This action might not be possible to undo. Are you sure you want to continue?
e" #010 Title$ LI o% MI&E'-I(A&E, a )& pe"spe*ti+e ,o*- ent %o"$ ,is*-ssion ,ate$ So-"*e$
Various schemes have been discussed for inclusion in IMS Media Plane Security; MIKEY-IBAKE is currently bein considered! "here is some concern about the #a$ful Interce%tion solution %ro%osed for this scheme& $hich may %revent its de%loyment in some 'urisdictions! (ecent events have hi hli hted the difficulties that can arise $hen a%%ro%riate #I mechanisms are not en ineered into systems at an early sta e!
MI&E'-I(A&E an/ LI 0e1-i"e ents
"o %erform #a$ful Interce%tion on MIKEY-IBAKE communications& a #EM) $ould be re*uired to %erform a Man-in-the-Middle attac+ durin session establishment ,or re-+ey-& and continue to decry%t and re-encry%t communications for the duration of the session! "his a%%ears to %rohibit several of the re*uirements a reed in Section .!/ of 01PP "S 00!234! "he re*uirements are considered in turn here!
2! 5hen an encry%tion service is %rovided by the P#M6& la$ful interce%tion shall ta+e %lace as for a non encry%ted communications! a! In addition encry%ted communications shall be decry%ted& or the decry%tion +eys and any re*uired associated information ,e! ! roll over counters- shall be %rovided to the #EM)! b! )or the s%ecific case $here a +ey server based solution is used& it is a national o%tion for the o%erator to ma+e +eys and any associated information ,e! ! roll over counters- directly available to the #EM) for the decry%tion of communications!
It a%%ears that MIKEY-IBAKE satisfies this re*uirement!
7! Interce%tion shall be %erformed in such a manner as to avoid detectability by the "ar et or others! In %articular8 a! "here shall be no si nificant difference in latency durin call setu% or durin communications com%ared to a non interce%ted communications!
9ue to the timin and interaction re*uired to %erform the Man-in-the-Middle attac+ durin call setu%& there $ill be additional latency in call setu%! "his $ill be es%ecially %ronounced $hen lar e numbers of Surveillance Sub'ects are active in one re ion or one s$itch! :om%utationally intensive elli%tic curve calculations $ill need to be %erformed for every call setu% under surveillance& so a slot to %erform these
3GPP TSG-SA WG3-LI Meeting #38 SA3LI10_099 Tallinn, Estonia, 7-9 Septe !e" #010 calculations is re*uired before the call can commence! It a%%ears that MIKEYIBAKE does not satisfy this re*uirement!
b! Interce%tion of a "ar et shall not %revent the use of +ey e;chan e a%%lications $hich %rovide a user +ey confirmation mechanism! 6<"E8 Key confirmation mechanisms such as an authentication strin to be e;chan ed verbally are commonly used to %rovide additional assurance of authentication!
"he Man-in-the-Middle attac+ re*uired for #I in MIKEY-IBAKE results in different +eys bein derived by each MS=>E $hen surveillance is ta+in %lace! "his %rohibits the use of such +ey confirmation mechanisms $hich some users may e;%ect& and may be included in im%lementations of the standard! It a%%ears that MIKEY-IBAKE does not satisfy this re*uirement!
c! Should interce%tion fail durin a call ,or durin call setu%-& the call shall be unaffected!
Should a MIKEY-IBAKE #I im%lementation fail& all calls sub'ect to interce%tion $ill immediately fail! "his is because the #I im%lementation needs to decry%t and reencry%t ,$ith a different +ey- all data it interce%ts! Such an event may raise a$areness of a Surveillance Sub'ect to interce%tion! It should be noted that multi%le Surveillance Sub'ects? calls $ould be simultaneously terminated ,and other users in the same location $ould not-; this may indicate $hich users are under surveillance! It a%%ears that MIKEY-IBAKE does not satisfy this re*uirement!
0! 5here the P#M6 o%erator %rovides decry%tion of the communication& it is the o%erator?s choice $here in the net$or+ this decry%tion is %erformed! @o$ever& follo$in decry%tion& all I(I and :: shall be %rovided to the #EM) usin handover mechanisms as %er a non encry%ted communication!
<%erators have little choice in the %ositionin of the decry%tion function $hen %erformin #I on MIKEY-IBAKE! "he communications must be decry%ted and reencry%ted en-route& in the core net$or+& as the communicatin %arties of a MIKEYIBAKE call under surveillance have different +eys! 6ote that this a%%roach also causes difficulties in %erformin #I $hen #ocal (outin is em%loyed! It a%%ears that MIKEY-IBAKE does not satisfy this re*uirement!
A! An encry%tion solution shall not %rohibit commencement of Interce%tion and decry%tion of an e;istin communication!
By allo$in for session re+eys& it may be %ossible for MIKEY-IBAKE to satisfy this re*uirement! @o$ever& if re+eyin of sessions is not commonly confi ured by users& the use of a session re+ey to facilitate #a$ful Interce%tion $ill be detectable by Surveillance Sub'ects! It is unclear $hether MIKEY-IBAKE can satisfy this re*uirement!
.! If +ey material and any associated information are available& it shall be %ossible to retros%ectively decry%t encry%ted communications!
A Man-in-the-Middle attac+ is an active attac+& $hich must be %erformed at the time of call setu%! "herefore in MIKEY-IBAKE& if this attac+ has not been %erformed& any surveillance is im%ossible& $hether durin or after the call! In order to retros%ectively
3GPP TSG-SA WG3-LI Meeting #38 SA3LI10_099 Tallinn, Estonia, 7-9 Septe !e" #010 decry%t communications the Man-in-the-Middle attac+ must have been %erformed on all subscribers! It a%%ears that MIKEY-IBAKE does not satisfy this re*uirement! It is %ossible to em%loy Identity Based Encry%tion $hilst allo$in for the %ossibility of #a$ful Interce%tion! In li ht of these re*uirements& >K overnment has develo%ed a similar scheme& MIKEY-SAKKE& $hich su%%orts 01PP SA0 #I re*uirements and has additional benefits such as lo$ latency! )ull details of this scheme can be found in the MIKEY-SAKKE Internet 9raft! An additional concern in the >K is that %erformin an active attac+& such as the Man-inthe-Middle attac+ %ro%osed in the #a$ful Interce%tion solution for MIKEY-IBAKE may be ille al! "he >K :om%uter Misuse Act 2BB3 %rovides le islative %rotection a ainst unauthorised access to and modification of com%uter material! "he act ma+es s%ecific %rovisions for la$ enforcement a encies to access com%uter material under %o$ers of ins%ection& search or seiCure! @o$ever& the act ma+es no such %rovision for modification of com%uter material! A Man-in-the-Middle attac+ causes modification to com%uter data and $ill im%act the reliability of the data! As a result& it is li+ely that #EM)s and P#M6s $ould be unable to %erform #I on MIKEY-IBAKE $ithin the current le al constraints )urthermore& the fact that communications are modified en-route by an active attac+ $ould render any interce%ted data unacce%table for evidential use! )or these reasons there must be si nificant doubt re ardin de%loyment of MIKEYIBAKE in the >K or in other countries $ith similar le al frame$or+s or $here evidential #I is re*uired!
"hese re*uirements relate to IMS Media Security and to #a$ful Interce%tion! 01PP "S 00!2348 D#a$ful interce%tion re*uirementsE 01PP "S 00!07F8 DIP Multimedia Subsystem ,IMS- media %lane securityE 01PP "( 00!F7F8 DIP Multimedia Subsystem ,IMS- media %lane securityE S%ecification for MIKEY-SAKKE8 IE") Internet 9raft draft- roves-mi+ey-sa++e-33& MIKEY-SAKKE8 Sa+ai-Kasahara Key E;chan e in Multimedia Internet KEYin ,$or+ in %ro ress-
SA0-#I members are re*uested to discuss the concerns herein re ardin #a$ful Interce%tion of MIKEY-IBAKE!
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.