IETF Logo Mail Archive

Re: [6tisch-security] slides you presented

Göran Selander <goran.selander@ericsson.com> Mon, 06 March 2017 17:14 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66158129626 for <6tisch-security@ietfa.amsl.com>; Mon, 6 Mar 2017 09:14:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WpsoAVYfGdUH for <6tisch-security@ietfa.amsl.com>; Mon, 6 Mar 2017 09:14:01 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A434112957F for <6tisch-security@ietf.org>; Mon, 6 Mar 2017 09:14:00 -0800 (PST)
X-AuditID: c1b4fb3a-29b639800000484c-1c-58bd98d63b07
Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by (Symantec Mail Security) with SMTP id 1A.0C.18508.6D89DB85; Mon, 6 Mar 2017 18:13:59 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.200]) by ESESSHC018.ericsson.se ([153.88.183.72]) with mapi id 14.03.0319.002; Mon, 6 Mar 2017 18:13:38 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Thread-Topic: [6tisch-security] slides you presented
Thread-Index: AQHSjNhj/O61zu/6fEqs5XyYLuNd26F2NsWAgAHjUYCAACGUAIACRdeAgA2e0gA=
Date: Mon, 06 Mar 2017 17:13:38 +0000
Message-ID: <D4E34EE3.783F6%goran.selander@ericsson.com>
References: <D4D2C251.76751%goran.selander@ericsson.com> <f6dbdaf79dc7f3dd5a27eb5d07c39ba1@xs4all.nl> <3614.1487943075@obiwan.sandelman.ca> <D4D5FCA4.76D63%goran.selander@ericsson.com> <27787.1488075235@obiwan.sandelman.ca>
In-Reply-To: <27787.1488075235@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.1.161129
x-originating-ip: [153.88.183.16]
Content-Type: text/plain; charset="utf-8"
Content-ID: <9D21C65C0C6B734E8E5DE461360C8367@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJIsWRmVeSWpSXmKPExsUyM2K7h+71GXsjDKZvZ7RoXrmI3eLR/lVs Fj2H+tkdmD2WLPnJ5NEyZw+zx4mG7ewBzFFcNimpOZllqUX6dglcGfPuNbMVLBGu+NH/ibWB 8YlQFyMnh4SAicSifU2sXYxcHEIC6xglFp1/wALhLGaU6Nj7mBWkik3AReJBwyMmEFtEQE9i +ZFnjCA2s0CZxLeG5WBxYQFjiWu/FwHVcwDVmEi8fakDUe4n8XfVEhYQm0VAReLouetg5bwC FhKfZxxghtj1nFFiwfpzYAlOoDlrJk0BsxkFxCS+n1rDBLFLXOLWk/lMEFcLSCzZc54ZwhaV ePn4H9idoiC3PV8DFVeU2Hm2nRnkHmYBTYn1u/QhxlhLXDz3lRnCVpSY0v2QHeIeQYmTM5+w TGAUn4Vk2yyE7llIumch6Z6FpHsBI+sqRtHi1OLi3HQjI73Uoszk4uL8PL281JJNjMAIPLjl t9UOxoPPHQ8xCnAwKvHwFlTujRBiTSwrrsw9xCjBwawkwhvcABTiTUmsrEotyo8vKs1JLT7E KM3BoiTOa7byfriQQHpiSWp2ampBahFMlomDU6qB0S3w/4nitoWXH01/4KJ35HuZUEX5VR/r DtUDXZkGbPviNP9MeJAVJcct/bZJ5fmiyelrH72/lcKz0FL0gk/G1dk25cc0BF0ef4zrvbTb kPsiq9ja7r9ne5ZulBa0OcTFq7o4xPXnftP2zC3cS57InC5qEg063tkWsmAei6VZrM+iRVMk 5yxpU2Ipzkg01GIuKk4EANSbKmK8AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/dL8BXtRk3BSCGYZS7CFkFXlGFrI>
Cc: "consultancy@vanderstok.org" <consultancy@vanderstok.org>, "6tisch-security@ietf.org" <6tisch-security@ietf.org>
Subject: Re: [6tisch-security] slides you presented
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2017 17:14:02 -0000

Hi Michael,

You asked how to define key identifiers for the multiple keys derived with
EDHOC.

First of all, it is not clear that it is needed in this case. If you
derive OSCOAP keys for use when protecting communication between one
device and its management device, then those keys could be used for
accessing multiple resources and reversing roles of client and server.

In the current version of EDHOC each party can define its own identifier
for one derived key, enabling local uniqueness without wasting bytes with
large identifiers.


If you want to guarantee global uniqueness for multiple identifiers, one
way is to derive large pseudorandom numbers using the same key derivation
and special labels.  How to generate locally unique small key identifiers
for multiple keys is currently not in scope of EDHOC, and in general
depends on the application and how the locally generated identifiers are
kept unique.
One application could e.g. order and keep track of key identifiers and
allocate derived keys sequentially.

Hope that helps.

Göran


On 2017-02-26 03:13, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:

>
>Göran Selander <goran.selander@ericsson.com> wrote:
>    > Section 3.2 describes the key derivation and allows the definition
>of an
>    > application specific label (byte string) which is used to derive an
>    > application specific key from the key established through the run
>of EDHOC.
>
>    > How this is used to derive the OSCOAP master secret/salt you find in
>    > appendix B.2.
>
>https://bitbucket.org/mcr314/draft-ietf-6tisch-minimal-security/commits/15
>387091977d408103cd72f12f7008a50483fc40
>
>--
>Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -= IPv6 IoT consulting =-
>
>
>

v2.23.0 | Report a Bug | By Email