lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 3 Apr 2020 16:40:31 +0200
From:   Bram Bonné <brambonne@...gle.com>
To:     Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc:     David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, kuba@...nel.org,
        netdev@...r.kernel.org, Lorenzo Colitti <lorenzo@...gle.com>,
        Jeffrey Vander Stoep <jeffv@...gle.com>
Subject: Re: [RFC PATCH] ipv6: Use dev_addr in stable-privacy address generation

Hey Hannes and David,

Thank you so much for working this through with me, and apologies for
the delayed response; I wanted to take some time to check my
assumptions with members from the Android team as well.

On Fri, Mar 27, 2020 at 9:52 PM Hannes Frederic Sowa
<hannes@...essinduktion.org> wrote:
> Okay, I understand. This is an additional scenario that wasn't on my
> radar so far. Is the MAC address randomized on the (E)SSID or the BSSID?
> I assume later as the ESSID might be stable across operators, but
> anyways that's just nit picking.

Connected MAC address randomization in Android is based on the ESSID
by default, to allow devices to roam across different access points
from the same operator using the MAC address as part of their
authentication. However, nothing prevents the user from changing their
MAC address over time, rather than per-SSID.

> In this scenario you would like to blind all unique identifiers on the
> network of a device in a "stable way". The MAC address is already
> blinded, thus it would be possible to just inherit it as the link local
> address, nothing seems to be lost then? Same for the globally scoped
> generated addresses stemming from this randomized MAC address?
>
> Using EUI-48 address generation mode here would give you the benefit of
> having no unique identifier (managed by the randomized mac address), a
> stable link-local address and global addresses per ESSID and not having
> to maintain the stable address generation secret. Seems to me to be the
> easiest way forward. I wonder what the implications regarding duplicate
> MAC address detection and thus IPv6 address selection are, but that's
> another topic.

I think this is an excellent proposal, and I agree with your
assessment that a randomized MAC address essentially acts as a
link-local address as far as privacy properties are concerned.
However, I think this proposal has a few drawbacks compared to using
regular IPv6 stable privacy addresses:

* Depending on whether the current network has MAC address
randomization enabled, the interface would have to be continuously
reconfigured to use either stable privacy address generation or
EUI-48.
* Repurposing EUI-48 here would require an additional step to ensure
that the generated address is unique (which is not an issue EUI-48
address generation has to deal with currently). David, is this what
you were hinting at in your message from 27 March as well?
* EUI-48-generated IPv6 addresses have fewer random bits than those
generated using the stable privacy method, as you mentioned.

> Additionally for the global scoped address generation I think it makes
> sense to still enable use_tempaddr=2, as it makes sure that for longer
> lasting associations to an AP new addresses are phased in and old ones
> are phased out regularly.

Agreed.

> If you like to keep the semantics of having ipv6 stable addresses as per
> spec, I would not object a patch adding a new mode like e.g.
> IN6_ADDR_GEN_MODE_STABLE_PRIVACY_SOFTMAC (or some better name) on an
> interface and consequently using the admin-mac address. For me the sole
> benefit seems to be that the generated global addresses would
> additionally depend on the prefix announced by the operator in that
> particular network. This would only help if use_tempaddr=2 is not
> enabled or applications deliberately bind to a non temp addresses
> circumventing the source address selection.

If you're still OK with this, and if my aforementioned comments seem
reasonable to you, I will create a patch next week implementing this
proposal as a separate mode (IN6_ADDR_GEN_MODE_STABLE_PRIVACY_SOFTMAC
sounds good to me), and we can take it from there. I like that this
lets us adhere to the RFC, where this mode would allow us to
implicitly use the MAC address as both the Net_Iface and the
Network_ID parameter. If you have any other suggestions, please let me
know. Happy to incorporate any feedback you have.

> Off topic: does Android also deal with sockets that are still bound to
> old addresses, which potentially (I am not sure) generate packets that
> are black holed because of wrong source address but still recognizable
> by an network operator?

I will let Lorenzo (also on this thread) respond here, as he'll
certainly know more about this than I do.

Thank you once again for thinking this through with me, and for the
thorough explanation. And as always, please let me know if I
misunderstood anything.

Kind regards,
Bram

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ