Comments (2)
paullouisageneau
commented on June 10, 2024
We are using libDataChannel together with libjuice and observed that unencrypted UDP pakets containing the ice-ufrag pair and the fingerprint together with IP and ports are exposed.
You are right, but the exposed information, like ICE ufrag, is public. The only private information is the ICE password which serves to compute the message-integrity attribute. The fingerprint STUN attribute is not here for security and has nothing to do with the WebRTC DTLS fingerprint, it just helps to distinguish STUN packets from application traffic. Public addresses and ports are present in UDP/IP packet headers anyway so any router on the path can see them.
The STUN standard contains the following security consideration in section 16: https://www.rfc-editor.org/rfc/rfc5389#section-16
Since STUN uses the HMAC of a shared secret for authentication and
integrity protection, it is subject to offline dictionary attacks.
When authentication is utilized, it SHOULD be with a strong password
that is not readily subject to offline dictionary attacks.
Protection of the channel itself, using TLS, mitigates these attacks.
However, STUN is most often run over UDP and in those cases, strong
passwords are the only way to protect against these attacks.
The reason for such considerations in the RFC is that STUN is designed as generic protocol that other connectivity protocols can use, especially ICE, but not limited to it. This specific paragraph is a general consideration for protocols using STUN, but does not apply to ICE connectivity checks.
As far as I have seen in the code, the message integrity is checked, but offline dictionary attacks are still possible. Is this correct?
The ICE connection process typically lasts less than 30s, so you can't realistically run an offline attack on the ICE password. Additionally, the ICE password is randomly-generated for each session and cracking it wouldn't serve any purpose other than injecting mapped addresses during connection that the peer would then try to probe. In any case, it is impossible to hijack a media session thanks to the DTLS fingerprint verification.
While writing this I wondered whether it is possible to use DTLS not only for the media data transmission, but also for the STUN messaging. Actually there exists a standard for this, however I have no idea how much effort this would require to be integrated:
https://datatracker.ietf.org/doc/html/rfc7350
This RFC already discuss of DTLS for ICE connectivity checks in section 4.2, and mentions that it doesn't bring benefits and would delay the checks so much by adding round-trips that you'd need to basically redesign everything to perform checks with the DTLS handshake instead.
from libjuice.
sebihoefle
commented on June 10, 2024
Thank you very much for your explanations!
from libjuice.
Related Issues (20)
- After setting TRUN, libjuice will always only use relay, no more try P2P, P2P never succeeded HOT 14
- Does juice_add_remote_candidate have to be called p2p in on_candidate or on_gathering_done callback to be effective? HOT 4
- Re-licensing under MPL 2.0 HOT 5
- juice_server_add_credentials How to use it correctly? It has no effect HOT 5
- How does libjuice do multiple connections HOT 1
- Call the libjuice library, call the library in cpp, the memory occupies 4M, call the library in pure C, the memory occupies 2.5M,Why? HOT 2
- Can libjuice support candidates re-gathering? HOT 2
- On MacOS, with M1/2 Apple Silicon, there's a risk of the receiving threads running at very low performance
- double deallocation when allocation fails HOT 1
- usage clarification HOT 5
- Failed to compile on embedded arm architecture platform HOT 2
- ICE-TCP HOT 3
- Add single-threaded mode HOT 11
- STUN message send failed / STUN local ufrag check failed. HOT 4
- STUN Freshness Issue Leads to Disconnects HOT 4
- Building juice-static on Windows results in a static library that looks to be compiled for a dynamically linked C runtime HOT 2
- Integrate into `asio::io_service` on C++ application HOT 1
- io_uring and libjuice HOT 2
- Misalignment issue during STUN data reading HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libjuice.