Comments

LApril 11, 2016 3:58 PM

Since the argument is the about the same, can I ask some comments on this? (via mail is fine)

https://www.fenrirproject.org/Fenrir/Fenrir_Project/wikis/Paper

It's a new federated authentication protocol that includes authorization.

The novelty of the approach is fusing the authentication down with the transport layer, which greatly improves efficiency and security.

It's a token-based protocol, without clock synchronization or reliance on a specific algorithm. Furthermore the design brings a separation between the application (or the service) and the management of the authentication data, the handshakes and so on.


I also have a proverif proof, but I'm looking into more tools to check... everything.
Do you know any other tool dedicated to mathematical proofs for both general programming and more specifically protocols?

-L

I Heart Script KiddiesApril 11, 2016 6:40 PM

When I think of script kiddies, I want to shorten the phrase to "skids" and then associate that with skid marks.

Who's security?April 11, 2016 7:16 PM

So... Who's "security" will this year's protocols be trying to preserve? The authoritarian state? Or the free citizen? For example, does "fusing the authentication down with the transport layer" (to quote @L) enhance state surveillance over innocent people? Or does it enable privacy?

DanApril 11, 2016 9:05 PM

@L,
It is an interesting idea. I just read the documentation on Fenrir. As I am not an expert, my opinion should not be considered official in any way. It mostly seems ok. The use of xor to combine keys scares me. It seems dangerous to encrypt session keys by xoring them with the long-term shared secret. Any leak of the session key reveals the long-term shared secret. It would be a good idea to use hash functions to derive keys. I think the protocol is a good idea.

Nicholas MApril 12, 2016 2:08 AM

Who's security? • April 11, 2016 7:16 PM

So... Who's "security" will this year's protocols be trying to preserve? The authoritarian state? Or the free citizen? For example, does "fusing the authentication down with the transport layer" (to quote @L) enhance state surveillance over innocent people? Or does it enable privacy?

Welp, it obviously takes obscurity out of hands from free citizens who use the service and in to hands of the transport provider.

It's a tough question. Would you rather trust the free citizen or the telcos with transport security, privacy, and/or security?

LApril 12, 2016 4:07 AM

@Who's security?


For example, does "fusing the authentication down with the transport layer" (to quote @L) enhance state surveillance over innocent people?

There is a concern over privacy in the proposed protocol, in the sense that your authentication server will have a list of your authenticated connections (not the unauthenticated ones).

But being a federated environment, you can just choose a privacy-oriented provider. IMHO, it's still better than using the "login with fb/g+", which concentrates the information on just two providers.


The OAuth framework lets the auth.server impersonate its user on existing services. This does not happen in Fenrir.

And since the protocol hides even the id of the service being accessed, there should be no information leakage like the cleartext SNI in TLS.

@Nicholas M


Welp, it obviously takes obscurity out of hands from free citizens who use the service and in to hands of the transport provider.

Not really. One of the main objectives of the protocol is to provide a (web?) interface for the user to manage its authorizations on his devices and services.

This means that the user is encouraged to look at his/her data to know which devices use his/her accounts, which services are being accessed and so on. With this the user will also immediately know what information is in the hands of his authentication server.

Let me ask you, what information is in the hand of google/fb, regarding the average account? Can you enumerate it? Can you be sure you have not been impersonated on your services? OAuth is a much worse system.

Sure, it's not completely anonymous (it's an AUTHENTICATION protocol..), but there are more information hidden and more security for the users than in the current model, IMHO.

-L

Who's security?April 12, 2016 10:02 AM

@L

"There is a concern over privacy in the proposed protocol, in the sense that your authentication server will have a list of your authenticated connections"

Can I run my own authentication server? Or will there just be a certain enumerated few allowed like there are with SSL/TLS certificate authorities? Unless everything's completely under my control, there's no privacy whatsoever.

Yes, it makes it better than using FB/G+, you have a point there... but you're not thinking big picture enough. Right now only a small percentage of the internet requires FB/G+ logins before you can access its content... imagine that being flipped around, and almost all the internet requiring Fenrir authentication. Who's in charge then? Is everything concentrated in the hands of just a few providers that can easily just be given secret court orders forcing them to hand over everyone's information or shut down? That's the future we have to guard against. Comey and Feinstein are salivating already.

Who's security?April 12, 2016 10:19 AM

@L

Imagine Fenrir being used as a DDOS attack control mechanism, where almost all news sites and blog sites suddenly disappear from the internet, unless you prove who you are first. This has to a large extent already happened with the likes of CloudFlare and others banning Tor. If Fenrir enhances this effect, it's very very bad for the future of privacy. It's a future worldwide Gestapo's wet dream.

LApril 12, 2016 11:41 AM

@Who's security?

Of course you can run you own authentication server. That's the whole point of a federated model.

As far as your distopian future goes, it seems unlikely, and nothing prevents you to use privacy-oriented authentication servers, or devise hacks where the usernames are randomly generated each time. It's an arms race, if you require a login, you'll only get a fake or ad-hoc one. I don't think it will be a concern for quite some time.

And really, nothing stops that from happening with today's tech.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.