f603886990
* feat(noise): add pairing RFC * fix(noise): address reviewers' comments |
||
---|---|---|
.. | ||
README.md |
README.md
slug | title | name | status | category | tags | editor | contributors |
---|---|---|---|---|---|---|---|
43 | 43/WAKU2-DEVICE-PAIRING | Device pairing and secure transfers with Noise | raw | Standards Track | waku/core-protocol | Giuseppe <giuseppe@status.im> |
Abstract
In this document we describe a compound protocol for enabling two devices to mutually authenticate and securely exchange (arbitrary) information over the Waku network.
Background / Rationale / Motivation
In order to implement multi-device communications using one of the Noise session management mechanisms proposed in 37/WAKU2-NOISE-SESSIONS, we require a protocol to securely exchange (cryptographic) information between 2 or more devices possessed by a user.
Since, in this scenario, the devices would be close to each other, authentication can be initialized by exchanging a QR code out-of-band and then securely completed over the Waku network.
The protocol we propose consists of two main subprotocols or phases:
- Device Pairing: two phisically close devices initialize the pairing by exchanging a QR code out-of-band. The devices then exchange and authenticate their respective long-term device ID static key by exchanging handshake messages over the Waku network;
- Secure Transfer: the devices securely exchange information in encrypted form using key material obtained during a successful pairing phase. The communication will happen over the Waku network, hence the devices do not need to be phisically close in this phase.
Theory / Semantics
Device Pairing
In the pairing phase, device B
requests to be paired to a device A
.
Once the two devices are paired, the devices will be mutually authenticated
and will share a Noise session within which they can securely exchange information.
The request is made by exposing a QR code that, by default, has to be scanned by device A
.
If device A
doesn't have a camera while device B
does,
it is possible to execute a slightly different pairing (with same security guarantees),
where A
is exposing a QR code instead.
This protocol is designed in order to achieve two main security objectives:
- resistance to Man-in-the-Middle attacks;
- provide network anonymity on devices' static keys, i.e. only paired devices will learn each other static key.
Employed Cryptographic Primitives
H
: the underlying cryptographically-secure hash function, e.g. SHA-256;HKDF
: the key derivation function (based onH
);Curve25519
: the underlying elliptic curve for Diffie-Hellman (DH) operations.
The WakuPairing
Noise Handshake
The devices execute a custom handshake derived from XX
,
where they mutually exchange and authenticate their respective device static key
by exchanging messages over the content topic with the following format
contentTopic = /{application-name}/{application-version}/wakunoise/1/sessions_shard-{shard-id}/proto
The handshake, detailed in next section, can be summarized as:
WakuPairing:
a. <- eB {H(sB||r), contentTopicParams, messageNametag}
...
b. -> eA, eAeB {H(sA||s)} [authcode]
c. <- sB, eAsB {r}
d. -> sA, sAeB, sAsB {s}
{}: payload, []: user interaction
Protocol Flow
-
The device
B
exposes through a QR code a Base64 serialization of:- An ephemeral public key
eB
; - The content topic parameters
contentTopicParams = {application-name}, {application-version}, {shard-id}
. - A (randomly generated) 16-bytes long
messageNametag
. - A commitment
H(sB||r)
for its static keysB
wherer
is a random fixed-lenght value.
- An ephemeral public key
-
The device
A
:- scans the QR code;
- obtains
eB
,contentTopicParams
,messageNametag
,Hash(sB||r)
; - checks if
{application-name}
and{application-version}
fromcontentTopicParams
match the local application name and version: if not, aborts the pairing. SetscontentTopic = /{application-name}/{application-version}/wakunoise/1/sessions_shard-{shard-id}/proto
; - initializes the Noise handshake by passing
contentTopicParams
,messageNametag
andHash(sB||r)
to the handshake prologue; - executes the pre-handshake message, i.e. processes the key
eB
; - executes the first handshake message over
contentTopic
, i.e.- processes and sends a Waku message containing an ephemeral key
eA
; - performs
DH(eA,eB)
(which computes a symmetric encryption key); - attaches as payload to the handshake message the (encrypted) commitment
H(sA||s)
forA
's static keysA
, wheres
is a random fixed-length value;
- processes and sends a Waku message containing an ephemeral key
- an 8-digits authorization code
authcode
obtained asHKDF(h) mod 10^8
is displayed on the device, whereh
is the handshake hash value obtained once the first handshake message is processed.
-
The device
B
:- sets
contentTopic = /{application-name}/{application-version}/wakunoise/1/sessions_shard-{shard-id}/proto
; - listens to messages sent to
contentTopic
and locally filters only those with Waku payload starting withmessageNametag
. If any, continues. - initializes the Noise handshake by passing
contentTopicParams
,messageNametag
andHash(sB||r)
to the handshake prologue; - executes the pre-handshake message, i.e. processes its ephemeral key
eB
; - executes the first handshake message, i.e.
- obtains from the received message a public key
eA
. IfeA
is not a valid public key, the protocol is aborted. - performs
DH(eA,eB)
(which computes a symmetric encryption key); - decrypts the commitment
H(sA||s)
forA
's static keysA
.
- obtains from the received message a public key
- an 8 decimal digits authorization code
authcode
obtained asHKDF(h) mod 10^8
is displayed on the device, whereh
is the handshake hash value obtained once the first handshake message is processed.
- sets
-
Device
A
andB
wait for the user to confirm with an interaction (button press) that the authorization code displayed on both devices are the same. If not, the protocol is aborted. -
The device
B
:- executes the second handshake message, i.e.
- processes and sends his (encrypted) device static key
sB
overcontentTopic
; - performs
DH(eA,sB)
(which updates the symmetric encryption key); - attaches as payload the (encrypted) commitment randomness
r
used to computeH(sB||r)
.
- processes and sends his (encrypted) device static key
- executes the second handshake message, i.e.
-
The device
A
:- listens to messages sent to
contentTopic
and locally filters only those with Waku payload starting withmessageNametag
. If any, continues. - decrypts the received message and obtains the public key
sB
. IfsB
is not a valid public key, the protocol is aborted. - performs
DH(eA,sB)
(which updates a symmetric encryption key); - decrypts the payload to obtain the randomness
r
. - computes
H(sB||r)
and checks if this value corresponds to the commitment obtained in step 2. If not, the protocol is aborted. - executes the third handshake message, i.e.
- processes and sends his (encrypted) device static key
sA
overcontentTopic
; - performs
DH(sA,eB)
(which updates the symmetric encryption key); - performs
DH(sA,sB)
(which updates the symmetric encryption key); - attaches as payload the (encrypted) commitment randomness
s
used to computeH(sA||s)
.
- processes and sends his (encrypted) device static key
- calls Split() and obtains two cipher states to encrypt inbound and outbound messages.
- listens to messages sent to
-
The device
B
:- listens to messages sent to
contentTopic
and locally filters only those with Waku payload starting withmessageNametag
. If any, continues. - obtains from decrypting the received message a public key
sA
. IfsA
is not a valid public key, the protocol is aborted. - performs
DH(sA,eB)
(which updates a symmetric encryption key); - performs
DH(sA,sB)
(which updates a symmetric encryption key); - decrypts the payload to obtain the randomness
s
. - Computes
H(sA||s)
and checks if this value corresponds to the commitment obtained in step 3. If not, the protocol is aborted. - Calls Split() and obtains two cipher states to encrypt inbound and outbound messages.
- listens to messages sent to
The WakuPairing
for Devices without a Camera
In the above pairing handshake, the QR is by default exposed by device B
and not by A
because in most use-cases we foresee, the secure transfer phase would consist in
exchanging a single message (e.g., Noise sessions, cryptographic keys, signatures, etc.) from device A
to B
.
However, since the user(s) confirm(s) at the end of message b.
that the authorization code is the same on both devices,
the role of the handhsake initiator and responder can be safely swapped in message a.
and b.
.
Indeed, if the pairing phase successfully completes on both devices, the authentication code, the committed static keys and the Noise processing rules will ensure that no Man-in-the-Middle attack took place and that messages can be securely exchanged bi-directionally in the transfer phase.
This allows pairing in case device A
does not have a camera to scan a QR (e.g. a desktop client) while device B
has.
The resulting handshake would then be:
WakuPairing2:
a. -> eA {H(sB||r), contentTopicParams, messageNametag}
...
b. <- eB, eAeB {H(sB||r)} [authcode]
c. <- sB, eAsB {r}
d. -> sA, sAeB, sAsB {s}
{}: payload, []: user interaction
Secure Transfer
The pairing phase is designed to be application-agnostic and should be flexible enough to mutually authenticate and allow exchange of cryptographic key material between two devices over a distributed network of Waku2 nodes.
Once the handshake is concluded, (privacy-sensitive) information can be exchanged using the encryption keys agreed upon the pairing phase. If stronger security guarantees are required, some additional tweaks are possible.
Implementation Suggestions
Timebox QR exposure
We suggest to timebox the exposure of each pairing QR code to few seconds, e.g. 30. After this time limit, a QR code containing a new ephemeral key, random static key commitment and message nametag (content topic parameters could remain the same) should replace the previously exposed QR, which can then be discarded.
The reason for such suggestion is due to the fact that if an attacker is able to compromise one of the ephemeral keys,
he might successfully realize an undetected MitM attack up to the authcode
confirmation
(we note that compromising ephemeral keys is outside our and Noise security assumptions).
The attacker could indeed proceed as follows:
- intercepts the QR;
- blocks/delays the delivery of the pairing message
b.
; - compromises
A
orB
ephemeral key; - recovers the genuine
authcode
that would have been generated byA
andB
; - generates ~
10^8
randomt
values until the Noise processing of the messageb'. -> eC, eCeB {H(sC||t)}
, whereeC
andsC
are the attacker ephemeral and static key, respectively, results in computing the sameauthcode
as the one betweenA
andB
; - delivers the message
b'. -> eC, eCeB {H(sC||t)}
toB
(beforeA
is able to deliver its messageb.
).
At this point A
and B
will observe the same authcode
(and would then confirm it),
but B
will process the attacker's ephemeral key eC
instead of eA
.
However, the attacker would not be able to open to device A
the static key commitment H(sB||s)
sent by device B
out-of-band,
and the pairing will abort on A
side before it reveals its static key.
Device B
, instead, will successfully complete the pairing with the attacker.
Hence, timeboxing the QR exposure,
also in combination with increasing the number of decimal digits of the authcode
,
will strongly limit the probability that an attacker can successfully impersonate device A
to B
.
We stress once more, that such attack requires the compromise of an ephemeral key (outside our security model)
and that device A
will in any case detect a mismatch and abort the pairing,
regardless of the fact that the QR timeboxing mitigation is implemented or not.
Randomized Rekey
The Noise Protocol framework supports Rekey()
in order to update encryption keys "so that a compromise of cipherstate keys will not decrypt older [exchanged] messages".
However, if a certain cipherstate key is compromised,
it will be possible for the attacker not only to decrypt messages encrypted under that key,
but also all those messages encrypted under any successive new key obtained through a call to Rekey()
.
This could be mitigated by attaching an ephemeral key to messages sent after a Split() so that a new random symmetric key can be derived, in a similar fashion to Double-Ratchet.
This can be practically achieved by:
- keeping the full Handhshake State even after the handshake is complete (by Noise specification a call to
Split()
should delete the Handshake State) - continuing updating the Handshake State by processing every after-handshake exchanged message (i.e. the
payload
) according to the Noise processing rules (i.e. by callingEncryptAndHash(payload)
andDecryptAndHash(payload)
); - adding to each (or every few) message exchanged in the transfer phase a random ephemeral key
e
and perform Diffie-Hellman operations with the other party's ephemeral/static keys in order to update the underlying CipherState and recover new random inbound/outbound encryption keys by callingSplit()
.
In short, the transfer phase would look like (but not necessarily the same as):
TransferPhase:
-> eA, eAeB, eAsB {payload}
<- eB, eAeB, sAeB {payload}
...
{}: payload
Messages Nametag Derivation
To reduce metadata leakages and increase devices's anonymity over the p2p network,
35/WAKU2-NOISE suggests to use some common secrets mntsInbound, mntsOutbound
(e.g. mntsInbound, mntsOutbound = HKDF(h)
where h
is the handshake hash value of the Handshake State at some point of the pairing phase)
in order to frequently and deterministically change the messageNametag
of messages exchanged during the pairing and transfer phase -
ideally, at each message exchanged.
Given the proposed construction,
the mntsInbound
and mntsOutbound
secrets can be used to iteratively generate the messageNametag
field of Waku payloads
for inbound and outbound messages, respectively.
The derivation of messageNametag
should be deterministic only for communicating devices
and independent from message content,
otherwise lost messages will prevent computing the next message nametag.
A possible approach consists in computing the n
-th messageNametag
as H( mntsInbound || n)
,
where n
is serialized as uint64
.
In this way, sender's and recipient's devices
can keep updated a buffer of messageNametag
to sieve
while listening to messages sent over /{application-name}/{application-version}/wakunoise/1/sessions-{shard-id}/
(i.e., the next 50 not yet seen).
They will then be able to further identify if one or more messages were eventually lost
or not-yet-delivered during the communication.
This approach brings also the advantage that
communicating devices can efficiently identify encrypted messages addressed to them.
We note that since the ChaChaPoly
cipher used to encrypt messages supports additional data,
an encrypted payload can be further authenticated by passing the messageNametag
as additional data to the encryption/decryption routine.
In this way, an attacker would be unable to craft an authenticated Waku message
even in case the currently used symmetric encryption key is compromised,
unless mntsInbound
, mntsOutbound
or the messageNametag
buffer lists were compromised too.
Security/Privacy Considerations
Assumptions
-
The attacker is active, i.e. can interact with both devices
A
andB
by sending messages overcontentTopic
. -
The attacker has access to the QR code, that is knows the ephemeral key
eB
, the commitmentH(sB||r)
and thecontentTopic
exposed by the deviceB
. -
Devices
A
andB
are considered trusted (otherwise the attacker will simply exfiltrate the relevant information from the attacked device). -
As common for Noise, we assume that ephemeral keys cannot be compromised, while static keys might be later compromised. However, we enforce in the pairing phase extra security mechanisms (i.e. use of commitments for static keys) that will prevent some attacks possible when ephemeral keys are weak or get compromised.
Rationale
-
The device
B
exposes a commitment to its static keysB
because:- it can commit to its static key before the authentication code is confirmed without revealing it.
- If the private key of
eB
is weak or gets compromised, an attacker can impersonateB
by sending in messagec.
to deviceA
his own static key and successfully complete the pairing phase. Note that being able to compromiseeB
is not contemplated by our security assumptions. B
cannot adaptively choose a static key based on the state of the Noise handshake at the end of messageb.
, i.e. after the authentication code is confirmed. Note that deviceB
is trusted in our security assumptions.- Confirming the authentication code after processing message
b.
will ensure that no Man-in-the-Middle (MitM) can later send a static key different thansB
.
-
The device
A
sends a commitment to its static keysA
because:- it can commit to its static key before the authentication code is confirmed without revealing it.
A
cannot adaptively choose a static key based on the state of the Noise handshake at the end of messageb.
, i.e. after the authentication code is confirmed. Note that deviceA
is trusted in our security assumptions.- Confirming the authentication code after processing message
b.
will ensure that no MitM can later send a static key different thansA
.
-
The authorization code is shown and has to be confirmed at the end of message
b.
because:- an attacker that frontruns device
A
by sending faster his own ephemeral key would be detected before he's able to know deviceB
static keysB
; - it ensures that no MitM attacks will happen during the whole pairing handshake, since commitments to the (later exchanged) device static keys will be implicitly acknowledged by the authorization code confirmation;
- it enables to safely swap the role of handshake initiator and responder (see above);
- an attacker that frontruns device
-
Device
B
sends his static key first because:- by being the pairing requester, it cannot probe device
A
identity without revealing its own (static key) first. Note that deviceB
static key and its commitment can be bound to other cryptographic material (e.g., seed phrase).
- by being the pairing requester, it cannot probe device
-
Device
B
opens a commitment to its static key at messagec.
because:- if device
A
replies concluding the handshake according to the protocol, deviceB
acknowledges that deviceA
correctly received his static keysB
, sincer
was encrypted under an encryption key derived from the static keysB
and the genuine (due to the previousauthcode
verification) ephemeral keyseA
andeB
.
- if device
-
Device
A
opens a commitment to its static key at messaged.
because:- if device
B
doesn't abort the pairing, deviceA
acknowledges that deviceB
correctly received his static keysA
, sinces
was encrypted under an encryption key derived from the static keyssA
andsB
and the genuine (due to the previousauthcode
verification) ephemeral keyseA
andeB
.
- if device
Application to Noise Sessions
The N11M session management mechanism
In the N11M
session management mechanism,
one of Alice's devices is already communicating with one of Bob's devices within an active Noise session,
e.g. after a successful execution of a Noise handshake.
Alice and Bob would then share some cryptographic key material, used to encrypt their communications. According to 37/WAKU2-NOISE-SESSIONS this information consists of:
- A
session-id
(32 bytes) - Two cipher state
CSOutbound
,CSInbound
, where each of them contains:- an encryption key
k
(2x32bytes) - a nonce
n
(2x8bytes) - (optionally) an internal state hash
h
(2x32bytes)
- an encryption key
for a total of 176 bytes of information.
In a N11M
session mechanism scenario,
all (synced) Alice's devices that are communicating with Bob
share the same Noise session cryptographic material.
Hence, if Alice wishes to add a new device,
she must securely transfer a copy of such data from one of her device A
to a new device B
in her possession.
In order to do so she can:
- pair device
A
withB
in order to have a Noise session between them; - securely transfer within such session the 176 bytes serializing the active session with Bob;
- manually instantiate in
B
a Noise session with Bob from the received session serialization.
Copyright
Copyright and related rights waived via CC0.