IETF Logo Mail Archive

[6tisch-security] wirelessHART/6tisch join process

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 27 May 2014 15:31 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ED2A1A0181 for <6tisch-security@ietfa.amsl.com>; Tue, 27 May 2014 08:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zmSiJjDA0Qt for <6tisch-security@ietfa.amsl.com>; Tue, 27 May 2014 08:31:24 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.252.184]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 121EB1A0254 for <6tisch-security@ietf.org>; Tue, 27 May 2014 08:31:24 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id BCE0C20028 for <6tisch-security@ietf.org>; Tue, 27 May 2014 11:34:03 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 1F59863B0E; Tue, 27 May 2014 11:31:20 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 09D8463B09 for <6tisch-security@ietf.org>; Tue, 27 May 2014 11:31:20 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6tisch-security@ietf.org
In-Reply-To: <CAJeFcoS3PNFX2obx3uNDJDtH=QvNLmaPhw2R468sNaeqpo8QBQ@mail.gmail.com>
References: <E045AECD98228444A58C61C200AE1BD8416F3AF4@xmb-rcd-x01.cisco.com> <531DD632.2060009@cox.net> <531DDB20.5050600@gmail.com> <10925.1394631496@sandelman.ca> <532069C8.2050005@gmail.com> <23590.1394999032@sandelman.ca> <18106.1395625035@sandelman.ca> <19609.1396839403@sandelman.ca> <11557.1397444260@sandelman.ca> <28192.1398644294@sandelman.ca> <29064.1399255587@sandelman.ca> <19475.1400588783@sandelman.ca> <4903.1401158997@sandelman.ca> <53840205.2070103@gmail.com> <CAJeFcoS3PNFX2obx3uNDJDtH=QvNLmaPhw2R468sNaeqpo8QBQ@mail.gmail.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Tue, 27 May 2014 11:31:20 -0400
Message-ID: <32529.1401204680@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch-security/KRkBvqEa3GumyilXlL6K06tdEXU
Subject: [6tisch-security] wirelessHART/6tisch join process
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2014 15:31:29 -0000

Jonathan Simon <jsimon@linear.com> wrote:
    > * One or more devices are sending beacons to advertise the presence of
    > the network. In WirelessHART, this frame is unencrypted, but
    > authenticated with a well known key.  The beacon contains the current
    > ASN, which the joining device uses to synchronize its clock.

I think that this step won't change at all.
draft-piro-6tisch-security-issues-01 calls this a Partial and Hybrid Secure
Network.

    > * Once the joining node has heard a beacon, it continues listening for
    > additional beacons for a short specified timeout.

You don't explain this part, but one assumes one does this in order to:
  1) perhaps obtain a better (louder) beacon.
  2) in order to hear the correct (non-malicious beacon) as well.

We also need to listen for an RA during some slotted-Aloha period,
which the beacon(s) would tell us about.

    > * The joining node encrypts a frame containing some HART specific
    > content, including a list of beaconing neighbors it heard in the
    > previous steps. The size of the payload is ~ 60 bytes.  The packet is
    > routed by a "proxy" node - the joining parent. The frame is
    > authenticated using the well-known key, and encrypted using a shared
    > symmetric key known only by the node and the manager.

The name for this message is the ND+ARO... That's how things map.
And the ND+ARO is "routed by a proxy node", exactly the same.
The frame is authenticated using a public key rather than a well known
symmetric key.  The message is probably not encrypted.

What is the purpose of including the list of beaconing neighbours?

    > * The manager responds with a frame containing the run-time link-layer
    > key, the node's new short address (this takes the place of PAN
    > coordinator association), and a unicast session key and starting nonce
    > for the manager. This frame is encrypted with the symmetric key. The
    > payload is ~ 60 bytes, and is routed to the proxy for delivery to the
    > joining node - the proxy uses the link-layer well known key on the
    > frame.

ND+ARO reply, but possibly not including all of this information.
My understanding is that in the WirelessHart case, that the format of this
frame is in the same sensor/acutator format as application layer traffic.

In the 6tisch situation, this is where we would like to insteed start
the DTLS/CoAP session.  Ideally, we'd like like it to be end-to-end, but the
node is not completely on the network, and so it might still require a
proxy.  That *could* be trivially in the form an IPIP header, or it could
more complex.

    > * At this point the joining node transitions to using the run-time
    > link-layer key for all link-layer frames, and the manager unicast
    > session for end-to-end manager traffic. This ends the initial security
    > handshake.

Agreed --- one can imagine that the node might remove the JOIN key from its
MAC, and replaces it with the run-time key, and that might even involve
resetting that chip or something.

    > * Over a number of additional frames, the manager assigns additional
    > sessions, including broadcast sessions, and a unicast session to the
    > Gateway (sink for all data traffic), and additional communications
    > resources, routing information, etc.  There is no explicit transition
    > from joining to joined - the mote transitions when certain key frames
    > are received.

This is akin to the 6top schedule distribution.

    > * Note that a WirelessHART link-layer frame contains and additional
    > frame type byte and a 4-byte link-layer MIC, on top of the unsecured
    > 15.4 frame.  A network frame contains an additional 16-40 bytes of
    > addressing, routing, security and other information.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email