[6tisch-security] Short address assignment, nonces, and TSCH
Tero Kivinen <kivinen@iki.fi> Thu, 01 December 2016 12:48 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24738129430 for <6tisch-security@ietfa.amsl.com>; Thu, 1 Dec 2016 04:48:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TshdpPkUjVJg for <6tisch-security@ietfa.amsl.com>; Thu, 1 Dec 2016 04:48:53 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 102AC12969B for <6tisch-security@ietf.org>; Thu, 1 Dec 2016 04:48:52 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id uB1Cmnwu019578 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <6tisch-security@ietf.org>; Thu, 1 Dec 2016 14:48:49 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id uB1CmnQf022166; Thu, 1 Dec 2016 14:48:49 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID: <22592.7216.968126.340725@fireball.acr.fi>
Date: Thu, 01 Dec 2016 14:48:48 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: 6tisch-security@ietf.org
X-Mailer: VM 8.2.0b under 24.5.1 (x86_64--netbsd)
X-Edit-Time: 18 min
X-Total-Time: 28 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/po-BbnQYZP5VqppCy0HvUqOSGIs>
Subject: [6tisch-security] Short address assignment, nonces, and TSCH
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2016 12:48:55 -0000
During the teleconf I pointed out about the issues with the short address assignments and security. This email provides background information and explains the situation bit more. In all of this discussions I assume we are using IEEE Std. 802.15.4-2015 security. When not using TSCH the nonce is generated using Source address + Frame counter and security level. As Frame counter is separate for each device, that means that only thing that makes sure the nonces are different is the Source address. Because of this the Source address must be extended address, as short addresses are only unique during certain time, not globally. When using TSCH the situation is bit different as Frame counter is replaced with network global ASN. This means that Source address part needs to be unique for that timeslot. This means that coordinator assigining the short address must make sure that same short address is not given to multiple nodes at the same time, but it can give short address to node A, and when it is sure that node A does not use the short address anymore, it can give the same short address to node B. This means it can reuse the short addresses and it will not run out of short addresses unless it has more than 65k nodes in network. Now, if the short address assinged to the node A does not have any timeframe how long it is valid, the coordinator does not know when the node A stops using the short address, thus it cannot reuse the address. It cannot assume that all nodes will contact it before going away and send release for the address lease, so it must use some other mechanism to guarantee that. Easiest way would be to send the lifetime along the short address. As we do have global time in the network (ASN), we can use that as a global time frame, so the coordinator can send node A a short address of 0x1234, and say that node A is allowed to use it until ASN 0x12345678a0. After that ASN is reached the node A would need to contact coordinator again to renew the short address lease (or most likely it would contact bit earlier and renew the lease so it gets the same address again). This is explained in the IEEE Std. 802.15.4-2015 section 9.3.2.2: ---------------------------------------------------------------------- 9.3.2.2 CCM* nonce for TSCH mode When TSCH mode is enabled, the nonce shall be formatted as shown in Figure 9-2. +----------------+--------+ | Octets: 8 | 5 | +----------------+--------+ | Source Address | ASN | +----------------+--------+ Figure 9-2—CCM* nonce in TSCH mode The Source Address shall either be set to the extended address of the device originating the frame or shall be formatted as illustrated in Figure 9-3. +-----------------+------+--------+---------------+ | Octets: 3 | 1 | 2 | 2 | +-----------------+------+--------+---------------+ | IEEE 802.15 CID | 0x00 | PAN ID | Short address | +-----------------+------+--------+---------------+ Figure 9-3—Source Address field for TSCH mode with short addressing The IEEE 802.15 CID field contains the CID for IEEE 802.15. The PAN ID field contains the PAN ID. The Short Address field contains the short address of the device originating the frame. NOTE—When using short addresses in the nonce, it is important that the coordinator assign unique short addresses. The ASN shall be set to the ASN of the timeslot during which the frame is sent. ---------------------------------------------------------------------- PAN ID is added, as large networks might use multiple PANs, but still use same secret key (it does not matter whether the ASNs are in sync or not). -- kivinen@iki.fi
- [6tisch-security] Short address assignment, nonce… Tero Kivinen
- Re: [6tisch-security] Short address assignment, n… Mališa Vučinić
- Re: [6tisch-security] Short address assignment, n… Tero Kivinen
- Re: [6tisch-security] Short address assignment, n… Michael Richardson
- Re: [6tisch-security] Short address assignment Michael Richardson
- Re: [6tisch-security] Short address assignment, n… Michael Richardson
- Re: [6tisch-security] Short address assignment, n… Tero Kivinen
- Re: [6tisch-security] Short address assignment Tero Kivinen
- Re: [6tisch-security] Short address assignment Michael Richardson