[6lowpan] An update on IEEE 802.15.4 Key Management

Robert Moskowitz <rgm@labs.htt-consult.com> Mon, 25 July 2011 16:04 UTC

Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: 6lowpan@ietfa.amsl.com
Delivered-To: 6lowpan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A46DE21F903C for <6lowpan@ietfa.amsl.com>; Mon, 25 Jul 2011 09:04:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaxRakpfG9nd for <6lowpan@ietfa.amsl.com>; Mon, 25 Jul 2011 09:04:37 -0700 (PDT)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by ietfa.amsl.com (Postfix) with ESMTP id 9F9CD21F8BBF for <6lowpan@ietf.org>; Mon, 25 Jul 2011 07:07:13 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 29D4662A94 for <6lowpan@ietf.org>; Mon, 25 Jul 2011 14:07:12 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNGpsgCewfog for <6lowpan@ietf.org>; Mon, 25 Jul 2011 10:07:01 -0400 (EDT)
Received: from nc2400.htt-consult.com (unknown [207.164.135.98]) (Authenticated sender: rgm@labs.htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPA id B316262A6F for <6lowpan@ietf.org>; Mon, 25 Jul 2011 10:07:01 -0400 (EDT)
Message-ID: <4E2D7884.3000003@labs.htt-consult.com>
Date: Mon, 25 Jul 2011 10:07:00 -0400
From: Robert Moskowitz <rgm@labs.htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110621 Fedora/3.1.11-1.fc14 Thunderbird/3.1.11
MIME-Version: 1.0
To: 6lowpan@ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [6lowpan] An update on IEEE 802.15.4 Key Management
X-BeenThere: 6lowpan@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Working group discussion for IPv6 over LowPan networks <6lowpan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lowpan>, <mailto:6lowpan-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lowpan>
List-Post: <mailto:6lowpan@ietf.org>
List-Help: <mailto:6lowpan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lowpan>, <mailto:6lowpan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 16:04:38 -0000

This past week, the Key Management Protocol Interest Group met and moved 
forward with a plan to develop a transport mechanism for any Key 
Management Protocol.  See presentation:

https://mentor.ieee.org/802.15/documents/15-11-0381-03-0hip-KMP-over-4e-Multipurpose.ppt

This approach will use the new Information Elements of 802.15.4e and 
Multipurpose Frames to transport any Key Management Protocol.  Now I 
much prefer that you all use HIP, but I am a realist that more than one 
screwdriver is needed in the toolbox, so IKEv2, 802.1X, SAE, and a 
4-way-handshake (like in 802.11i) will be described.

One challenge will be short address selection and collision avoidance.  
A general method of collision avoidance is needed, as a WPAN could have 
more than one KMP in  use.  It is conceivable that this is too hard to 
resolve, and KMP will be restricted to long addresses.

This will be a Recommended Practice.  In Okinawa we will be formalizing 
the design of the transport shim, the Security Association requirements, 
and how to interact with the 802.15.4 security mechinism as discribed in 
the forth-coming 802.15.4-2011 (802.15.4i).  The draft PAR is:

https://mentor.ieee.org/802.15/documents/15-11-0512-01-0hip-Key-Management-Protocol-PAR.doc

To participate in this work, please join the HIPIG 802.15 mailing list.  
Considering our timeline to a PAR (could happen in November), the 
management does not want to create a KMPIG mailing list.  The current 
documents are under HIPIG, but all documents moving forward will be 
under KMPIG.

I will be available during the week to discuss this.