Re: [6tisch] ASN replay attack -- proposed text
Tero Kivinen <kivinen@iki.fi> Sat, 27 July 2019 04:08 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBECC12025F for <6tisch@ietfa.amsl.com>; Fri, 26 Jul 2019 21:08:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.42
X-Spam-Level:
X-Spam-Status: No, score=-3.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JleL9gojqDiy for <6tisch@ietfa.amsl.com>; Fri, 26 Jul 2019 21:08:25 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62FB712022E for <6tisch@ietf.org>; Fri, 26 Jul 2019 21:08:25 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id x6R48Fdj009978 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 27 Jul 2019 07:08:15 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id x6R48EIs022536; Sat, 27 Jul 2019 07:08:14 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23867.52782.558815.945572@fireball.acr.fi>
Date: Sat, 27 Jul 2019 07:08:14 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: Thomas Watteyne <thomas.watteyne@inria.fr>, malisa.vucinic@inria.fr, 6tisch <6tisch@ietf.org>
In-Reply-To: <MN2PR11MB35655639497685D38075B1EFD8C00@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <187B5557-C49C-44A3-AD16-C4CFF00FB91B@inria.fr> <08DADD63-7A1D-4D17-93E5-CCAC9ED7ED97@inria.fr> <MN2PR11MB35655639497685D38075B1EFD8C00@MN2PR11MB3565.namprd11.prod.outlook.com>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 7 min
X-Total-Time: 9 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/2nJ-kOx_Ab1_IvvN4fn-KNI5xHc>
Subject: Re: [6tisch] ASN replay attack -- proposed text
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2019 04:08:27 -0000
Pascal Thubert (pthubert) writes: > I'm wondering about the delayed security processing. That processing > may be delayed beyond the current ASN. Is the ASN of the receive > time attached to the frame as a meta of sorts to enable the delayed > validation? There is TimeStamp parameter to the MCSP-DATA.indication which tells when the frame was received. TimeStamp is also available in the PANDescriptor when you are scanning the network for beacons, and when joining to TSCH network the upper layer needs to somehow calculate current ASN from the TimeStamp of received beacon and the TSCH Synchorinization IE contained in the Beacon. This means this kind of operation where timestamp is converted to timeslots is something upper layer needs to be able to do anyways, so it should be able to convert the TimeStamp of received frame to ASN and then use that ASN to do security processing. -- kivinen@iki.fi
- [6tisch] ASN replay attack -- proposed text Mališa Vučinić
- Re: [6tisch] ASN replay attack -- proposed text Thomas Watteyne
- Re: [6tisch] ASN replay attack -- proposed text Pascal Thubert (pthubert)
- [6tisch] ASN replay attack -- proposed text Tero Kivinen
- Re: [6tisch] ASN replay attack -- proposed text Tero Kivinen
- Re: [6tisch] ASN replay attack -- proposed text Pascal Thubert (pthubert)
- Re: [6tisch] ASN replay attack -- proposed text Mališa Vučinić
- Re: [6tisch] ASN replay attack -- proposed text Michael Richardson