secure communications

Transcription

1 Jabber security

2 Peter Saint-Andre

3

4

5 secure communications

6 with Jabber

7 Jabber is...

8 open technologies

9 real-time messaging

10 presence

11 multimedia negotiation

12 and more

13 invented by Jeremie Miller in 1998

14 powered by streaming XML

15 over long-lived TCP connections

16 client-server architecture

17 decentralized network

18 inter-domain messaging

19 like

20 but really fast

21 with built-in presence

22 not one open-source project

23 multiple codebases

24 open-source and commercial

25 focus on XML wire protocol

26 core protocol IETF

27 Extensible

28 Messaging

29 and

30 Presence

31 Protocol

32 (XMPP)

33 RFCs

34 widely deployed

35 how many users?

36 we don t know

37 decentralized architecture

38 ~50 million IM users

39 not just IM

40 general XML routing

41 lots of applications beyond IM

42 continually defining XMPP extensions

43 XMPP Standards Foundation (XSF)

44 that s great, but...

45 how secure is it?

46 what is security?

47 secure conversation in real life...

48 a good friend visits your home

49 you know and trust each other

50 only the two of you

51 strangers can t enter your home

52 your home is not bugged

53 conversation is not recorded

54 what you say is private and confidential

55 contrast with the Internet...

56 the Internet is a dangerous place

57 lots of potential attacks

58 man in the middle

59 unauthenticated users

60 address spoofing

61 weak identity

62 rogue servers

63 denial of service

64 directory harvesting

65 buffer overflows

66 spam

67 spim

68 spit

69 splogs

70 viruses

71 worms

72 trojan horses

73 malware

74 phishing

75 pharming

76 information leaks

77 inappropriate logging and archiving

78 etc.

79 how do we fight these threats?

80 sorry, but...

81 Jabber is not a perfect technology

82 not originally built for high security

83 don t require GPG keys or X.509 certs

84 don t require ubiquitous encryption

85 maybe that s why we have 50 million users...

86 but privacy and security are important

87 so what have we done to help?

88 Jabber architecture...

89

90 client-server architecture

91 similar to

92 client connects to server (TCP 5222)

93 (or connect via HTTP binding over SSL)

94 client MUST authenticate

95 originally: plaintext or hashed password

96 Simple Authentication & Security Layer (SASL)

97 RFC 4422

98 many SASL mechanisms

99 PLAIN (OK over encrypted connection)

100 DIGEST-MD5

101 EXTERNAL (with X.509 certs)

102 KERBEROS (a.k.a. GSSAPI)

103 ANONYMOUS

104 etc.

105 all users are authenticated

106 server stamps user from address

107 Jabber IDs are logical addresses

108 look like addresses

109

110

111 not limited to US-ASCII characters

112

113

114

115 @jabber.jp

116 @math.it

117 full Unicode opens phishing attacks

118

119 clients should use petnames

120 store in buddy list [tm] (a.k.a. roster )

121 server stores your roster

122 server broadcasts your presence

123 but only to subscribers you have authorized

124 server must not expose your IP address

125 most traffic goes through server

126 traffic is pure XML

127 servers reject malformed XML

128 servers MAY validate traffic against schemas

129 difficult to inject binary objects

130 difficult to propagate malware

131 break alliance between viruses and spam

132 spim virtually unknown on Jabber network

133 why?

134 hard to spoof addresses

135 hard to send inline binary

136 XHTML subset (no scripts etc.)

137 clients check before accepting a file

138 XMPP not immune to spim

139 have spim-fighting tools ready when it appears

140 challenge-response to communicate

141 challenge-response to register account

142 spim reporting

143 reputation systems?

144 spimmers need to overcome rate limiting

145 distributed attack or rogue server

146 not impossible

147 just harder than other networks (got ?)

148 no rogue servers (yet)

149 a server MAY federate with other servers

150 many private XMPP servers

151 public servers federate as needed (TCP 5269)

152 DNS lookups to determine IP addresses

153 only one hop between servers

154 server identities are validated

155 server dialback (reverse DNS lookups)

156 effectively prevents server spoofing

157 receiving server checks sending domain

158 no messages from

159 DNS poisoning can invalidate

160 need something stronger?

161 Transport Layer Security (TLS)

162 RFC 4346

163 IETF upgrade to SSL

164 TLS + SASL EXTERNAL with X.509 certs

165 strong authentication of other servers

166 but only if not using self-signed certs

167 $$$

168 real X.509 certs are expensive

169 free digital certificates for XMPP server admins

170 intermediate CA for XMPP network

171 xmpp.net

172 root CA: StartCom

173 ICA: XMPP Standards Foundation

174 hopefully other CAs in future

175 channel encryption is a no-brainer

176 Mallory is foiled

177 but what about Isaac and Justin?

178

179 need end-to-end encryption ( e2e )

180 first try: OpenPGP (XEP-0027)

181 great for geeks

182 but Aunt Tillie doesn t use PGP

183 second try: S/MIME (RFC 3923)

184 great for geeks (and some employees)

185 but Aunt Tillie doesn t use X.509

186 XML encryption and digital signatures?

187 seems natural, but not much interest (c14n?)

188 doesn t provide perfect forward secrecy

189 off-the-record communications (OTR)?

190 great idea

191 opportunistic encryption (à la SSH)

192 perfect forward secrecy

193 but encrypts only the plaintext message body

194 we need to encrypt the entire packet

195 why?

196 because XMPP is more than just IM

197 e.g., protect IPs sent in multimedia negotiation

198 solution: encrypted sessions

199 big set of requirements...

200 packets are confidential

201 packet integrity

202 replay protection

203 key compromise does not reveal past comms

204 dependence on PKI not necessary

205 entities authenticated to each other

206 3rd parties cannot identify entities

207 repudiate any given message

208 robustness against attack (multiple hurdles)

209 upgradeability if bugs are discovered

210 encryption of full XMPP packets

211 implementable by typical developer

212 usable by typical user

213 just a dream?

214 how to address all requirements?

215 bootstrap from cleartext to encryption

216 in-band Diffie-Hellman key exchange

217 translate SIGMA approach to XMPP

218 similar to Internet Key Exchange (IKE)

219 details in XSF XEPs 116, 188, 200

220 major priority for 2007

221 support from NLnet (thanks!)

222 pursuing full security analysis

223 code bounties

224 more at blog.xmpp.org

225 wide implementation by end of 2007

226 so how are we doing?

227 spim free

228 hard to spoof addresses

229 pure XML discourages binary malware

230 DoS attacks possible but not easy

231 widespread channel encryption

232 working hard on end-to-end encryption

233 widely deployed in highsecurity environments

234 Wall Street investment banks

235 U.S. military

236 MIT and other universities

237 many public servers since 1999

238 no major security breaches

239 can t be complacent

240 always more to do

241 security is a neverending process

242 analysis and hacking encouraged

243 if it breaks, we ll fix it

244

245 join the conversation

246 let s build a more secure Internet