ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Comments on smime-cms-07

1998-11-16 17:06:50
from [Russ Housley] [Permanent Link] 
Jim:


3.  Section 9 - Authenticated-data Content Type:  I think I 

have identified

what I consider to be a security weakness.  Specifically if 

you create an

authenticated data object with authenticated attributes, I 

can remove the

authenticated attributes and come up with a stil legal 

authenticated data

object.  To fix this I propose that we change authenticated 

data in the

following ways:
 a)  In AuthencatedData macAlgorithm be changed to hashAlgorithm.
 b) autenticatedAttributes becomes a REQUIRED field (remove 

the OPTIONAL)

 c) a digest-value becomes a required attribute in the
autenticatedAttributes (replacing mac-value)
 d) in processing, you hash the encapContentInfo, put the has in the
authenticated attributes and MAC this value.


I understand your proposed change, but I do not understand 
the "security
weakness."  In CMS-07, two MAC values are computed.  The 
first MAC value is
computed from the content, then this MAC value is encoded in 
an authenticated
attribute.  The second MAC value is computed from the DER 
encoded attributes. 
The two MAC values should not be the same.  So, if the 
attributes are removed
by an attacker, the MAC value check should fail.

If you are concerned about an attacker who is a recipient, 
and thus has the
symmetic key needed to compute the MAC, then I do not think 
that anything can
be done to make authenticated-data secure.


What I am looking at is more of a man in the middle attack.  If I intercept
the message, I can modify it and then send on to the receiptient after
having removed all of the attributes.  Since I have removed all of the
attributes only one MAC computation would be computed and that is the same
MAC computation as was in the attributes as the macValue.


Are yo saying that the attacker can take the value from the attribute and
place it in the authenticated-data macValue?  The value in the attribute is
exactly the one needed if there were no attributes present.  You are
correct, this is a problem.

Rick Ankney, are you out there?  Would your customers accept a hash of the
content in the attributes?

Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Comments on CMS-08, Russ Housley
Next by Date:  Re: Comments on smime-cms-07, Rich Ankney
Previous by Thread:  RE: Comments on smime-cms-07, Francois Rousseau
Next by Thread:  Re: Comments on smime-cms-07, Rich Ankney
Indexes:  [Date] [Thread] [Top] [All Lists]