Re: [6tisch] Benjamin Kaduk's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 19 November 2019 08:06 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD2D1200B3; Tue, 19 Nov 2019 00:06:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WULS4zFpgVT5; Tue, 19 Nov 2019 00:06:37 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A875912088E; Tue, 19 Nov 2019 00:06:35 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E34E63897E; Tue, 19 Nov 2019 03:03:19 -0500 (EST)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 169ECC0C; Tue, 19 Nov 2019 03:06:34 -0500 (EST)
To: 6tisch@ietf.org, iesg@ietf.org, kaduk@mit.edu
References: <157250308434.32464.3300056120615958441.idtracker@ietfa.amsl.com>
From: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: draft-ietf-6tisch-minimal-security@ietf.org, "Pascal Thubert (pthubert)" <pthubert@cisco.com>, 6tisch-chairs@ietf.org
Message-ID: <a0133275-28b3-cdfa-2830-3f50265db1c9@sandelman.ca>
Date: Tue, 19 Nov 2019 03:06:34 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <157250308434.32464.3300056120615958441.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/8R0_YqgiXhEVRwxj8dw2uxyxjoI>
Subject: Re: [6tisch] Benjamin Kaduk's Discuss on draft-ietf-6tisch-minimal-security-13: (with DISCUSS and COMMENT)
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 08:06:39 -0000

On 2019-10-31 2:24 a.m., Benjamin Kaduk via Datatracker wrote:
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> There are some seriously low-hanging fruit for traffic analysis with
> some of these messages, e.g., any OSCORE request with 'kid' of "JRC" is
> going to be a parameter update, at present.  If someone wanted to throw
> out some chaff and muddle up this traffic analysis, what options are
> available to them?

Any parameter Update Request occurs between the JRC and the 
already/previously on-boarded device.  So it occurs over the 802.15.4 L2 
key(s).  It shouldn't visible against other CoAP traffic such as CoAP 
GET requests of sensor data.

There are three kinds of traffic that would be seen by a pervasive monitor:

1) L2 traffic that is encrypted. It has a src/dst L2 address visible, 
which is probably an assigned 2-byte "short" address. (Which is assigned 
by this protocol.)

2) Beacons that are authenticated but not encrypted.  Pledges can not 
authenticate the beacons as they haven't the right key (yet).  Others 
can, and this lets them sync to the schedule and update their ASN.
They have an 8-byte source address.

3) Join traffic which is not encrypted or authenticated, which has 
8-byte source and 8-byte destinations, probably using vendor assigned 
EUI-64, but could be randomized EUIs.  ALL of this traffic is probably 
join traffic.  Yes, it is easily visible.

A PM can probably also guess which encrypted traffic relates to the join 
messages by a simple co-relation of message sizes, but that's not really 
that new.