IAB-PrivSec-program / draft-iab-privsec-confidentiality-mitigations

The Internet Draft recording the program's draft on mitigating confidentiality threats
0 stars 3 forks source link

Covert channels #25

Open martinthomson opened 8 years ago

martinthomson commented 8 years ago

...aren't really a necessary prerequisite for dynamic exfiltration:

Collaborators engaging in key exfiltration through a standard protocol will need to use covert channels in the protocol to leak information that can be used by the attacker to recover the key.

I can devise a scheme that doesn't rely on the existence of a covert channel. The risk here is that a statement in this form suggests that eliminating covert channels is a worthwhile task. The document should identify active cooperation with an attacker as a lost cause and leave it at that.

(Then we wouldn't have to find citations for the statements regarding the existence of covert channels in popular protocols. I'm sure it's true, but it's currently an unsubstantiated claim.)

hardie commented 8 years ago

I'm not sure how to fix this. We can say that collaborators engaging in key exfiltration may use either covert channels within the protocol or methods out-of-band to the protocol. I think the statement was intended to cover the first case only, as the collaborator didn't want to create a (potentially detectable) trail of messages to the attacker. In that case, the collaborator does seem to need a covert channel within the protocol to allow the on-path attacker to have access to the information needed. Am I missing something here?

martinthomson commented 8 years ago

I think that I might suggest removing the paragraph entirely. Covert channels exist in almost every protocol that I've looked at but we haven't any good evidence that they are used. It's just so much easier to use encryption straight up, or do things like use the drafts folder of a shared email service. For exfiltrating keys, I think that this is pure spy novel stuff.