Minutes IETF104: saag
minutes-104-saag-00
|
| Meeting Minutes |
|
Security Area Open Meeting
(saag) AG
|
| Title |
|
Minutes IETF104: saag |
| State |
|
Active |
| Other versions |
|
plain text
|
| Last updated |
|
2019-04-16 |
Meeting Minutes
minutes-104-saag
# Security Area Advisory Group (SAAG) Minutes from IETF 104
* 28 March 2019, 13:50
* Chairs: Benjamin Kaduk, Roman Danyliw
## WG/BoF reports
* slides:
https://datatracker.ietf.org/meeting/104/materials/slides-104-saag-chair-slides-00
See slides for pointers to individual WG/BoF reports.
WG which didn't submit reports provided the following updates:
* I2NSF - question about YANG modules and IANA registries. Yang model for IPSEC
copies registry. Concern about how registry changes are handled. ** Paul
Hoffman suggests asking IANA staff how to do this. ** Eliot Lear suggests
engaging with YANG chairs.
* TRANS - is almost done; didn't meet.
* NTS is almost done, but more security-related work coming.
* IOT onboarding side meeting had important security aspects. Will be an
interim discussion, probably week of 15 April.
* KSK rollover BOF met as well.
* CACAO will meet Friday morning. Collaborative courses of action.
## Misbinding in Pairing Protocols
* presenter: Tuomas Aura
* slides:
https://datatracker.ietf.org/meeting/104/materials/slides-104-saag-misbinding-attacks-on-secure-device-pairing-00
* paper: https://arxiv.org/abs/1902.07550
Aura presented on a misbinding attack possible in many pairing protocols.
Problem:
* In key exchange, binds to wrong (dishonest) node. Known since at least 1992.
* Can be misbinding of initiator or responder.
* Solution is to be explicit about identities (e.g., bind identifiers to the
key) * Bluetooth 6-digit codes: malware can spoof the pairing interface * But
Bluetooth devices have no verifiable identifiers; authentication is based only
on physical access. * ProVerif modeling yielded a new double-misbinding case
EAP-NOOB: user-assisted out-of-band (cloud services)
* Involves relay of out-of-band message from compromised device to attacker.
* "cuckoo attacks" in trusted computing
Mitigating:
* Can't mitigate entirely, but can make attacker's life more difficult
* Bind non-modifiable device identifiers
* Device certificates to attest device
* Asset tracking
## The SNOW-V stream cipher
* presenter: John Mattsson
* slides:
https://datatracker.ietf.org/meeting/104/materials/slides-104-saag-snow-v-stream-cipher-00
Mattson presented on the SNOW-V cipher.
* 4G LTE and 5G NR: 128-bit algorithms
* 256 bit algorithms for later releases
* minimum 20G bps downlink in 5G, want that performance for encryption
* 5G primarily defines as VPNs.
* AES-256-GCM promising from performance standpoint, but want backup algorithms.
* Want 256 bit algorithms for government use and future-proofing
* New option: SNOW V from Lund University, based on earlier SNOW 3G
* Software implementation reaches 50Gbps on a single-thread on laptop CPU
* More security and performance analysis planned
* Looking at faster options for integrity protection
## Open Mic
* Max Bala: use of multiple algorithms on certificates (e.g., for
post-quantum). Big certificate issues, e.g., with TLS, CRLs, etc?
* Yoav Nir: Working on guide to writing security considerations. Will be
posting stuff on GitHub.
## Thank you to Eric Rescorla
Thank you to outgoing Security Area Director Eric Rescorla!