IETF Logo Mail Archive

Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04

Shiva Prasad Thagadur Prakash <shivapt@stud.ntnu.no> Thu, 29 September 2016 15:33 UTC

Return-Path: <shivapt@stud.ntnu.no>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6306812B172; Thu, 29 Sep 2016 08:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.515
X-Spam-Level:
X-Spam-Status: No, score=-6.515 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.316] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=studntnu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N7RrXeFhdHT3; Thu, 29 Sep 2016 08:33:35 -0700 (PDT)
Received: from hylle05.itea.ntnu.no (hylle05.itea.ntnu.no [IPv6:2001:700:300:3::225]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB26E12B18C; Thu, 29 Sep 2016 08:33:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hylle05.itea.ntnu.no (Postfix) with ESMTP id CDA999028F2; Thu, 29 Sep 2016 17:33:31 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at hylle05.itea.ntnu.no
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03lp0206.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e0a::206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by hylle05.itea.ntnu.no (Postfix) with ESMTPS id 53843902E7A; Thu, 29 Sep 2016 17:33:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=studntnu.onmicrosoft.com; s=selector1-stud-ntnu-no; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fh7ksqXuSGa/v5JxpxiXEC+nC/zV8JCpYjZr5u7I9kE=; b=zxAj64JO+3dq4dwVjjIj3KhfdKwTuKrwN1sLc+/Qfhm8Clo4QakCXMZ1bV0lku9Qm8AJVlzQ8fby0yTJtiA/tF9Fzt1SJjEEsFgrwvb7gGkoIIOJFSnu8qKjkeUr9jXY8LiuRO3oYsISpmBdV9n4LSlAFQMfYRm5kkBMHyh3S3Y=
Received: from AM2PR05MB1124.eurprd05.prod.outlook.com (10.163.147.16) by AM2PR05MB1122.eurprd05.prod.outlook.com (10.163.147.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5; Thu, 29 Sep 2016 15:33:27 +0000
Received: from AM2PR05MB1124.eurprd05.prod.outlook.com ([10.163.147.16]) by AM2PR05MB1124.eurprd05.prod.outlook.com ([10.163.147.16]) with mapi id 15.01.0649.016; Thu, 29 Sep 2016 15:33:27 +0000
From: Shiva Prasad Thagadur Prakash <shivapt@stud.ntnu.no>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Thread-Topic: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
Thread-Index: AdIYWoMhUsaXqbcHSTyhqFpPI3ba9wB7VnlwAAe9b4s=
Date: Thu, 29 Sep 2016 15:33:27 +0000
Message-ID: <7309BC23-6B08-47D7-9128-B79A78EA0B7D@stud.ntnu.no>
References: <05f801d2185c$80697b20$813c7160$@gmail.com>, <c6811b2f796d4845a16b3ad41b603c3b@XCH-RCD-001.cisco.com>
In-Reply-To: <c6811b2f796d4845a16b3ad41b603c3b@XCH-RCD-001.cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=shivapt@stud.ntnu.no;
X-Ntnu-xOriginatingIp: [129.241.130.217]
x-ms-office365-filtering-correlation-id: cd0bed93-5146-4fab-87d4-08d3e87df587
x-microsoft-exchange-diagnostics: 1; AM2PR05MB1122; 6:/9FWmzp861/YZ6jmkxLQVL9BchpwyC1LcUBn7n3AovfkBrf2+O5LQvncFIlw43NlWeiY+epESzm4mJRoajJsPn+hHgFzJhJFkhsQesYZolO5NQ9IWEFzeTSxSfs53CFq9u+6Fnpn21xXEsvu4ZHjXKsx7MH0jTRv2eWhRNEGYIexmmCDHrsE7O7BZVEd9wyg0LuTEPpRcnsP2SzDQZfghF4U2mqk21hR9+CktExmOoPFDlvM4ut/NQy54DKqK+uY1ETakHr9pT1Aevpw+EwqEwAXxVc+BlUOBNnalqBmIYU=; 5:D4ltkrKMWHDu96m88GuH8YAlju1e1V8/2jhu4m0pEPQe7sBvZwFJLZwLiue8YYDyRcaOpqHsI9721OL0JP6GvisHaXWGGTrj9vE9D1R9YTlvUeNycdQ7U8tS57GUpBY7IDnH0oYYByLxTmBW5jA8MA==; 24:jqBccZdB3vmo2FAUGbOXpTLYIR4Y0boWpbIOZr1ZDnmIDuMTaN8FpwTLm4Bg8BJKLgeIYBjJtptNnVdTyJZ0b2z0qu1pz67aTMS6NEXMUcw=; 7:lIUGlOHNgRUnmzqeOrrdPFG51He4tL4U8iYigy9I01Eyu7cn/ignglHCpjIuVPaoSWf/OMkdsGO7B7rG7qzmO8RXxOtfPvFzNPLNIjrie7v1XyWydtstn3K7lk4nZMfCaxW7yqG5Lut6IBxJaTuqDi3Z4xdJVzbmKV123IX8NvAkmRqAxnujzMZ/2tSUS7Krt3Fa2bNJFYdUlnyqfLDJ3VcY+fJuIhiMrg4W1YY0gL/5aK4EK+nVBB+2KhUZ8d1hYjl9dymO+1iZJUaodhtdrQ6cwf5l4YSvNxco23sxbZP+pMjid4LP1DbOdufKjCE0
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM2PR05MB1122;
x-microsoft-antispam-prvs: <AM2PR05MB1122A64DF90701E0956F9C968DCE0@AM2PR05MB1122.eurprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(60795455431006)(120809045254105)(95692535739014)(211171220733660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:AM2PR05MB1122; BCL:0; PCL:0; RULEID:; SRVR:AM2PR05MB1122;
x-forefront-prvs: 00808B16F3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(189002)(24454002)(199003)(377424004)(230783001)(189998001)(11100500001)(3660700001)(19580395003)(8936002)(81166006)(19580405001)(81156014)(5002640100001)(8676002)(19617315012)(4326007)(101416001)(2906002)(3280700002)(106356001)(50986999)(76176999)(74482002)(105586002)(66066001)(54356999)(7846002)(86362001)(7736002)(16236675004)(15187005004)(82746002)(10400500002)(92566002)(110136003)(7906003)(2950100002)(87936001)(6916009)(790700001)(97736004)(42882006)(102836003)(2900100001)(122556002)(6116002)(77096005)(15975445007)(19625215002)(83716003)(586003)(3846002)(5660300001)(33656002)(68736007)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM2PR05MB1122; H:AM2PR05MB1124.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: stud.ntnu.no does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_7309BC236B0847D79128B79A78EA0B7Dstudntnuno_"
MIME-Version: 1.0
X-OriginatorOrg: stud.ntnu.no
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2016 15:33:27.4345 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 09a10672-822f-4467-a5ba-5bb375967c05
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR05MB1122
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/JXBTuvuaAmdbiNIyeqhn_K05iYg>
Cc: "6lo-chairs@ietf.org" <6lo-chairs@ietf.org>, samita Chakrabarti <samitac.ietf@gmail.com>, lo <6lo@ietf.org>
Subject: Re: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 15:33:40 -0000

Hi,

+1. I think the draft is useful and I would support its adoption.
The draft still needs some work but that should be done as part of the working group.

Thanks,
Shiva

On 29 Sep 2016, at 14:13, Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:

Dear chairs and all :

As an author I support the adoption of this document. There is ample art  -and recent events- that suggests that:


-          IOT devices cannot be trusted for their actions towards the network they live in and the internet at large. They may easily be compromised and do all sorts of things from impersonating other sensors to bombing web sites.

-          IOT devices cannot stay awake and defend their addresses against attackers that may claim their addresses and then use them for malicious purposes, from black-holing critical sensors to reporting the wrong data.


IOT networks could be expected to protect the devices; but with the current protocols they cannot easily recognize right from wrong. There is nothing in 6LoWPAN ND that proves ownership of an address in SAVI terms, e.g. first come first serve, and an attacker may successfully impersonate any device if it knows its MAC address and its IP address, one possibly derived from the other in a reversible fashion.

There is a clear need for a better control, so that the 6LR/6LBR may recognize that a device that claims an address is the true owner. With reliable information they can enforce that a device that uses an address as source of a packet also owns that address.

This is what this draft is all about. Basically, we propose to secure the 6LoWPAN ND registration to prevent theft from a third party. This echoes the past work at SeND and SAVI, but in a very simple fashion that does not require heavy artillery in the device as SeND does. Basically the IOT device uses a crypto ID information (like CGA) instead of the unique ID (the MAC address) in the ARO option, as extended by rfc6775-update; ownership of that ID can verified and the ID can be used to validate that a next registration come from the same device as the previous. A same crypto ID can be used to register multiple addresses, and the addresses to not need to derive from the crypto ID (as opposed to SeND). The ID is stored at the 6LR and 6LBR associated with the address, and they can use ND extension to revalidate the ID ownership at any time they want.

Cheers,

Pascal



From: 6lo [mailto:6lo-bounces@ietf.org] On Behalf Of samita Chakrabarti
Sent: mardi 27 septembre 2016 03:15
To: 'lo' <6lo@ietf.org<mailto:6lo@ietf.org>>
Cc: 6lo-chairs@ietf.org<mailto:6lo-chairs@ietf.org>
Subject: [6lo] WG adoption call for draft-sarikaya-6lo-ap-nd-04



Hello 6lo WG:

We have discussed the following document at the IETF meetings and mailing list about the use of cryptographic ID to identify one device with a particular IPv6 address during the Neighbor Discovery Process. The crypto-ID association is helpful when MAC-ID or EUI-64 ID may not be used.
There has been fair amount of interest in securing the IP-address owner authentication using this method, in the WG meetings(IETF95).

The co-authors have addressed several WG comments in the 04 version.

The adoption call  starts now and ends on Oct 10th, 2016.

Please provide your opinion with  yes/no  answer and a short explanation for this adoption call within the deadline.

Thanks and Regards,
-Gabriel and Samita (6lo co-chairs)

>
>
> Name:           draft-sarikaya-6lo-ap-nd
> Revision:       04
> Title:          Address Protected Neighbor Discovery for Low-power and Lossy Networks
> Document date:  2016-08-22
> Group:          Individual Submission
> Pages:          17
> URL:            https://www.ietf.org/internet-drafts/draft-sarikaya-6lo-ap-nd-04.txt
> Status:         https://datatracker.ietf.org/doc/draft-sarikaya-6lo-ap-nd/
> Htmlized:       https://tools.ietf.org/html/draft-sarikaya-6lo-ap-nd-04
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-sarikaya-6lo-ap-nd-04
>
> Abstract:
>    This document defines an extension to 6LoWPAN Neighbor Discovery.
>    This extension is designed for low-power and lossy network
>    environments and it supports multi-hop operation.  Nodes supporting
>    this extension compute a Cryptographically Unique Interface ID and
>    associate it with one or more of their Registered Addresses.  The
>    Cryptographic ID (Crypto-ID) uniquely identifies the owner of the
>    Registered Address.  It is used in place of the EUI-64 address that
>    is specified in RFC 6775.  Once an address is registered with a
>    Cryptographic ID, only the owner of that ID can modify the state
>    information of the Registered Address in the 6LR and 6LBR.

_______________________________________________
6lo mailing list
6lo@ietf.org<mailto:6lo@ietf.org>
https://www.ietf.org/mailman/listinfo/6lo

v2.23.0 | Report a Bug | By Email