Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Messaging Layer Security and stuff @ IETF105

sylph01
August 30, 2019
Technology
0
680

Messaging Layer Security and stuff @ IETF105

Presented at IETF 105 Report Session @ ISOC-JP https://www.isoc.jp/wiki.cgi?page=IETF105Update

sylph01

August 30, 2019
Tweet

More Decks by sylph01

See All by sylph01
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
160
Build and Learn Rails Authentication
sylph01
8
1.5k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
34
DNS Encryption and Its Controversies
sylph01
0
560
Email, Messaging, and SSI/DID (再放送)
sylph01
0
1.1k
Action Mailbox in Action
sylph01
1
2.8k
Keebs-n-Kaigi
sylph01
1
210
Email, Messaging, and SSI/DID
sylph01
0
740
IETF 107 Report Session: OAuth/TxAuth
sylph01
0
71

Other Decks in Technology

See All in Technology
WASMを実行する自作Microkernel, mavisの紹介
riru
0
130
重厚長大な企業の内製開発組織で成果を出すためのサーバーレスアーキテクチャ / ServerlessDays Tokyo 2023
mongolyy
3
720
【IoT-Tech Meetup #5】WireGuardを動かす環境やハードウェア紹介
soracom
PRO
0
140
Autify Company Deck
autifyhq
1
25k
Runbookに何を書き、どのようにアラートを振り分けるか?
egmc
0
140
ChatGPTを前に頭が真っ白を乗り越え人が答えることが困難な認知負荷MAXなタフクエスチョンをどんどん回答させてプロダクト価値を爆速探求するぞ/cognitive_load_question_and_chatgpt
moriyuya
2
310
【IoT-Tech Meetup #5】IoTとは?WireGuard概要とIoTで通信を守る理由
soracom
PRO
0
130
コツコツととのえるLTの段取り/engineers_lt
nishiuma
4
200
2023-09-05_OCIJP_まれによくあるマルチクラウドでDB-AP分離構成のこと
hk_shino
2
220
Aurora MySQL v1 から v3 へ一段飛ばしのバージョンアップをした話
hmatsu47
PRO
0
170
土壌と植物で奏でるアート~農業における新たなパラダイム~
shinrinakamura
0
190
データベーススペシャリストというキャリアと生存戦略 ~10年後も変わらないこと、変わること / career-spiral
soudai
16
5.1k

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
55
3.3k
Statistics for Hackers
jakevdp
787
210k
A better future with KSS
kneath
230
16k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Scaling GitHub
holman
455
140k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
WebSockets: Embracing the real-time Web
robhawkes
58
6.5k
Teambox: Starting and Learning
jrom
125
8.1k
Three Pipe Problems
jasonvnalue
89
9.2k
BBQ
matthewcrist
76
8.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.9k
Designing for humans not robots
tammielis
246
24k

Transcript

  1. Messaging Layer
    Security, and other
    security related stuff
    Ryo Kajiwara @ lepidum
    IETF105 Report Session, ISOC-JP

    View Slide

  2. View Slide

  3. Messaging Layer
    Security (mls)

    View Slide

  4. աڈʹ࿩ͨ͠ࢿྉʹ͍ͭͯ
    ݕࡧͯ͠ग़ͯ͘Δࢿྉʹ͸ࢲ͕2018/8ʹ࿩ͨ͠ࢿྉ͕ग़͖ͯ·͢
    ͕ɺ۩ମతͳํࣜʹؔͯ͠͸͔ͳΓଟ͘ͷΞοϓσʔτ͕ೖͬͯ
    ͍·͢ɻ֓આ෦෼ʹؔͯ͠͸एׯͦΕΛྲྀ༻͍ͯ͠·͢ɻ
    https:/
    /speakerdeck.com/sylph01/messaging-layer-security
    ۩ମతʹݴ͏ͱɺ17൪໨ͷεϥΠυҎ߱ͷ಺༰͸΄ͱΜͲݱࡏͷ
    υϥϑτʹ࢒͍ͬͯ·ͤΜɻπϦʔͷܭࢉʹؔͯ͠Asynchronous
    Ratchet Treeͷ֓೦͚ͩ͸ࠓͷυϥϑτͰ΋͋Δఔ౓௨༻͠·͢ɻ

    View Slide

  5. ͜Ε͸Կʁ
    ෳ਺ਓͷάϧʔϓʹ͓͚ΔηΩϡΞϝοηʔδϯάͷͨΊͷ伴ަ
    ׵ͷํ๏Λඪ४Խ͠Α͏ɺͱ͍͏Internet-Draft -> Working Groupɻ
    ͘͢͝ฏ͍ͨ͘͏ͱɺάϧʔϓνϟοτΛEnd-to-End҉߸Խ͢Δ
    ํ๏Λඪ४Խ͠Α͏ͥɺͱ͍͏಺༰ɻ

    View Slide

  6. ηΩϡΞϝοηʔδϯάʁ
    ࠷ۙͷϝοηʔδϯάαʔϏε͸End-to-End҉߸Խ͕ී௨Ͱ͢ɻ
    • Signalʢ͕͜͜͸͠Γʣ
    • Facebook Messenger
    • WhatsApp
    • LINE
    ͳͲ͸End-to-End҉߸ԽΛطʹऔΓೖΕ͍ͯ·͢ɻ

    View Slide

  7. WG Charter͔Βཁ໿
    ҎԼͷੑ࣭Λ࣋ͭάϧʔϓ伴ͷ߹ҙɾϝοηʔδอޢΛඞཁͱ͢
    ΔΞϓϦέʔγϣϯ͕ଟ͘ଘࡏ͢ΔͨΊɺͦΕΛ࣮ݱ͍ͨ͠:
    ϝοηʔδͷൿີੑɺϝοηʔδͷ׬શੑɾೝূɺϝϯόʔͷೝ
    ূɺඇಉظੑɺForward SecrecyɺPost-Compromise Securityɺε
    έʔϥϏϦςΟ

    View Slide

  8. είʔϓʹ͍ͭͯ
    • ֤ϕϯμʔ͸ಠࣗϓϩτίϧͰ࣮ݱ͍ͯ͠ΔͨΊɺࣗ਎ͷϓϩ
    τίϧɾελοΫΛಠཱʹҡ࣋؅ཧ͢Δඞཁ͕͋Γɺ݁Ռͱ͠
    ͯಠཱʹ඼࣭อূΛ͢Δඞཁ͕͋Δɻ
    • MLS͸ϝοηʔδͷηΩϡϦςΟ෦෼ʹ͍ͭͯڞ௨ͷํ๏Λఏ
    ࣔ͢Δ͜ͱͰɺϓϩτίϧͷਖ਼౰ੑɾ҆શੑͷݕূ݁ՌΛڞ༗
    Ͱ͖Δ͜ͱΛ໨ࢦ͢(shared validation of the protocol)ɻ
    • 伴߹ҙҎ্ͷϝοηʔδϯάΞϓϦέʔγϣϯͷ
    interoperability/federationΛఏڙ͢Δ΋ͷͰ͸ͳ͍

    View Slide

  9. ඇಉظੑ(asynchronous
    usage)
    ͜͜Ͱ͍͏ʮඇಉظੑʯͱ͸ɺ2ਓͷϢʔβʔ͕ಉ࣌ʹΦϯϥΠϯ
    Ͱ͋Δ͜ͱΛཁٻ͢ΔΑ͏ͳMLSͷoperation͕ଘࡏͯ͠͸͍͚ͳ
    ͍ɺͱ͍͏ੑ࣭ͷ͜ͱɻ

    View Slide

  10. Forward Secrecy
    ௨৴ϓϩτίϧͷੑ࣭Ͱɺ௕ظ伴(long-term key)ͷ๫࿐ʹΑͬͯա
    ڈͷηογϣϯΩʔͷ҆શੑ͕ࣦΘΕͳ͍ɺͱ͍͏ੑ࣭ɻ
    ʮաڈͷηογϣϯΩʔʯͷ҆શੑͳͷʹʮForwardʯʁˠϝο
    ηʔδΛૹͬͨ͋ͱকདྷʹΘͨͬͯηογϣϯΩʔͷ๫࿐ʹ଱͑
    Δɺͱ͍͏ੑ࣭͔ͩΒɻ
    TLSͷจ຺ͰͷFSͱಉٛɻ·ͨɺ"Perfect" Forward Secrecyͱ
    Forward Secrecy͸Ұൠʹಉٛɻ

    View Slide

  11. Post-Compromise Security
    ݫີͳఆٛͱͯ͠͸ "On Ends-to-Ends Encryption: Asynchronous
    Group Messaging with Strong Security Guarantees" (Cohn-Gordon et
    al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ
    άϧʔϓϝϯόʔͷ׬શͳঢ়ଶ(௕ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴)
    ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ
    ϓͷձ࿩͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost-
    compromise securityΛ࣋ͭɺͱ͍͏ɻ
    FS/PCS͸mls-architectureͷ3.2.2.1Ͱ΋ఆٛ͞Ε͍ͯΔɻ

    View Slide

  12. Documents
    • draft-ietf-mls-architecture-02
    • draft-ietf-mls-protocol-07
    • draft-omara-mls-federation-00

    View Slide

  13. mls-architecture

    View Slide

  14. લఏ
    • full messaging protocolͷ࣮૷Λҙਤ͍ͯ͠ͳ͍ (<-> XMPP)
    • wire encodingͷఆٛͰ͸ͳ͘ɺந৅తͳσʔλߏ଄ͷΈΛఆٛ
    • άϧʔϓͷن໛͸as large as thousands

    View Slide

  15. ໾ׂ
    Messaging Service͸2ͭͷabstract serviceΛఏڙ͢Δ:
    • Authentication Service: long-term identityͷ؅ཧ
    • long-term identity keyͷσΟεΧόϦʔαʔϏε
    • Delivery Service: ϝοηʔδͷड৴ͱ࠶഑෍
    • ϝοηʔδͦͷ΋ͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴
    ߹ҙʹඞཁͳkeying materialͷ഑෍ͷ໾ׂ΋ߦ͏
    ಉҰαʔόʔͰ΋Α͍͕ɺ໾ׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ

    View Slide

  16. ηΩϡϦςΟલఏͷิ଍
    2.3.5:
    ΦϑϥΠϯͷϝϯόʔ͕ݹ͍伴Λ͍࣋ͬͯͨΒForward Secrecy/
    Post-Compromise SecurityͷલఏͰ͋Δkeying materialͷ࡟আ/ஔ׵
    ͸ෆՄೳɻMLS͸͜ͷ໰୊΁ͷରԠ͸ߦΘͳ͍(࣮૷Ͱղܾ͠Ζɺ
    ͱ͍͏͜ͱ͔)ɻ

    View Slide

  17. ཁ݅
    (Ұ෦ൈਮ)
    • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous)
    • एׯͷϝοηʔδϩε͕ൃੜͯ͠΋permanent exclusionʹͭͳ
    ͕Βͳ͍
    • ϚϧνσόΠεରԠ
    • ཤྺͷ෮ݩ͸FS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ͸
    ڐՄ͠ͳ͍͕ଞͷํࣜͰ΍Δ͜ͱ͸ߟ͑ΒΕΔ

    View Slide

  18. ཁ݅
    (Ұ෦ൈਮɺଓ͖)
    • ϖΠϩʔυͷϑΥʔϚοτΛԾఆ͠ͳ͍
    • ෳ਺ͷMLS࣮૷͕federation͢Δ͜ͱ͸͋ΓಘΔ
    • ͕charterͱͯ͠͸είʔϓ֎ɺmls-federationͰ΍͍ͬͯΔ໛

    • কདྷόʔδϣϯͱͷޓ׵ੑ

    View Slide

  19. ηΩϡϦςΟཁ݅
    • ΫϥΠΞϯτͱαʔόʔͷؒͷ௨৴͸TLSͳͲͰ҉߸Խ͞Ε͍ͯ
    Δ͜ͱΛԾఆ͢Δ͕ɺτϥϯεϙʔτ૚ͷcompromiseʹ͸ASʹ
    ΑΔidentity keys͕ద੾ʹೝূ͞Ε͍ͯΔݶΓ଱͑Δ
    • DS͸άϧʔϓͷprivate content΁ͷΞΫηεΛ࣋ͨͳ͍(؅ཧऀ
    ͕ϝοηʔδΛ೷͖ݟΔ͜ͱ͸Ͱ͖ͳ͍)
    • ϝϯόʔͷ௥Ճ/࡟আ: MLS͸ଞͷϝϯόʔʹ஌ΒͤΔ͜ͱͳ͘ϝ
    ϯόʔͷ௥Ճ/࡟আΛߦ͏͜ͱΛڐՄ͠ͳ͍(ϓϩτίϧͷ࢓૊Έ
    ্ͦ͏ͳ͍ͬͯΔ)

    View Slide

  20. mls-protocol

    View Slide

  21. (എܠ)2 partiesͷ৔߹͸ղܾࡁΈ
    Signal Messaging ProtocolͰ༻͍ΒΕ͍ͯΔDouble Ratchetํࣜɻ
    "Ratchet"͸ʮҰ౓ਐΜͩΒ໭Βͳ͍ʯ΋ͷͷྫ͑Ͱɺ҉߸෼໺ʹ
    ͓͚Δ"Ratchet"ͱ͸ϋογϡؔ਺Λ࢖ͬͯʮ৽͍͠஋͔Βաڈͷ
    ஋ΛܭࢉͰ͖ͳ͍Α͏ʹͯ͠伴Λಋग़͢Δʯ࢓૊Έͷ͜ͱɻ
    ͷΑ͏ʹͯ͠ϝοηʔδ͝ͱʹ伴Λߋ৽͢Δɻ

    View Slide

  22. (എܠ)ʮͨ͘͞ΜʯͷࢀՃऀͷ৔߹͠
    ΜͲ͍
    Α͘औΒΕΔํ๏͸ɺطʹཱ͍֬ͯ͠ΔνϟϯωϧΛ௨ͯ͠
    ʮsender keyʯΛҰํతʹbroadcastɺ֤ࢀՃऀ͸ͦͷʮsender
    keyʯͰ҉߸Խͨ͠ϝοηʔδΛૹ৴͢Δɺͱ͍͏΋ͷɻ
    "hash ratchet"Λ࢖͏͜ͱͰForward Secrecy͸࣮ݱͰ͖Δ͕ɺҰ౓
    伴͕ഁΒΕΔͱ伴Λߋ৽͢Δͷʹಉ͡ํ๏Λ࢖Θͳͯ͘͸ͳΒ
    ͣɺpost-compromise security͕ͳ͍ͱ͍͑Δɻ

    View Slide

  23. Ͳ͏΍࣮ͬͯݱ͢Δʁ

    View Slide

  24. View Slide

  25. View Slide

  26. View Slide

  27. View Slide

  28. Ͳ͏΍ͬͯάϧʔϓͷڞ༗ൿ
    ີΛ҆શʹڞ༗͢Δʁ
    ެ։伴҉߸(Diffie-Hellman)Ͱɺʮࣗ਎ͷൿີ伴ʯʴʮଞͷϝϯόʔ
    ͷൿີ伴ʯΛ࢖ͬͯڞ༗ൿີΛಋग़͢Δɻશһͷൿີ伴Λ͍͍ͪ
    ͪ࢖͏ͱܭࢉίετ͕ߴ͍ͷͰπϦʔߏ଄Λऔ͍ͬͯΔɻ
    Asynchronous Ratchet Treeͱ͍͏࢓૊Έ͕͜Εʹ૬౰͢Δ͕ɺҰൠ
    ੑΛอͭͨΊdraft-01͔Β͸"Ratchet Tree"ͱ͍͏ޠʹมߋ͞Ε͍ͯ
    Δɻ

    View Slide

  29. View Slide

  30. WG activity @ IETF 105

    View Slide

  31. User Authentication Within
    Groups
    https:/
    /datatracker.ietf.org/meeting/105/materials/slides-105-mls-
    sessa-user-authentication-within-groups-00.pdf
    SignalͰ͸௕ظ伴͔ΒϩάΠϯ༻QRίʔυΛੜ੒͍ͯ͠Δɻ͜ΕͰ
    ͸Post-Compromise Security͕ͳ͍ɻ
    Epoch-Level Authenticationʢಛఆͷ࣌఺ͰͷΈ༗ޮͳϩάΠϯ༻
    QRίʔυΛੜ੒ʣͷಋೖͱͦͷํ๏ͷఏҊɻ

    View Slide

  32. Protocol Enhancements
    • group secretͷߋ৽ΛͰ͖ΔݶΓdefer͍ͨ͠
    • ݱࡏ͸group΁ͷ௥Ճͷࡍʹϝοηʔδϯάͷ༗ແʹؔΘΒͣ
    group secretͷߋ৽͕ߦΘΕɺ݁ՌେྔͷDHԋࢉ͕ൃੜ͢Δ
    • add/update/remove͸ఆ਺࣌ؒͰࡁΉΑ͏ʹͳΔ͚ΕͲ
    ratchetʢsecretͷߋ৽ʣͷίετ͕ߴ͍ɺͱ͍͏τϨʔυΦ
    ϑ͕͋Δ

    View Slide

  33. Protocol Enhancements
    • Server-Initiated Add
    • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ
    (Welcome͸init secretΛؚΉͷͰෆՄೳ)
    • ݱࡏ͸User-Initiated AddͱGroup-Initiated Add͸ผͷ࢓૊ΈΛ
    ࢖͍ͬͯΔ͕ɺinit secret΋ඇಉظԽͰ͖Ε͹౷ҰͰ͖Δ͠ɺ
    ೝূ͞Εͨϝϯόʔ͸WelcomeΛ߹੒Ͱ͖ΔΑ͏ʹͳΔ
    • ͨͩ͠DH-like construction΁ͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ
    ʹՃ͑ͯݕূ͕͠ΜͲͦ͏

    View Slide

  34. ਐḿ
    mls-protocol
    • draft-08: 10݄ͷinterim
    • draft-09: 11݄ͷIETF 106
    • ೥಺WGLCΛ໨ࢦ͢ͱͷ͜ͱ

    View Slide

  35. ࠓޙ΋ಈ޲ͷupdateΛ
    ใࠂ͍͚ͯ͠Ε͹ͱࢥ
    ͍·͢
    ͋ͱάϧʔϓ伴߹ҙʹ͍ͭͯݹయతͳconstructionҎ֎Λ༻͍Δํ
    ๏΋͋Γͦ͏…ʁ

    View Slide

  36. View Slide

  37. Other Security Related
    Topics

    View Slide

  38. IoTؔ܎ͷ࿩(teep, suit,
    rats)͸ଞͷํ͕͠Ό΂
    Δͱࢥ͏ͷͰলུ

    View Slide

  39. oauth.xyz
    (࣮ࡍʹ͜ͷ໊લΛURLόʔʹಥͬࠐΉͱαΠτ͕ग़ͯ͘Δ)
    OAuth 2.0͸ଟ͘ͷϢʔεέʔεΛΧόʔͨ͠ΓηΩϡϦςΟ্ͷ
    ໰୊ΛΧόʔ͢ΔͨΊʹଟ͘ͷ֦ு͕ग़͖͚ͯͨΕͲɺಉ͡໰୊
    Λෳ਺ͷํ๏Ͱղܾ͢ΔΑ͏ͳෳࡶੑΛੜΈग़ͯ͠͠·ͬͨɻ
    τϥϯβΫγϣϯϞσϧ(Ұͭͷtransaction IDΛத৺ʹɺػೳΛ෇
    ͚଍͍ͯ͘͠৔߹͸τϥϯβΫγϣϯʹ伴Λ௥Ճ͍ͯ͘͠ɺͱ͍
    ͏ํࣜ)Ͱ੔ཧ͠ͳ͓ͦ͏ɺͱ͍͏ࢼΈɻ

    View Slide

  40. Dragonblood
    ANRWͷinvited talkɻWPA3ͷDragonflyϋϯυγΣΠΫʹαΠυ
    νϟωϧ߈ܸ੬ऑੑ͕͋Γ·͢ɺͱ͍͏࿩ɻ
    ύεϫʔυΛପԁۂઢ͋Δ͍͸༗ݶମ্ͷཁૉʹม׵͢Δࡍ(hash-
    to-curve/group)ͷ࣮૷͕·ͣ͘ɺύεϫʔυʹΑͬͯࢼߦճ਺͕ม
    Θͬͯ͠·͏ͨΊɺ࣮ߦ࣌ؒΛଌఆ͢Δ͜ͱͰύεϫʔυಛఆͷ
    ͨΊͷ৘ใΛऔΓग़ͤΔɻ
    ͳ͓ɺ͜ͷൃදͷ͋ͱ͞Βʹ௥ՃͰCVE-2019-13377/13456͕ಉ
    ҰஶऀʹΑΓൃද͞Εͨɻ

    View Slide

  41. TLS 1.3 Impact on Network
    Based Security Solutions
    TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏
    յΕΔ͔ͷ·ͱΊɻյΕΔ͔Β௚ͤɺͱ͍͏ओுͰ͸ͳ͘ɺӨڹ
    ൣғΛ໌Β͔ʹ͢Δ͜ͱΛ໨తͱ͍ͯ͠Δ΋ͷɻʢͱ͸͍͑ɺଟ
    ෼ͦ͏͍͏࿩΋ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢
    Δ͜ͱΛ໨ࢦ͍ͯ͠Δɻ
    https:/
    /datatracker.ietf.org/meeting/105/materials/slides-105-tls-
    sessb-tls-impact-on-network-security-00

    View Slide

  42. ଟ෼ೖΓ͖Βͳ͍ͱࢥ͏DNS
    ؔ܎͸ࠓճ͸ׂѪ
    • ANRW: Oblivious DNS, Who Is Answering My Queries (DNS
    interceptionͷଌఆ), What Can You Learn from an IP?
    • dnsop
    • add (Applications Doing DNS)
    Ͳ͔͜Ͱެ։༧ఆʁ

    View Slide