secure communications

Similar documents
SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Most Common Security Threats (cont.)

Introduction and Overview. Why CSCI 454/554?

Information Security CS 526

BEST PRACTICES FOR PERSONAL Security

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Crypto meets Web Security: Certificates and SSL/TLS

SE420 Software Quality Assurance

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Network Security Chapter 8

Real-time protocol. Chapter 16: Real-Time Communication Security

CS 494/594 Computer and Network Security

Security+ SY0-501 Study Guide Table of Contents

Securing Internet Communication: TLS

Session initiation protocol & TLS

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Data Security and Privacy. Topic 14: Authentication and Key Establishment

14. Internet Security (J. Kurose)

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Digital Certificates Demystified

CSE 565 Computer Security Fall 2018

CS 356 Internet Security Protocols. Fall 2013

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Access Controls. CISSP Guide to Security Essentials Chapter 2

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

SSH. Partly a tool, partly an application Features:

On the Internet, nobody knows you re a dog.

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

Installation and usage of SSL certificates: Your guide to getting it right

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

Once all of the features of Intel Active Management Technology (Intel

0x1A Great Papers in Computer Security

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

David Wetherall, with some slides from Radia Perlman s security lectures.

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Cryptography and Network Security

Securing Internet Communication

Outline Key Management CS 239 Computer Security February 9, 2004

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

VPN Overview. VPN Types

CIS 4360 Secure Computer Systems Applied Cryptography

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Cyber Security Practice Questions. Varying Difficulty

Information Security: Principles and Practice Second Edition. Mark Stamp

Syllabus: The syllabus is broadly structured as follows:

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

CSCE 715: Network Systems Security

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Securing ArcGIS Services

Public-Key Infrastructure NETS E2008

XEP-0206: XMPP Over BOSH

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Internet Engineering Task Force (IETF) Request for Comments: 6120 Obsoletes: 3920 March 2011 Category: Standards Track ISSN:

Transport Layer Security

CSC 6575: Internet Security Fall 2017

Network Security and Cryptography. December Sample Exam Marking Scheme

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

The Protocols that run the Internet

A SIMPLE INTRODUCTION TO TOR

Table of Contents 1 IKE 1-1

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Key Management and Distribution

Verteilte Systeme (Distributed Systems)

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

VoIP Security Threat Analysis

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

CS Computer Networks 1: Authentication

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Ethical Hacking and Prevention

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

e-commerce Study Guide Test 2. Security Chapter 10

Transport Layer Security

Network Access Flows APPENDIXB

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Network Security. Chapter 8. MYcsvtu Notes.

ECE 435 Network Engineering Lecture 5

An Overview of Secure and Authenticated Remote Access to Central Sites

CompTIA Security+ (2008 Edition) Exam

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

Network Security and Cryptography. 2 September Marking Scheme

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Network Security: IPsec. Tuomas Aura

Request for Comments: 7259 Category: Informational May 2014 ISSN:

CPSC 467b: Cryptography and Computer Security

DO NOT OPEN UNTIL INSTRUCTED

QUANTUM SAFE PKI TRANSITIONS

Cisco VCS Authenticating Devices

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

CS System Security 2nd-Half Semester Review

How to get a trustworthy DNS Privacy enabling recursive resolver

XMPP Illustrated: Getting to Know XMPP

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

Linux Network Administration

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Security and Anonymity

Cryptography and Network Security

Transcription:

Jabber security

Peter Saint-Andre

stpeter@jabber.org

secure communications

with Jabber

Jabber is...

open technologies

real-time messaging

presence

multimedia negotiation

and more

invented by Jeremie Miller in 1998

powered by streaming XML

over long-lived TCP connections

client-server architecture

decentralized network

inter-domain messaging

like email

but really fast

with built-in presence

not one open-source project

multiple codebases

open-source and commercial

focus on XML wire protocol

core protocol standardized @ IETF

Extensible

Messaging

and

Presence

Protocol

(XMPP)

RFCs 3920 + 3921

widely deployed

how many users?

we don t know

decentralized architecture

~50 million IM users

not just IM

general XML routing

lots of applications beyond IM

continually defining XMPP extensions

XMPP Standards Foundation (XSF)

that s great, but...

how secure is it?

what is security?

secure conversation in real life...

a good friend visits your home

you know and trust each other

only the two of you

strangers can t enter your home

your home is not bugged

conversation is not recorded

what you say is private and confidential

contrast with the Internet...

the Internet is a dangerous place

lots of potential attacks

man in the middle

unauthenticated users

address spoofing

weak identity

rogue servers

denial of service

directory harvesting

buffer overflows

spam

spim

spit

splogs

viruses

worms

trojan horses

malware

phishing

pharming

information leaks

inappropriate logging and archiving

etc.

how do we fight these threats?

sorry, but...

Jabber is not a perfect technology

not originally built for high security

don t require GPG keys or X.509 certs

don t require ubiquitous encryption

maybe that s why we have 50 million users...

but privacy and security are important

so what have we done to help?

Jabber architecture...

client-server architecture

similar to email

client connects to server (TCP 5222)

(or connect via HTTP binding over SSL)

client MUST authenticate

originally: plaintext or hashed password

Simple Authentication & Security Layer (SASL)

RFC 4422

many SASL mechanisms

PLAIN (OK over encrypted connection)

DIGEST-MD5

EXTERNAL (with X.509 certs)

KERBEROS (a.k.a. GSSAPI)

ANONYMOUS

etc.

all users are authenticated

server stamps user from address

Jabber IDs are logical addresses

look like email addresses

romeo@montague.net

juliet@capulet.com

not limited to US-ASCII characters

jiři@čechy.cz

πλατω@ἑλλας.gr

มฌำปจ@jabber.th

@jabber.jp

@math.it

full Unicode opens phishing attacks

STPETER@jabber.org ᏚᎢᎵᎬᎢᎬᏒ@jabber.org

clients should use petnames

store in buddy list [tm] (a.k.a. roster )

server stores your roster

server broadcasts your presence

but only to subscribers you have authorized

server must not expose your IP address

most traffic goes through server

traffic is pure XML

servers reject malformed XML

servers MAY validate traffic against schemas

difficult to inject binary objects

difficult to propagate malware

break alliance between viruses and spam

spim virtually unknown on Jabber network

why?

hard to spoof addresses

hard to send inline binary

XHTML subset (no scripts etc.)

clients check before accepting a file

XMPP not immune to spim

have spim-fighting tools ready when it appears

challenge-response to communicate

challenge-response to register account

spim reporting

reputation systems?

spimmers need to overcome rate limiting

distributed attack or rogue server

not impossible

just harder than other networks (got email?)

no rogue servers (yet)

a server MAY federate with other servers

many private XMPP servers

public servers federate as needed (TCP 5269)

DNS lookups to determine IP addresses

only one hop between servers

server identities are validated

server dialback (reverse DNS lookups)

effectively prevents server spoofing

receiving server checks sending domain

no messages from service@paypal.com

DNS poisoning can invalidate

need something stronger?

Transport Layer Security (TLS)

RFC 4346

IETF upgrade to SSL

TLS + SASL EXTERNAL with X.509 certs

strong authentication of other servers

but only if not using self-signed certs

$$$

real X.509 certs are expensive

free digital certificates for XMPP server admins

intermediate CA for XMPP network

xmpp.net

root CA: StartCom

ICA: XMPP Standards Foundation

hopefully other CAs in future

channel encryption is a no-brainer

Mallory is foiled

but what about Isaac and Justin?

need end-to-end encryption ( e2e )

first try: OpenPGP (XEP-0027)

great for geeks

but Aunt Tillie doesn t use PGP

second try: S/MIME (RFC 3923)

great for geeks (and some employees)

but Aunt Tillie doesn t use X.509

XML encryption and digital signatures?

seems natural, but not much interest (c14n?)

doesn t provide perfect forward secrecy

off-the-record communications (OTR)?

great idea

opportunistic encryption (à la SSH)

perfect forward secrecy

but encrypts only the plaintext message body

we need to encrypt the entire packet

why?

because XMPP is more than just IM

e.g., protect IPs sent in multimedia negotiation

solution: encrypted sessions

big set of requirements...

packets are confidential

packet integrity

replay protection

key compromise does not reveal past comms

dependence on PKI not necessary

entities authenticated to each other

3rd parties cannot identify entities

repudiate any given message

robustness against attack (multiple hurdles)

upgradeability if bugs are discovered

encryption of full XMPP packets

implementable by typical developer

usable by typical user

just a dream?

how to address all requirements?

bootstrap from cleartext to encryption

in-band Diffie-Hellman key exchange

translate SIGMA approach to XMPP

similar to Internet Key Exchange (IKE)

details in XSF XEPs 116, 188, 200

major priority for 2007

support from NLnet (thanks!)

pursuing full security analysis

code bounties

more at blog.xmpp.org

wide implementation by end of 2007

so how are we doing?

spim free

hard to spoof addresses

pure XML discourages binary malware

DoS attacks possible but not easy

widespread channel encryption

working hard on end-to-end encryption

widely deployed in highsecurity environments

Wall Street investment banks

U.S. military

MIT and other universities

many public servers since 1999

no major security breaches

can t be complacent

always more to do

security is a neverending process

analysis and hacking encouraged

if it breaks, we ll fix it

security@xmpp.org

join the conversation

let s build a more secure Internet

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback