Page 5
secure communications
Page 9
real-time messaging
Page 11
multimedia negotiation
Page 13
invented by Jeremie Miller in 1998
Page 14
powered by streaming XML
Page 15
over long-lived TCP connections
Page 16
client-server architecture
Page 17
decentralized network
Page 18
inter-domain messaging
Page 21
with built-in presence
Page 22
not one open-source project
Page 23
multiple codebases
Page 24
open-source and commercial
Page 25
focus on XML wire protocol
Page 26
core protocol standardized @ IETF
Page 37
decentralized architecture
Page 38
~50 million IM users
Page 40
general XML routing
Page 41
lots of applications beyond IM
Page 42
continually defining XMPP extensions
Page 43
XMPP Standards Foundation (XSF)
Page 44
that’s great, but...
Page 45
how secure is it?
Page 46
what is security?
Page 47
secure conversationin real life...
Page 48
a good friend visits your home
Page 49
you know and trust each other
Page 50
only the two of you
Page 51
strangers can’t enter your home
Page 52
your home is not bugged
Page 53
conversation is not recorded
Page 54
what you say is private and confidential
Page 55
contrast with the Internet...
Page 56
the Internet is a dangerous place
Page 57
lots of potential attacks
Page 58
man in the middle
Page 59
unauthenticated users
Page 63
denial of service
Page 64
directory harvesting
Page 76
information leaks
Page 77
inappropriate logging and archiving
Page 79
how do we fight these threats?
Page 81
Jabber is not a perfect technology
Page 82
not originally builtfor high security
Page 83
don’t require GPG keys or X.509 certs
Page 84
don’t require ubiquitous encryption
Page 85
maybe that’s why we have 50 million users...
Page 86
but privacy and security are important
Page 87
so what have we done to help?
Page 88
Jabber architecture...
Page 90
client-server architecture
Page 92
client connects to server (TCP 5222)
Page 93
(or connect via HTTP binding over SSL)
Page 94
client MUST authenticate
Page 95
originally: plaintext or hashed password
Page 96
Simple Authentication & Security Layer (SASL)
Page 98
many SASL mechanisms
Page 99
PLAIN (OK over encrypted connection)
Page 101
EXTERNAL (with X.509 certs)
Page 102
KERBEROS (a.k.a. GSSAPI)
Page 105
all users are authenticated
Page 106
server stamps user ‘from’ address
Page 107
Jabber IDs are logical addresses
Page 108
look like email addresses
Page 111
not limited to US-ASCII characters
Page 117
full Unicode opens phishing attacks
Page 118
[email protected] ᏚᎢᎵᎬᎢᎬᏒ@jabber.org
Page 119
clients should use “petnames”
Page 120
store in buddy list [tm] (a.k.a. “roster”)
Page 121
server stores your roster
Page 122
server broadcastsyour presence
Page 123
but only to subscribers you have authorized
Page 124
server must not expose your IP address
Page 125
most traffic goes through server
Page 126
traffic is pure XML
Page 127
servers reject malformed XML
Page 128
servers MAY validate traffic against schemas
Page 129
difficult to inject binary objects
Page 130
difficult to propagate malware
Page 131
break alliance between viruses and spam
Page 132
spim virtually unknown on Jabber network
Page 134
hard to spoof addresses
Page 135
hard to send inline binary
Page 136
XHTML subset (no scripts etc.)
Page 137
clients check before accepting a file
Page 138
XMPP not immune to spim
Page 139
have spim-fighting tools ready when it appears
Page 140
challenge-response to communicate
Page 141
challenge-response to register account
Page 143
reputation systems?
Page 144
spimmers need to overcome rate limiting
Page 145
distributed attack or rogue server
Page 147
just harder than other networks (got email?)
Page 148
no rogue servers (yet)
Page 149
a server MAY federate with other servers
Page 150
many private XMPP servers
Page 151
public servers federate as needed (TCP 5269)
Page 152
DNS lookups to determine IP addresses
Page 153
only one hopbetween servers
Page 154
server identitiesare validated
Page 155
server dialback (reverse DNS lookups)
Page 156
effectively prevents server spoofing
Page 157
receiving server checks sending domain
Page 158
no messages from “[email protected] ”
Page 159
DNS poisoning can invalidate
Page 160
need something stronger?
Page 161
Transport Layer Security (TLS)
Page 163
IETF “upgrade” to SSL
Page 164
TLS + SASL EXTERNAL with X.509 certs
Page 165
strong authentication of other servers
Page 166
but only if not using self-signed certs
Page 168
real X.509 certs are expensive
Page 169
free digital certificates for XMPP server admins
Page 170
intermediate CA for XMPP network
Page 172
root CA: StartCom
Page 173
ICA: XMPP Standards Foundation
Page 174
hopefully other CAs in future
Page 175
channel encryption is a no-brainer
Page 176
Mallory is foiled
Page 177
but what about Isaac and Justin?
Page 179
need end-to-end encryption (“e2e”)
Page 180
first try: OpenPGP(XEP-0027)
Page 182
but Aunt Tillie doesn’t use PGP
Page 183
second try: S/MIME(RFC 3923)
Page 184
great for geeks (and some employees)
Page 185
but Aunt Tillie doesn’t use X.509
Page 186
XML encryption and digital signatures?
Page 187
seems natural, but not much interest (c14n?)
Page 188
doesn’t provide perfect forward secrecy
Page 189
off-the-record communications (OTR)?
Page 191
opportunistic encryption (à la SSH)
Page 192
perfect forward secrecy
Page 193
but encrypts only the plaintext message body
Page 194
we need to encrypt the entire packet
Page 196
because XMPP is more than just IM
Page 197
e.g., protect IPs sent in multimedia negotiation
Page 198
solution: encrypted sessions
Page 199
big set of requirements...
Page 200
packets are confidential
Page 201
packet integrity
Page 202
replay protection
Page 203
key compromise does not reveal past comms
Page 204
dependence on PKI not necessary
Page 205
entities authenticated to each other
Page 206
3rd parties cannot identify entities
Page 207
repudiate any given message
Page 208
robustness against attack (multiple hurdles)
Page 209
upgradeability if bugs are discovered
Page 210
encryption of full XMPP packets
Page 211
implementable by typical developer
Page 212
usable by typical user
Page 214
how to address all requirements?
Page 215
bootstrap from cleartext to encryption
Page 216
in-band Diffie-Hellman key exchange
Page 217
translate SIGMA approach to XMPP
Page 218
similar to Internet Key Exchange (IKE)
Page 219
details in XSF XEPs 116, 188, 200
Page 220
major priority for 2007
Page 221
support from NLnet(thanks!)
Page 222
pursuing full security analysis
Page 224
more at blog.xmpp.org
Page 225
wide implementation by end of 2007
Page 226
so how are we doing?
Page 228
hard to spoof addresses
Page 229
pure XML discourages binary malware
Page 230
DoS attacks possible but not easy
Page 231
widespread channel encryption
Page 232
working hard on end-to-end encryption
Page 233
widely deployed in high-security environments
Page 234
Wall Street investment banks
Page 236
MIT and other universities
Page 237
many public servers since 1999
Page 238
no major security breaches
Page 239
can’t be complacent
Page 240
always more to do
Page 241
security is a never-ending process
Page 242
analysis and hacking encouraged
Page 243
if it breaks, we’ll fix it
Page 245
join the conversation
Page 246
let’s build a more secure Internet