Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Messaging Layer Security and stuff @ IETF105
Search
sylph01
August 30, 2019
Technology
0
990
Messaging Layer Security and stuff @ IETF105
Presented at IETF 105 Report Session @ ISOC-JP
https://www.isoc.jp/wiki.cgi?page=IETF105Update
sylph01
August 30, 2019
Tweet
Share
More Decks by sylph01
See All by sylph01
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.5k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
100
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
470
Introduction to C Extensions
sylph01
3
200
"Actual" Security in Microcontroller Ruby!?
sylph01
0
140
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
63
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
300
Adding Security to Microcontroller Ruby
sylph01
3
3.6k
Secure Messaging at IETF 118
sylph01
0
110
Other Decks in Technology
See All in Technology
スタートアップに選択肢を 〜生成AIを活用したセカンダリー事業への挑戦〜
nstock
0
200
AI時代の開発生産性を加速させるアーキテクチャ設計
plaidtech
PRO
3
160
Should Our Project Join the CNCF? (Japanese Recap)
whywaita
PRO
0
340
20250707-AI活用の個人差を埋めるチームづくり
shnjtk
4
3.9k
CRE Camp #1 エンジニアリングを民主化するCREチームでありたい話
mntsq
1
130
AWS Organizations 新機能!マルチパーティ承認の紹介
yhana
1
280
Reach American Airlines®️ Instantly: 19 Calling Methods for Fast Support in the USA
flyamerican
1
170
データグループにおけるフロントエンド開発
lycorptech_jp
PRO
1
100
React開発にStorybookとCopilotを導入して、爆速でUIを編集・確認する方法
yu_kod
1
280
IPA&AWSダブル全冠が明かす、人生を変えた勉強法のすべて
iwamot
PRO
2
140
ビギナーであり続ける/beginning
ikuodanaka
3
760
怖くない!はじめてのClaude Code
shinya337
0
400
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
512
110k
GraphQLとの向き合い方2022年版
quramy
49
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Code Review Best Practice
trishagee
69
18k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Visualization
eitanlees
146
16k
Building an army of robots
kneath
306
45k
Being A Developer After 40
akosma
90
590k
Why Our Code Smells
bkeepers
PRO
336
57k
Transcript
Messaging Layer Security, and other security related stuff Ryo Kajiwara
@ lepidum IETF105 Report Session, ISOC-JP
None
Messaging Layer Security (mls)
աڈʹͨ͠ࢿྉʹ͍ͭͯ ݕࡧͯ͠ग़ͯ͘Δࢿྉʹࢲ͕2018/8ʹͨ͠ࢿྉ͕ग़͖ͯ·͢ ͕ɺ۩ମతͳํࣜʹ͔ؔͯ͠ͳΓଟ͘ͷΞοϓσʔτ͕ೖͬͯ ͍·͢ɻ֓આ෦ʹؔͯ͠एׯͦΕΛྲྀ༻͍ͯ͠·͢ɻ https:/ /speakerdeck.com/sylph01/messaging-layer-security ۩ମతʹݴ͏ͱɺ17൪ͷεϥΠυҎ߱ͷ༰΄ͱΜͲݱࡏͷ υϥϑτʹ͍ͬͯ·ͤΜɻπϦʔͷܭࢉʹؔͯ͠Asynchronous Ratchet Treeͷ֓೦͚ͩࠓͷυϥϑτͰ͋Δఔ௨༻͠·͢ɻ
͜ΕԿʁ ෳਓͷάϧʔϓʹ͓͚ΔηΩϡΞϝοηʔδϯάͷͨΊͷ伴ަ ͷํ๏Λඪ४Խ͠Α͏ɺͱ͍͏Internet-Draft -> Working Groupɻ ͘͢͝ฏ͍ͨ͘͏ͱɺάϧʔϓνϟοτΛEnd-to-End҉߸Խ͢Δ ํ๏Λඪ४Խ͠Α͏ͥɺͱ͍͏༰ɻ
ηΩϡΞϝοηʔδϯάʁ ࠷ۙͷϝοηʔδϯάαʔϏεEnd-to-End҉߸Խ͕ී௨Ͱ͢ɻ • Signalʢ͕͜͜͠Γʣ • Facebook Messenger • WhatsApp •
LINE ͳͲEnd-to-End҉߸ԽΛطʹऔΓೖΕ͍ͯ·͢ɻ
WG Charter͔Βཁ ҎԼͷੑ࣭Λ࣋ͭάϧʔϓ伴ͷ߹ҙɾϝοηʔδอޢΛඞཁͱ͢ ΔΞϓϦέʔγϣϯ͕ଟ͘ଘࡏ͢ΔͨΊɺͦΕΛ࣮ݱ͍ͨ͠: ϝοηʔδͷൿີੑɺϝοηʔδͷશੑɾೝূɺϝϯόʔͷೝ ূɺඇಉظੑɺForward SecrecyɺPost-Compromise Securityɺε έʔϥϏϦςΟ
είʔϓʹ͍ͭͯ • ֤ϕϯμʔಠࣗϓϩτίϧͰ࣮ݱ͍ͯ͠ΔͨΊɺࣗͷϓϩ τίϧɾελοΫΛಠཱʹҡ࣋ཧ͢Δඞཁ͕͋Γɺ݁Ռͱ͠ ͯಠཱʹ࣭อূΛ͢Δඞཁ͕͋Δɻ • MLSϝοηʔδͷηΩϡϦςΟ෦ʹ͍ͭͯڞ௨ͷํ๏Λఏ ࣔ͢Δ͜ͱͰɺϓϩτίϧͷਖ਼ੑɾ҆શੑͷݕূ݁ՌΛڞ༗ Ͱ͖Δ͜ͱΛࢦ͢(shared validation
of the protocol)ɻ • 伴߹ҙҎ্ͷϝοηʔδϯάΞϓϦέʔγϣϯͷ interoperability/federationΛఏڙ͢ΔͷͰͳ͍
ඇಉظੑ(asynchronous usage) ͜͜Ͱ͍͏ʮඇಉظੑʯͱɺ2ਓͷϢʔβʔ͕ಉ࣌ʹΦϯϥΠϯ Ͱ͋Δ͜ͱΛཁٻ͢ΔΑ͏ͳMLSͷoperation͕ଘࡏ͍͚ͯ͠ͳ ͍ɺͱ͍͏ੑ࣭ͷ͜ͱɻ
Forward Secrecy ௨৴ϓϩτίϧͷੑ࣭Ͱɺظ伴(long-term key)ͷ࿐ʹΑͬͯա ڈͷηογϣϯΩʔͷ҆શੑ͕ࣦΘΕͳ͍ɺͱ͍͏ੑ࣭ɻ ʮաڈͷηογϣϯΩʔʯͷ҆શੑͳͷʹʮForwardʯʁˠϝο ηʔδΛૹͬͨ͋ͱকདྷʹΘͨͬͯηογϣϯΩʔͷ࿐ʹ͑ Δɺͱ͍͏ੑ࣭͔ͩΒɻ TLSͷจ຺ͰͷFSͱಉٛɻ·ͨɺ"Perfect" Forward
Secrecyͱ Forward SecrecyҰൠʹಉٛɻ
Post-Compromise Security ݫີͳఆٛͱͯ͠ "On Ends-to-Ends Encryption: Asynchronous Group Messaging with
Strong Security Guarantees" (Cohn-Gordon et al., 2017) ͷ(3.0.2)ͱ(3.1)ɺ άϧʔϓϝϯόʔͷશͳঢ়ଶ(ظ伴ͱͦΕΒ͔Βಋग़͞Εͨ伴) ͕compromise͞Εͨͱͯ͠ɺ৽ͨʹ҆શͳ伴͕ಋग़͞Εͯάϧʔ ϓͷձ͕ܧଓ͞ΕҎޙͷൿີੑ͕कΒΕΔͱ͖ɺpost- compromise securityΛ࣋ͭɺͱ͍͏ɻ FS/PCSmls-architectureͷ3.2.2.1Ͱఆٛ͞Ε͍ͯΔɻ
Documents • draft-ietf-mls-architecture-02 • draft-ietf-mls-protocol-07 • draft-omara-mls-federation-00
mls-architecture
લఏ • full messaging protocolͷ࣮Λҙਤ͍ͯ͠ͳ͍ (<-> XMPP) • wire encodingͷఆٛͰͳ͘ɺநతͳσʔλߏͷΈΛఆٛ
• άϧʔϓͷنas large as thousands
ׂ Messaging Service2ͭͷabstract serviceΛఏڙ͢Δ: • Authentication Service: long-term identityͷཧ •
long-term identity keyͷσΟεΧόϦʔαʔϏε • Delivery Service: ϝοηʔδͷड৴ͱ࠶ • ϝοηʔδͦͷͷͷϒϩʔυΩϟετͷ΄͔ɺάϧʔϓ伴 ߹ҙʹඞཁͳkeying materialͷͷׂߦ͏ ಉҰαʔόʔͰΑ͍͕ɺׂ͕ҧ͏ͷͰจষ্۠ผ͞ΕΔ
ηΩϡϦςΟલఏͷิ 2.3.5: ΦϑϥΠϯͷϝϯόʔ͕ݹ͍伴Λ͍࣋ͬͯͨΒForward Secrecy/ Post-Compromise SecurityͷલఏͰ͋Δkeying materialͷআ/ஔ ෆՄೳɻMLS͜ͷͷରԠߦΘͳ͍(࣮Ͱղܾ͠Ζɺ ͱ͍͏͜ͱ͔)ɻ
ཁ݅ (Ұ෦ൈਮ) • ಉ࣌ΦϯϥΠϯΛཁٻ͠ͳ͍ (asynchronous) • एׯͷϝοηʔδϩε͕ൃੜͯ͠permanent exclusionʹͭͳ ͕Βͳ͍ •
ϚϧνσόΠεରԠ • ཤྺͷ෮ݩFS/PCSͷલఏΛ่͢ͷͰϓϩτίϧϨϕϧͰ ڐՄ͠ͳ͍͕ଞͷํࣜͰΔ͜ͱߟ͑ΒΕΔ
ཁ݅ (Ұ෦ൈਮɺଓ͖) • ϖΠϩʔυͷϑΥʔϚοτΛԾఆ͠ͳ͍ • ෳͷMLS࣮͕federation͢Δ͜ͱ͋ΓಘΔ • ͕charterͱͯ͠είʔϓ֎ɺmls-federationͰ͍ͬͯΔ ༷ •
কདྷόʔδϣϯͱͷޓੑ
ηΩϡϦςΟཁ݅ • ΫϥΠΞϯτͱαʔόʔͷؒͷ௨৴TLSͳͲͰ҉߸Խ͞Ε͍ͯ Δ͜ͱΛԾఆ͢Δ͕ɺτϥϯεϙʔτͷcompromiseʹASʹ ΑΔidentity keys͕దʹೝূ͞Ε͍ͯΔݶΓ͑Δ • DSάϧʔϓͷprivate contentͷΞΫηεΛ࣋ͨͳ͍(ཧऀ ͕ϝοηʔδΛ͖ݟΔ͜ͱͰ͖ͳ͍)
• ϝϯόʔͷՃ/আ: MLSଞͷϝϯόʔʹΒͤΔ͜ͱͳ͘ϝ ϯόʔͷՃ/আΛߦ͏͜ͱΛڐՄ͠ͳ͍(ϓϩτίϧͷΈ ্ͦ͏ͳ͍ͬͯΔ)
mls-protocol
(എܠ)2 partiesͷ߹ղܾࡁΈ Signal Messaging ProtocolͰ༻͍ΒΕ͍ͯΔDouble Ratchetํࣜɻ "Ratchet"ʮҰਐΜͩΒΒͳ͍ʯͷͷྫ͑Ͱɺ҉߸ʹ ͓͚Δ"Ratchet"ͱϋογϡؔΛͬͯʮ৽͍͔͠Βաڈͷ ΛܭࢉͰ͖ͳ͍Α͏ʹͯ͠伴Λಋग़͢ΔʯΈͷ͜ͱɻ ͷΑ͏ʹͯ͠ϝοηʔδ͝ͱʹ伴Λߋ৽͢Δɻ
(എܠ)ʮͨ͘͞ΜʯͷࢀՃऀͷ߹͠ ΜͲ͍ Α͘औΒΕΔํ๏ɺطʹཱ͍֬ͯ͠ΔνϟϯωϧΛ௨ͯ͠ ʮsender keyʯΛҰํతʹbroadcastɺ֤ࢀՃऀͦͷʮsender keyʯͰ҉߸Խͨ͠ϝοηʔδΛૹ৴͢Δɺͱ͍͏ͷɻ "hash ratchet"Λ͏͜ͱͰForward Secrecy࣮ݱͰ͖Δ͕ɺҰ 伴͕ഁΒΕΔͱ伴Λߋ৽͢Δͷʹಉ͡ํ๏ΛΘͳͯ͘ͳΒ
ͣɺpost-compromise security͕ͳ͍ͱ͍͑Δɻ
Ͳ͏࣮ͬͯݱ͢Δʁ
None
None
None
None
Ͳ͏ͬͯάϧʔϓͷڞ༗ൿ ີΛ҆શʹڞ༗͢Δʁ ެ։伴҉߸(Diffie-Hellman)Ͱɺʮࣗͷൿີ伴ʯʴʮଞͷϝϯόʔ ͷൿີ伴ʯΛͬͯڞ༗ൿີΛಋग़͢Δɻશһͷൿີ伴Λ͍͍ͪ ͪ͏ͱܭࢉίετ͕ߴ͍ͷͰπϦʔߏΛऔ͍ͬͯΔɻ Asynchronous Ratchet Treeͱ͍͏Έ͕͜Εʹ૬͢Δ͕ɺҰൠ ੑΛอͭͨΊdraft-01͔Β"Ratchet Tree"ͱ͍͏ޠʹมߋ͞Ε͍ͯ
Δɻ
None
WG activity @ IETF 105
User Authentication Within Groups https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-mls- sessa-user-authentication-within-groups-00.pdf SignalͰظ伴͔ΒϩάΠϯ༻QRίʔυΛੜ͍ͯ͠Δɻ͜ΕͰ Post-Compromise Security͕ͳ͍ɻ
Epoch-Level Authenticationʢಛఆͷ࣌ͰͷΈ༗ޮͳϩάΠϯ༻ QRίʔυΛੜʣͷಋೖͱͦͷํ๏ͷఏҊɻ
Protocol Enhancements • group secretͷߋ৽ΛͰ͖ΔݶΓdefer͍ͨ͠ • ݱࡏgroupͷՃͷࡍʹϝοηʔδϯάͷ༗ແʹؔΘΒͣ group secretͷߋ৽͕ߦΘΕɺ݁ՌେྔͷDHԋࢉ͕ൃੜ͢Δ •
add/update/removeఆ࣌ؒͰࡁΉΑ͏ʹͳΔ͚ΕͲ ratchetʢsecretͷߋ৽ʣͷίετ͕ߴ͍ɺͱ͍͏τϨʔυΦ ϑ͕͋Δ
Protocol Enhancements • Server-Initiated Add • LazinessΛಋೖͨ͠Βαʔόʔ͕AddΛ࡞ΕΔΑ͏ʹͳΔ (Welcomeinit secretΛؚΉͷͰෆՄೳ) •
ݱࡏUser-Initiated AddͱGroup-Initiated AddผͷΈΛ ͍ͬͯΔ͕ɺinit secretඇಉظԽͰ͖Ε౷ҰͰ͖Δ͠ɺ ೝূ͞ΕͨϝϯόʔWelcomeΛ߹Ͱ͖ΔΑ͏ʹͳΔ • ͨͩ͠DH-like constructionͷϩοΫΠϯ͕༗Γಘͦ͏ͳͷ ʹՃ͑ͯݕূ͕͠ΜͲͦ͏
ਐḿ mls-protocol • draft-08: 10݄ͷinterim • draft-09: 11݄ͷIETF 106 •
WGLCΛࢦ͢ͱͷ͜ͱ
ࠓޙಈͷupdateΛ ใࠂ͍͚ͯ͠Εͱࢥ ͍·͢ ͋ͱάϧʔϓ伴߹ҙʹ͍ͭͯݹయతͳconstructionҎ֎Λ༻͍Δํ ๏͋Γͦ͏…ʁ
None
Other Security Related Topics
IoTؔͷ(teep, suit, rats)ଞͷํ͕͠Ό Δͱࢥ͏ͷͰলུ
oauth.xyz (࣮ࡍʹ͜ͷ໊લΛURLόʔʹಥͬࠐΉͱαΠτ͕ग़ͯ͘Δ) OAuth 2.0ଟ͘ͷϢʔεέʔεΛΧόʔͨ͠ΓηΩϡϦςΟ্ͷ ΛΧόʔ͢ΔͨΊʹଟ͘ͷ֦ு͕ग़͖͚ͯͨΕͲɺಉ͡ Λෳͷํ๏Ͱղܾ͢ΔΑ͏ͳෳࡶੑΛੜΈग़ͯ͠͠·ͬͨɻ τϥϯβΫγϣϯϞσϧ(Ұͭͷtransaction IDΛத৺ʹɺػೳΛ ͚͍ͯ͘͠߹τϥϯβΫγϣϯʹ伴ΛՃ͍ͯ͘͠ɺͱ͍ ͏ํࣜ)Ͱཧ͠ͳ͓ͦ͏ɺͱ͍͏ࢼΈɻ
Dragonblood ANRWͷinvited talkɻWPA3ͷDragonflyϋϯυγΣΠΫʹαΠυ νϟωϧ߈ܸ੬ऑੑ͕͋Γ·͢ɺͱ͍͏ɻ ύεϫʔυΛପԁۂઢ͋Δ͍༗ݶମ্ͷཁૉʹม͢Δࡍ(hash- to-curve/group)ͷ࣮͕·ͣ͘ɺύεϫʔυʹΑͬͯࢼߦճ͕ม Θͬͯ͠·͏ͨΊɺ࣮ߦ࣌ؒΛଌఆ͢Δ͜ͱͰύεϫʔυಛఆͷ ͨΊͷใΛऔΓग़ͤΔɻ ͳ͓ɺ͜ͷൃදͷ͋ͱ͞ΒʹՃͰCVE-2019-13377/13456͕ಉ ҰஶऀʹΑΓൃද͞Εͨɻ
TLS 1.3 Impact on Network Based Security Solutions TLS 1.3ͰϛυϧϘοΫε͕ఏڙ͍ͯͨ͠ηΩϡϦςΟػೳ͕Ͳ͏
յΕΔ͔ͷ·ͱΊɻյΕΔ͔Βͤɺͱ͍͏ओுͰͳ͘ɺӨڹ ൣғΛ໌Β͔ʹ͢Δ͜ͱΛతͱ͍ͯ͠Δͷɻʢͱ͍͑ɺଟ ͦ͏͍͏ؚ·Ε͍ͯͦ͏ͩΑͳ͋…ʣInformational RFCͱ͢ Δ͜ͱΛࢦ͍ͯ͠Δɻ https:/ /datatracker.ietf.org/meeting/105/materials/slides-105-tls- sessb-tls-impact-on-network-security-00
ଟೖΓ͖Βͳ͍ͱࢥ͏DNS ؔࠓճׂѪ • ANRW: Oblivious DNS, Who Is Answering My
Queries (DNS interceptionͷଌఆ), What Can You Learn from an IP? • dnsop • add (Applications Doing DNS) Ͳ͔͜Ͱެ։༧ఆʁ