[OpenAFS] Open AFS, SSL and wireless security.

Derek Atkins openafs-info@openafs.org
01 Jul 2003 12:32:54 -0400 

SEND ALL REPLIES TO THE LIST!

"Tim O'Callaghan" <tim.ocallaghan@limestudios.com> writes:

> > Well, it depends very much on your threat model.  First,
> > encryption is only used when you have a token (e.g. files 
> > with a system:anyuser ACL accessed from an un-authenticated 
> > context are not protected).  Second, the encryption used is 
> > NOT perfect, but it's certainly better than sending along clear-text.
> > 
> 
> Hmm... "threat model" is a new term to me. I'm just a paranoid hacker
> wanting to secure my home (and personal office space) communications....
> Ok, after a quick google, there it is (I think).

A "threat model" is a description of what you are worried about, what
attacks you care about (and specifically what attacks you DON'T care
about).  Are you worried that your neighbor will read your packets by
sniffing your wireless?  Or are you worried that the NSA will do so?
The security required to protect yourself against the NSA is VERY
DIFFERENT than the security required to protect yourself against your
neighbor.

> This is the basic network:
> 
> <-- xDSL -->| nifty dsl	|<-A-> secured linux server (ssh, http(s)
> (AFS?))
> 		| router	|<-A-> other tcp/ip devices (printer,
> Xbox etc)
> 		| firewall	|<-A->| wireless	| <-B-> desktop
> 					| bridge	| <-B-> laptop
> 
> That’s the current model. 
> The DSL router has been configured for mac filtering and switching, all
> incoming service traffic that gets past the firewall traffic gets routed
> to the secure server, all other open ports are routed to their specific
> destinations. So the front door is (electronically at least) as secure
> as 
> I can think of making it.
> 
> The wireless bridge uses WEP shared key authentication, and mac
> filtering for the two wireless nodes. I am making the assumption here
> that WEP shared key communications are easily breakable/bypassable. So
> that leaves my back door potentially wide open, or at least my
> communications with my file server from my two wireless nodes. Most of
> the traffic will be file IO, hence the question...  
> So to the threat model:If the transport medium is transparent, i.e.
> accessable to anyone within listening range (see B above), will the
> kerberos authentication mechanism also be transparent?
> Or vunerable to having authentication sniffed from the packets,
> especially if AFS authenticates for each file access?

Well, again, it depends...  Who do you expect is listening?  Kerberos
uses lots of keys -- there is the long term key which is used once
every 10 hours, and then a bunch of random session keys which last for
only 10 hours.  And then sub-session keys which last even shorter periods
of time.  So the REAL question is: do you think that someone will
be able to grab enough traffic to crack a sub-session key during the
lifetime of a session?  Or do you think that someone will grab enough
Kerberos traffic to crack your long term key?

This depends on your actual threat model.  Could the NSA do it?  Yea.
But they could also do it with SSL, too ;)  Could your neighbor?
HIGHLY unlikely.  And as OpenAFS moves forward with more Krb5 work
the strength of AFS authentication and encryption will increase.

> So, for example, if I were to access a file over the network, the
> traffick I might see at point B might be (assume encrypted compile
> flag):
> |<(D) kerberos file auth data><encrypted file>|
> And if I was to open another file I might see:
> |<(D) kerberos file auth data><other encrypted file>|
> 
> Where with enough D's (above) I might be able to spoof authentication?

Theoretically?  Of course.. As I said, nothing is perfectly secure.
Is it computationally feasible?  Well, that depends on your threat
model.

> Whereas if I use an encrypted underlying transport (e.g. stunnel) I
> might avoid having D compromosed....

No, but you have your SSL key potentially compromised...  STunnel is
not inherently more secure that Kerberos... It's just painting the
fence a different color (would you prefer white or green paint?)

> >
> > So, I cannot answer your "would this be vulnerable" question 
> > without knowing your views of your threat model, answering 
> > "vulnerable to what attacks?"
> > 
> 
> Hope this explains it in a bit more detail. At the moment I have not
> detected anyone in wireless range, but its only a matter of time....

Sort of... But please... KEEP THIS ON THE LIST!  Unless your goal is
to hire me as a security consultant, at which point we can take this
off list and talk about rates.

> Tim.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available