[Standards] compression attacks

Winfried Tilanus winfried at tilanus.com
Mon Feb 17 13:29:02 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 13-02-14 13:19, Thijs Alkemade wrote:
> On 13 feb. 2014, at 01:04, Peter Saint-Andre <stpeter at stpeter.im> 
> wrote:

>> While working on draft-sheffer-uta-tls-attacks with Yaron
>> Sheffer this week, he pointed out to me that the TIME and BREACH
>> attacks might apply to application-layer compression technologies
>> such as XEP-0138 for XMPP. I haven't looked into that in detail
>> yet, but I figured I'd raise the issue here for discussion.

XEP-0138's context is to provide compression when TLS is not
available. So it should not be used together with TLS, but the
security considerations cover the case where both are used. Maybe
better adjust these.

> Depends on what data you consider secret.
> 
> Passwords shouldn't be in the compressed stream, per XEP-0170.
> Other highly sensitive data can be your contact list and the
> contents of your messages. Both of these an attacker should not be
> able to trigger retransmissions of, which complicates attacking
> them.
> 
> But it's likely the attacker will be able to extract information
> like "is juliet at example.lit on your roster?", "did you receive a
> message from juliet at example.lit in the past 32 kB?" (the zlib
> window size) or "did you receive a message that included the phrase
> 'thermonuclear war' in the last 32 kB?".

Thijs, can you explain this a bit more? As far as I understand these
attacks, they work when both a secret and data supplied by the
attacker are in the same compression context. That has to be the same
32 kB compression window (in the case of zlib). I don't see how the
attacker can inject data into that, we don't have CSRF issues in XMPP.
Or it has to be for contexts like the IOT, where sensors can be
manipulated so you can test if the sensor has been sending the same
value just before.

Winfried
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTAg6TAAoJEHZ7UH0X6LdcwrAP/1YB1H91bw6RzIrwMXKLCDOl
0SdZE9dfA5WBpoWmd/prclOiTKTIaIQZxVnZZBJhMtySuKePMIrQ11Md+wkcQtYe
IMRsOqmSpBkN07BPJdZmEPMGgpiqMHGzhGgxskyakZXETHvv01bx6QFFuZtpnevR
bg26eiiSHNuTXpPDZyZSK/OhmeP2eitRawi8edqlH5hjpsn9D0gWrQQb8H1mrzlJ
FaM2diFFalAg5vJPOIEDHQnCtcMO5Xb2czB04jhsm/XlC1xQzgQDe1PYooYnq4AQ
y5JzpTOreI9pDv3RLZb3mLSp7WaGIw/dCjp9Qtb4KZlUuD4WXaJVdsG9kxH0txgr
VDQVBAVe+t9ByWTDqx7HqkltI6v+s0WLTVEy8S7FpswMSSj8vWmUiTbC4kpO04iS
IA0UJU6cjkSrCbib19M40OB13xdZKMXybObFttRLKt/OARbcFNowWB6S66rEGECA
eb2yOOKV0ir+VGw5aePCJ5LxbLJ2NgsrJShqOTjgXvi9wOLcEZm9jD+jJivLfd5Q
czEuVuJTqLmqSQSIRI33tv72KMY8TcNLcXIsN79hncLbysgo6IfpyicXCgZBXLPl
AtEAdDMJL2PDwxBZUG/dI3oJ2TnzJujrOq4ZdGOcojQtP1+sCnC88+5eHVz/HDf1
xeleqqxxbBZfQnL6PQr/
=DUFi
-----END PGP SIGNATURE-----



More information about the Standards mailing list