[6tisch] draft-tiloca-6tisch-robust-scheduling-01 --- rekeying permutation key

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 03 April 2019 01:06 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F6F1203FE; Tue, 2 Apr 2019 18:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85lstXCS_n0x; Tue, 2 Apr 2019 18:06:43 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E808D120401; Tue, 2 Apr 2019 18:06:42 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 14E9F38263; Tue, 2 Apr 2019 21:05:54 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 5C772340F; Tue, 2 Apr 2019 21:06:41 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 5A1681C1F; Tue, 2 Apr 2019 21:06:41 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6tisch@ietf.org
cc: draft-tiloca-6tisch-robust-scheduling@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 02 Apr 2019 21:06:41 -0400
Message-ID: <5427.1554253601@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/AmdYIZJqwnLYkzXcyejWAfPRAGw>
Subject: [6tisch] draft-tiloca-6tisch-robust-scheduling-01 --- rekeying permutation key
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 01:06:45 -0000

I read draft-tiloca-6tisch-robust-scheduling-01.

I found this to be an interesting way to both announce the schedule, and yet,
hide it.  Very well done.

I have some initial comment about the section 3.1 about the adversary.
I wondered about why someone would do this.  What's the benefit.

It occured to me that an important point about the selective jamming is that
an attacker can mess with a competitors network while still permitting their
own network to operate!  That might be worth adding.

The document seems well written, although I'd like to have some example keys
and show how they permute things in practice so that implementors can
validate their work.

The additions to CoJP seems well done, I'm so glad we changed that to a hash
From an array :-)

If the permutation is replaced whenever the network key is changed,
which means that the permutation is going to change!  This means that some
nodes could be on the new permutation while others are on the old.

A thought to deal with this is that the new permutation is not used until the
node switches to the new keys.  EXCEPT that the adjacent nodes will now not
be listening at the right time, won't hear traffic encrypted with the new
key, and won't change over themselves.   Authenticated enhanced beacons would
perhaps help here.  Maybe I'm wrong about this problem.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-