IETF Logo Mail Archive

Re: [6tisch-security] agenda for 2014-05-27 6tisch security call

<yoshihiro.ohba@toshiba.co.jp> Wed, 28 May 2014 15:03 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E47D41A09E6 for <6tisch-security@ietfa.amsl.com>; Wed, 28 May 2014 08:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.352
X-Spam-Level:
X-Spam-Status: No, score=-0.352 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, WEIRD_PORT=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U6ql32nZf_hC for <6tisch-security@ietfa.amsl.com>; Wed, 28 May 2014 08:03:29 -0700 (PDT)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 791EF1A09EC for <6tisch-security@ietf.org>; Wed, 28 May 2014 08:02:04 -0700 (PDT)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id s4SF1vft019197; Thu, 29 May 2014 00:01:57 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id s4SF1vvJ021626; Thu, 29 May 2014 00:01:57 +0900 (JST)
Received: from unknown [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id AAA21625; Thu, 29 May 2014 00:01:57 +0900
Received: from mx12.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id s4SF1vBk009391; Thu, 29 May 2014 00:01:57 +0900 (JST)
Received: from TGXML208.toshiba.local by toshiba.co.jp id s4SF1uLQ010086; Thu, 29 May 2014 00:01:56 +0900 (JST)
Received: from TGXML210.toshiba.local ([169.254.4.46]) by TGXML208.toshiba.local ([133.199.70.17]) with mapi id 14.03.0181.006; Thu, 29 May 2014 00:01:56 +0900
From: yoshihiro.ohba@toshiba.co.jp
To: jsimon@linear.com
Thread-Topic: [6tisch-security] agenda for 2014-05-27 6tisch security call
Thread-Index: AQHPeVZhw54BHDP0SE+00Qrnll9n8JtTKLqAgACwMoCAAayJwP//+QQAgACYY+A=
Date: Wed, 28 May 2014 15:01:56 +0000
Message-ID: <674F70E5F2BE564CB06B6901FD3DD78B2723B85A@TGXML210.toshiba.local>
References: <E045AECD98228444A58C61C200AE1BD8416F3AF4@xmb-rcd-x01.cisco.com> <531DD632.2060009@cox.net> <531DDB20.5050600@gmail.com> <10925.1394631496@sandelman.ca> <532069C8.2050005@gmail.com> <23590.1394999032@sandelman.ca> <18106.1395625035@sandelman.ca> <19609.1396839403@sandelman.ca> <11557.1397444260@sandelman.ca> <28192.1398644294@sandelman.ca> <29064.1399255587@sandelman.ca> <19475.1400588783@sandelman.ca> <4903.1401158997@sandelman.ca> <53840205.2070103@gmail.com> <CAJeFcoS3PNFX2obx3uNDJDtH=QvNLmaPhw2R468sNaeqpo8QBQ@mail.gmail.com> <674F70E5F2BE564CB06B6901FD3DD78B2723B576@TGXML210.toshiba.local> <CAJeFcoQBp1A7pwZHWoesvrjSySW0UZ0k11-s3-MFAozSuR0Yrw@mail.gmail.com>
In-Reply-To: <CAJeFcoQBp1A7pwZHWoesvrjSySW0UZ0k11-s3-MFAozSuR0Yrw@mail.gmail.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
x-originating-ip: [133.199.16.137]
msscp.transfermailtomossagent: 103
Content-Type: multipart/alternative; boundary="_000_674F70E5F2BE564CB06B6901FD3DD78B2723B85ATGXML210toshiba_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch-security/u6Y3Qyj23zrdPTDgNFhODLK-1kQ
Cc: mcr+ietf@sandelman.ca, rstruik.ext@gmail.com, 6tisch-security@ietf.org
Subject: Re: [6tisch-security] agenda for 2014-05-27 6tisch security call
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2014 15:03:35 -0000

Hi Jonathan,

Thank you for your answer.

I think this can be an issue if already joined nodes also use the beacons protected with the well-known key for maintaining synchronization and slot allocations, as an attacker can send forged beacons protected with the well-known key.

Yoshihiro Ohba


From: 6tisch-security [mailto:6tisch-security-bounces@ietf.org] On Behalf Of Jonathan Simon
Sent: Wednesday, May 28, 2014 11:49 PM
To: ohba yoshihiro(大場 義洋 ○RDC□NSL)
Cc: Michael Richardson; Rene Struik; 6tisch-security@ietf.org
Subject: Re: [6tisch-security] agenda for 2014-05-27 6tisch security call

Yoshihiro -

Q. In w/HART, are all beacon frames authenticated with a well-known key even after a joining node obtained the runtime link layer key?
A. Yes. In WirelessHART the beacons (called "advertisements" but they serve the same purpose and have similar content) are intended for devices not yet in the network, so they always use the well-known key.  To discover other nodes within the network, they use frames secured with the runtime link-layer key.
Jonathan

On Tue, May 27, 2014 at 11:18 PM, <yoshihiro.ohba@toshiba.co.jp<mailto:yoshihiro.ohba@toshiba.co.jp>> wrote:
Hi Jonathan,

Thank you for sending the summary of w/HART joining.

I have question.

In w/HART, are all beacon frames authenticated with a well-known key even after a joining node obtained the runtime link layer key?

Regards,
Yoshihiro Ohba




From: 6tisch-security [mailto:6tisch-security-bounces@ietf.org<mailto:6tisch-security-bounces@ietf.org>] On Behalf Of Jonathan Simon
Sent: Tuesday, May 27, 2014 10:41 PM
To: Rene Struik
Cc: Michael Richardson; 6tisch-security@ietf.org<mailto:6tisch-security@ietf.org>
Subject: Re: [6tisch-security] agenda for 2014-05-27 6tisch security call

Rene had asked on a previous call for someone to summarize WirelessHART joining - here you go.

* One or more devices are sending beacons to advertise the presence of the network. In WirelessHART, this frame is unencrypted, but authenticated with a well known key.  The beacon contains the current ASN, which the joining device uses to synchronize its clock.
* Once the joining node has heard a beacon, it continues listening for additional beacons for a short specified timeout.
* The joining node encrypts a frame containing some HART specific content, including a list of beaconing neighbors it heard in the previous steps. The size of the payload is ~ 60 bytes.  The packet is routed by a "proxy" node - the joining parent. The frame is authenticated using the well-known key, and encrypted using a shared symmetric key known only by the node and the manager.

* The manager responds with a frame containing the run-time link-layer key, the node's new short address (this takes the place of PAN coordinator association), and a unicast session key and starting nonce for the manager. This frame is encrypted with the symmetric key. The payload is ~ 60 bytes, and is routed to the proxy for delivery to the joining node - the proxy uses the link-layer well known key on the frame.
* At this point the joining node transitions to using the run-time link-layer key for all link-layer frames, and the manager unicast session for end-to-end manager traffic. This ends the initial security handshake.
* Over a number of additional frames, the manager assigns additional sessions, including broadcast sessions, and a unicast session to the Gateway (sink for all data traffic), and additional communications resources, routing information, etc.  There is no explicit transition from joining to joined - the mote transitions when certain key frames are received.
* Note that a WirelessHART link-layer frame contains and additional frame type byte and a 4-byte link-layer MIC, on top of the unsecured 15.4 frame.  A network frame contains an additional 16-40 bytes of addressing, routing, security and other information.
Hope this help!
Jonathan


On Mon, May 26, 2014 at 8:09 PM, Rene Struik <rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com>> wrote:
Hi Michael:

I would like to discuss the outstanding issues I summarized in my email of Tue last week, May 20, 2014, 9:45am EDT (see http://www.ietf.org/mail-archive/web/6tisch-security/current/msg00086.html<http://cp.mcafee.com/d/5fHCMUp41ESyNt55OWtSjtPqbwVBcSyUepvdEK3zhOyCOqejrzPPPz5XCN6ABqM1hYEvIundDOx-NVsTJQXIfcLZvC4TQTS6eLsKCO-PPXX3XUVzBHFShjlKepVkffGhBrwqrhdI6XYyMCY-ehojd79KVI05bVKY01MjbX6NehDY05zAVkIjbQ-PspjbppKcvxf5q4rTKYVMedKjBiNcLjXdNBcIn8lrxrW0GnPtU02rhhuhKr1vF6y0QJKjBiNcLjXdNBcIqnjh1F7U8qq87qNd42tQm2ZTOWoUQgejBiNcQgk-Pspjb6y2SDDCT63pO_o>). This was also one of the action items at the conclusion of last week's 6TiSCH security call.

FYI - the w/HART communication flows were discussed during the 6TiSCH security conf call the week before, on Mon May 12, 2014. If one wishes to go over this again, that is fine, but I would prefer us giving preference to taking on already articulated issues (which were assigned as homework assignment to reflect upon) first (i.e., prior to item #4 of the proposed agenda).

As another agenda point, I would like us to discuss the frequency of future calls (as part of EOB).

Best regards, Rene


On 5/26/2014 10:49 PM, Michael Richardson wrote:

To remind, we moved the call from the 26th to the 27th at 10am EDT.

That's 90 minutes from this email.



1) notewell.

2) intros

3) recap of draft-piro-

4) wirelesshart -way --- how does the communication work?

5) how to summarize all of this to the working group

6) how to close this process up?



-- remember that the call is recorded, and the NoteWell applies.



-- The URL to access the webex, which will we use for audio only:

  https://cisco.webex.com/cisco/j.php?MTID=m2fe139bf876cea3ec62750cd580b7908<http://cp.mcafee.com/d/5fHCN0SyNt55OWtSjtPqbwVBcSyUepvdEK3zhOyCOqejrzPPPz5XCN6ABqM1hYEvIundDOx-NVsTJQXIfcLZvC4TQTS6eLsKCO-PPXX3XUVzBHFShjlKepVkffGhBrwqrjdI6XYyMCY-ehojd79KVIDeqR4IOQGmHM0L3-nOQGmHwzMh93o93gUVldTQmjhOgtu7em_mvIUCevLp1ZWV0sqerL6T9OFoCnFZCUOCmbAaJMJZ0lbVKY01dEEL8TdwLQzh0qmT9OFoCnFZCUOCmdbFEwQzY4dd43JoCy1eWb1uXVtcsq879OFoCq8avpKcFBzh1rjPPrz1LmTw7w17>



-- we will resume with the etherpad at:

   http://etherpad.tools.ietf.org:9000/p/notes-ietf-89-6tisch-security<http://cp.mcafee.com/d/2DRPow71NJ5yWabBQXICXCQn1PapJ5MsO-rhs76zB5dAQsCT7DDD6bTdyd9aRw2zVg_oYKrfB3ZzOVLrFToupvW_c9LFLIctuVtdBZDDTS7TNP7bnjIyCHssPOEuvkzaT0QSOrodTV5xdVYsyMCqejtPo0fVA_yJG7jHk-Di-rL00kzhPuZYmO5p_gLbVKBTzhOnsDaBypuDSrzapoSVelb4OZfIT6kONsxlK5LE2FvdTw09J55V6VI5-Aq83iSVelb4OZfIT6kONFtd46AvwxFEwtH4Qg9ThobTvbFzzh0Velb4Ph1jXdNBcIq8bquursodJiZvpmK6GwY>



I'm at +1 613 276-6809<tel:%2B1%20613%20276-6809>, IM: mcr@xmpp.credil.org<mailto:mcr@xmpp.credil.org> or mcharlesr@gmail.com<mailto:mcharlesr@gmail.com>,

if you need more than that to get in, or are having difficulties.

Please make sure your audio works, and that you mute when not talking.



--

Michael Richardson <mcr+IETF@sandelman.ca><mailto:mcr+IETF@sandelman.ca>, Sandelman Software Works

 -= IPv6 IoT consulting =-








_______________________________________________

6tisch-security mailing list

6tisch-security@ietf.org<mailto:6tisch-security@ietf.org>

https://www.ietf.org/mailman/listinfo/6tisch-security<http://cp.mcafee.com/d/2DRPoO86QmbEEKnjKOrKrhs7cFCQn1PbVJ5MsqekkSjhOrsuuusoLsS8QAHm0afB3ZzOVI-kfSfbCZKDtxVB_HYMC-C-MNRXBQSnSuvvovv7csJteOaqJNPfaxVZicHs3jr1JwTvAm4TDNOb2pEVdTdAVPmEBC5eBYTu00U9GX33VkDa3JssDaBypuDSrzapoSVelb4OZfIT6kONsxlK5LE2FvdTw09J55V6VI5-Aq83iSVelb4OZfIT6kONFtd46AvwxFEwtH4Qg9ThobTvbFzzh0Velb4Ph1jXdNBcIq8bquursodLWbv>



--

email: rstruik.ext@gmail.com<mailto:rstruik.ext@gmail.com> | Skype: rstruik

cell: +1 (647) 867-5658<tel:%2B1%20%28647%29%20867-5658> | US: +1 (415) 690-7363<tel:%2B1%20%28415%29%20690-7363>

_______________________________________________
6tisch-security mailing list
6tisch-security@ietf.org<mailto:6tisch-security@ietf.org>
http://cp.mcafee.com/d/avndzgQ93gArhoKyyVteX9KVJ5MsOCrhs7cLCQn1NEVhjpd79JNVVVNyZPoziiJo0E-kfSfbCPVg_oYKrSWtS7Cn-LP2rWrX37nKnjpvpVZZxZYsNORQX8FGT7cYG7DR8OJMddECQjt-hojuv78I9CzATsSjDdqymokWnPtU03wCHIcfBisEeRNOsGm9BWvpKcFBzrAVkIjbQ-Pspjb5O5mUm-waBYTu00CQknArCMnWhEwdbrAVkIjbQ-Pspjb6BQQgqh-26Cy1SIjh0Dt5wLtYKCed43AVkIjd45fIT6kONEwJFVVJNwSeVhsrLe-Fkd



--
--
Jonathan Simon, Ph. D
Director of Systems Engineering
Dust Networks at Linear Technology
30695 Huntwood Ave
Hayward, CA 94544-7021
(510) 400-2936<tel:%28510%29%20400-2936>
(510) 489-3799<tel:%28510%29%20489-3799> FAX
jsimon@linear.com<mailto:jsimon@linear.com>

**LINEAR TECHNOLOGY CORPORATION**
*****Internet Email Confidentiality Notice*****
 This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail, or by telephone at (510) 400-2936<tel:%28510%29%20400-2936>, and destroy the original transmission and its attachments without reading or saving in any manner. Thank you.

_______________________________________________
6tisch-security mailing list
6tisch-security@ietf.org<mailto:6tisch-security@ietf.org>
http://cp.mcafee.com/d/2DRPow76QmbEFLzzhOM-rKrhs7cFCQn1PbVJ5MsqekkSjhOrsuuusoLsS8QAHm0afB3ZzOVI-kfSfbCTA7hPXPb_nVNZNBVxzHTbEzHIYYepd7bz8XBHEShhlKM_OEuvkzaT0QSyrhdTV5xdVYsyMCqejtPpesRG9pxjFvdTw0e2qKMM-l9OwXn79OFoCnFZCUOCmdKjBiNcLjXdNBcIn8lrxrW0GnPtU02rojhKUr1vF6y0QJKjBiNcLjXdNBcIqnjh1F7U8qq87qNd42tQm2ZTOWoUQgejBiNcQgk-Pspjb6y2SDDCT63rt_U2SVUlVB0



--
--
Jonathan Simon, Ph. D
Director of Systems Engineering
Dust Networks at Linear Technology
30695 Huntwood Ave
Hayward, CA 94544-7021
(510) 400-2936
(510) 489-3799 FAX
jsimon@linear.com<mailto:jsimon@linear.com>

**LINEAR TECHNOLOGY CORPORATION**
*****Internet Email Confidentiality Notice*****
 This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail, or by telephone at (510) 400-2936, and destroy the original transmission and its attachments without reading or saving in any manner. Thank you.

v2.23.0 | Report a Bug | By Email