Re: [6lowapp] Multicast, do we need it
"Don Sturek" <d.sturek@att.net> Sat, 31 October 2009 23:34 UTC
Return-Path: <d.sturek@att.net>
X-Original-To: 6lowapp@core3.amsl.com
Delivered-To: 6lowapp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id DE0DE3A62C1 for <6lowapp@core3.amsl.com>;
Sat, 31 Oct 2009 16:34:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.174
X-Spam-Level:
X-Spam-Status: No, score=0.174 tagged_above=-999 required=5 tests=[AWL=0.989,
BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, MSGID_MULTIPLE_AT=1.449,
UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lun4BOVmEaB for
<6lowapp@core3.amsl.com>; Sat, 31 Oct 2009 16:34:15 -0700 (PDT)
Received: from smtp108.sbc.mail.gq1.yahoo.com (smtp108.sbc.mail.gq1.yahoo.com
[67.195.14.111]) by core3.amsl.com (Postfix) with SMTP id DC8803A67AA for
<6lowapp@ietf.org>; Sat, 31 Oct 2009 16:34:15 -0700 (PDT)
Received: (qmail 33526 invoked from network); 31 Oct 2009 23:34:31 -0000
Received: from adsl-69-105-139-197.dsl.sndg02.pacbell.net
(d.sturek@69.105.139.197 with login) by smtp108.sbc.mail.gq1.yahoo.com with
SMTP; 31 Oct 2009 16:34:30 -0700 PDT
X-Yahoo-SMTP: fvjol_aswBAraSJvMLe2r1XTzhBhbFxY8q8c3jo-
X-YMail-OSG: PzzCP_0VM1mDWtdTud31z.mMp3zOmxMHtJVWuRwrew7XTaLSH6KVA_fHgMR8bIdKKFxofpgV9vAHxrsXucNFLd4ulrK6l7jcTH7ucdzxUH_PHqLUgZykt148FtAY7AGZibvEuGs_VBhthyXPiPl2p3aJAp_HdVsjURCJuuKvtjFWxd.3561Y3V1GAStEzYVD._Imet9eE7.vusN3soNOPw3rjOHWy1A6Ol.iyH_1VwAK9WZjsWDDiF74D9fyWgl5l5i3PjcsUS7b1ldJ2CLvMTPQrYXPFW9HPA1CZqSItDSf3XT3GqM-
X-Yahoo-Newman-Property: ymail-3
From: "Don Sturek" <d.sturek@att.net>
To: "'Cullen Jennings'" <fluffy@cisco.com>, <6lowapp@ietf.org>
References: <82431E68-B3B1-4FF7-A1FE-51F8B17D1D54@cisco.com>
In-Reply-To: <82431E68-B3B1-4FF7-A1FE-51F8B17D1D54@cisco.com>
Date: Sat, 31 Oct 2009 16:34:27 -0700
Message-ID: <005a01ca5a82$b0900fc0$11b02f40$@sturek@att.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcpaUFaVcOg9A75PSamTFH2Q9BNeqQAMVXTQ
Content-Language: en-us
Subject: Re: [6lowapp] Multicast, do we need it
X-BeenThere: 6lowapp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: d.sturek@att.net
List-Id: Application protocols for constrained nodes and networks
<6lowapp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/6lowapp>,
<mailto:6lowapp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lowapp>
List-Post: <mailto:6lowapp@ietf.org>
List-Help: <mailto:6lowapp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lowapp>,
<mailto:6lowapp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2009 23:34:17 -0000
Hi Cullen, For the Smart Metering solution, we made the following assumptions: 1) The Utilities would like to trust the minimum number of devices 2) Biggest "bang for the buck" (meaning the devices which consume the most electricity) are Heating and Air Conditioning (by a wide margin). 3) Utility would like to get additional savings but that can be through "Energy Management Systems". Those devices on one side are utility trusted and on the other side interface to untrusted devices in the home (like the lighting devices you mentioned). 4) Utilities would like to see security certificates in trusted devices. The security bar for untrusted devices is much lower (many times, a simple shared security key with AES-128 encryption is plenty good on the untrusted devices according to companies I have talked with producing home automation products). 5) The utilities have ways to verify when the Energy Management System is told to save 20% of usage, agrees it can, and tells the untrusted devices to optimize usage to save 20%. The meter in the premise will tell whether the 20% was actually saved or not. The uptake on this: The requirements for trusted utility devices (which I think are far fewer in number) are quite different from untrusted devices. Don -----Original Message----- From: 6lowapp-bounces@ietf.org [mailto:6lowapp-bounces@ietf.org] On Behalf Of Cullen Jennings Sent: Saturday, October 31, 2009 10:34 AM To: 6lowapp@ietf.org Subject: [6lowapp] Multicast, do we need it So we have a use case now where a light switch gets flicked and several lights are perceived by humans as coming on at the same time. A few people have explained to me that the way we need to meet this is the switch multicasts the on command to the lights. This brings up two questions, reliability and security. On reliability, I'm assuming we would send an unreliable multicast "on" command followed by a reliable unicast "on" command to each light individually. Any light that missed the multicast command would be delayed until they got the unicast command. Is this assumption correct on one way to deal with the reliability issues for things that need it? Do people have something else in mind? I could care less what the approach is but I want to be able to explain, at a sketch level, what the plan is to meet this use case. Now on to the security. Multicast security, particularly with very short messages if obviously solvable but not trivial security issue. As far as I can tell, this use case would force us to have a object security model. I don't pretend to be a security person in the slightest so hopefully I won't get the next part too wrong but someone who has a clue can correct me. Say were doing AES in CBC mode with a 96 byte MAC - It seems that the object will need to have somewhere in the order of: IV 16 bytes Mac 12 bytes Key identifiers 4 bytes time or sequence replay protection 4 bytes Various version code points 4 bytes Padding 1 to 16 bytes The smallest message possible is already looking like 56 bytes. One can argue any of these numbers up or down but my point is, I don't know if our effective MTU is 40,50,60, 128, or 1200. Various people have asserted all the above numbers and I understand that the real answer is not going to be hard and fast and it all depends. But it seems like we might be in the range where it's feasible to use CMS, perhaps with AES in CBC mode with HMAC-SHA-96 and some sort of scheme wit unicast challenge response to set up a sliding sequence counter window for replay protection or perhaps AES with CTR mode might be able to make it smaller. I'm not proposing this group would do this type of security work, I imagine we would go find it in something existing but this is just a back of envelope calculation on the lower bound of object security approach. And this brings up a a whole other issue, how to do replay protection on multicast messages. Clearly replaying the "unlock door" command would not be good. I have a hard time imaging anyone being keen on synchronized time between the devices. I've also seen that whatever discovery protocol is done might also need to use some secure multicast. So I am working on the assumption that we need multicast and we need object security inside it. And that this complicated out lives particularly if we want the messages to be small. Do folks agree this assumption? If folks agree, any ideas on what existing security standards we can use. I'd probably start by looking at what could be done with CMS. IS that a good starting point? One or two people suggested to me that we could use EAP but I don't know if they meant for this or something else. So as always, back to my usual questions, what is it people want to do for any of this. If there looks like there might be agreement, I can try and figure out what would be needed in the charter. _______________________________________________ 6lowapp mailing list 6lowapp@ietf.org https://www.ietf.org/mailman/listinfo/6lowapp
- [6lowapp] Multicast, do we need it Cullen Jennings
- Re: [6lowapp] Multicast, do we need it Don Sturek