷɻʢͱ͍͑ɺଟ ͦ͏͍͏ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢ Δ͜ͱΛࢦ͍ͯ͠Δɻ https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-tls- sessb-tls-impact-on-network-security-00
ଟೖΓ͖Βͳ͍ͱࢥ͏DNS ؔࠓճׂѪ • ANRW: Oblivious DNS, Who Is Answering My
Queries (DNS interceptionͷଌఆ), What Can You Learn from an IP? • dnsop • add (Applications Doing DNS) Ͳ͔͜Ͱެ։༧ఆʁ