0010056: Prevent Hijacking of Session by creating chain connecting back to initial OpenSecureChannel

ID	Project	Category	View Status	Date Submitted	Last Update

0010056	10000-006: Mappings	Spec	public	2024-12-04 16:50	2025-02-04 16:55

Reporter	Randy Armstrong	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	acknowledged	Resolution	open
Product Version	1.05.04

Summary	0010056: Prevent Hijacking of Session by creating chain connecting back to initial OpenSecureChannel
Description	to resolve this issue for a future ECC security policy I would like to suggest the following changes to the protocol. When a ECC SecureChannel is renewed, the ECDH algoritm is used to generate the shared secret, and the key derivation uses IKM0 = the x-coordinate of the shared secret of the initial handshake IKM1 = the x-coordinate of the shared secret of the first renew IKM2 = the x-coordinate of the shared secret of the second renew etc. The key derivation algorithm as defined in part 6, 6.8.1 Secure Channel Handshake, uses for the first renew IKM = IKM0 xor IKM1 instead of deriving the session keys directly out of IKM1, and for the second renew IKM = IKM0 xor IKM1 xor IKM2 etc, etc. So it is impossible to know the session keys unless all ECDH secrets are known, including the ECDH secret from the initial handshake. This should prevent any successful session take-over attack.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-12-04 16:50	Randy Armstrong	New Issue
2025-02-04 16:55	Jim Luth	Note Added: 0022363
2025-02-04 16:55	Jim Luth	Assigned To	=> Jim Luth
2025-02-04 16:55	Jim Luth	Status	new => acknowledged
2025-02-04 16:55	Jim Luth	Assigned To	Jim Luth =>

Jim Luth 2025-02-04 16:55 administrator ~0022363	May deal with this in the next version of ECC profiles.