IETF Logo Mail Archive

Re: [6tisch] I-D Action: draft-ietf-6tisch-minimal-security-07.txt

Göran Selander <goran.selander@ericsson.com> Thu, 25 October 2018 09:00 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5FC912870E for <6tisch@ietfa.amsl.com>; Thu, 25 Oct 2018 02:00:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.79
X-Spam-Level:
X-Spam-Status: No, score=-3.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=U3GuVPa2; dkim=pass (1024-bit key) header.d=ericsson.com header.b=hQs7ZdsK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQbynSpqoyXZ for <6tisch@ietfa.amsl.com>; Thu, 25 Oct 2018 02:00:16 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77639130DF1 for <6tisch@ietf.org>; Thu, 25 Oct 2018 02:00:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1540458005; x=1543050005; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=CmC67q/OheYyAPJ1XqgD9W7wcLcj7Ti5O833n+aIpts=; b=U3GuVPa2mXebJuYOM1LbhjiFPxwV5vimuiwCU05tesz8dTNG4TjaFMYqhKPmVMOK w7rEZLWln6wG0ZOJSUJaULiJiJgZ1wvsBbQIIJk8F92sUAvCvRdwbtR2kONWvFtl PD38vAdKmFB9Us804Vne0zCDixVtwZqZgXB6+FhkzwI=;
X-AuditID: c1b4fb30-671b09e000007d19-18-5bd186157449
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id F2.78.32025.51681DB5; Thu, 25 Oct 2018 11:00:05 +0200 (CEST)
Received: from ESESSMB502.ericsson.se (153.88.183.163) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Thu, 25 Oct 2018 10:59:53 +0200
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB502.ericsson.se (153.88.183.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Thu, 25 Oct 2018 10:59:54 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CmC67q/OheYyAPJ1XqgD9W7wcLcj7Ti5O833n+aIpts=; b=hQs7ZdsK/WYTyKnLyrAiLlyUIqaA5g8te2oRu118y9fjmNDzC7bq9Z39IgTNveYhxzuuFvVr/gC1oDsPaC/LLkXnEM2/XKalX6DrPRZNjGgAtBjVGH6DgqvDL3zX8qNJxjS24zzvX/iq7a/X1bLprdeSbGXBjkwzIZH+B8tcs1E=
Received: from AM6PR07MB4822.eurprd07.prod.outlook.com (20.177.190.219) by AM6PR07MB4632.eurprd07.prod.outlook.com (20.177.38.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1273.13; Thu, 25 Oct 2018 08:59:53 +0000
Received: from AM6PR07MB4822.eurprd07.prod.outlook.com ([fe80::1061:1e88:206e:e289]) by AM6PR07MB4822.eurprd07.prod.outlook.com ([fe80::1061:1e88:206e:e289%5]) with mapi id 15.20.1294.009; Thu, 25 Oct 2018 08:59:53 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "draft-ietf-6tisch-minimal-security@ietf.org" <draft-ietf-6tisch-minimal-security@ietf.org>
CC: "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: [6tisch] I-D Action: draft-ietf-6tisch-minimal-security-07.txt
Thread-Index: AQHUapYlvQQ0cG1avkmtE9HxWFRvMaUs3iyAgALwXQA=
Date: Thu, 25 Oct 2018 08:59:53 +0000
Message-ID: <D3744C7E-8120-4362-BF08-87257AA207FB@ericsson.com>
References: <154027458402.13510.6626746365533128943@ietfa.amsl.com> <CANDGjyfu5frC=yufcAOa9Wbg12-uj+j+pnDmqmgwRgGdWpKsJA@mail.gmail.com>
In-Reply-To: <CANDGjyfu5frC=yufcAOa9Wbg12-uj+j+pnDmqmgwRgGdWpKsJA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.12.0.181014
authentication-results: spf=none (sender IP is ) smtp.mailfrom=goran.selander@ericsson.com;
x-originating-ip: [192.176.1.95]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM6PR07MB4632; 6:ACV1ZSTp1y2MfNuCJ9P5rZ3exLsxgavbULxyHas+ni+SO3mNCRM9Fxhd6C25HeQfQF/JKxfFNUcWig4pjy+ULC0R3BolrkIXJpfaqjzR+kdTRkoX2E2HWa2xDjMgyhS2BWx50rsCYN2Y3oJM59o8BMJ87x+IUT6UPe1nkK7qFtNCXYTvLn4ctka74xsD/6aLe30OvDkBxfjqBGHP1JqmdOKRODJHK61BhtNA1y63SfNwOMvp6OhBhi4+Bb90u/PGuXpOTZYTJtNKY9YYxnJyj+Sv8gu0OiHZYA8d04Ln0QKSiQhr90dv2VzF1khU2xnZTT3WFo5R5+XnT90LTXp05cjNGmZDo0Yden6IX3yDs7On5Fii59119xfY+m/HqVezHM7GKdvRRA2KEhLF/JbPUDXnfTGDQTZ/L88jpSCddTtkLYsSnH9CIwbRgG2Q4J+Bix0haD3Ye3c5fapu7qNhrw==; 5:0otX0tJLsH800aKoGLuBVux40NnqFTSHIKMYFVSNs6XXViKtWUyefFEI7kc5RLSsxp/rA6I0avQDXt0YfM9KrRHN5Bt8uuSM8MsGrfOVAkvzK1KtnSVctfRnvq38QUct1Og1dO29cUtpkbYUGCUM7UkfRCMUE4cSVL6S/Kid4uY=; 7:rumxUzMwDglPUW1rLh3V5isj1l4JMIwFBl8wBK5s4I2ORTOFmlfVuyCnt3lZbcXZ8PvX7LJ9h2Iad9mtypw7xFmC381F+54zynxrfsoi6atrVvKGEKjxIA5vZTPsnkfHUeBcO5eoRHc6t1ZfkaB5Qg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: c6630a32-58b6-4ba5-a370-08d63a583a7d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:AM6PR07MB4632;
x-ms-traffictypediagnostic: AM6PR07MB4632:
x-microsoft-antispam-prvs: <AM6PR07MB4632C4163C9CABF39D8EE278F4F70@AM6PR07MB4632.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(788757137089)(248295561703944)(37575265505322)(63843785518722)(120809045254105)(21748063052155)(28532068793085)(190501279198761)(227612066756510);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3231355)(944501410)(52105095)(3002001)(93006095)(93001095)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:AM6PR07MB4632; BCL:0; PCL:0; RULEID:; SRVR:AM6PR07MB4632;
x-forefront-prvs: 083691450C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(396003)(346002)(136003)(366004)(199004)(189003)(606006)(8676002)(33656002)(2616005)(7736002)(99286004)(486006)(476003)(446003)(7110500001)(53546011)(6246003)(11346002)(82746002)(6506007)(83716004)(76176011)(2906002)(71190400001)(71200400001)(15650500001)(2900100001)(106356001)(105586002)(450100002)(2420400007)(5630700001)(186003)(2351001)(25786009)(58126008)(316002)(102836004)(26005)(5250100002)(68736007)(53386004)(4326008)(790700001)(6116002)(3846002)(14971765001)(5640700003)(54896002)(6306002)(66066001)(229853002)(6436002)(2501003)(6512007)(4001150100001)(81166006)(6486002)(14454004)(97736004)(86362001)(53936002)(236005)(8936002)(85202003)(966005)(85182001)(81156014)(66574009)(5660300001)(36756003)(478600001)(6916009)(256004)(10710500007)(14444005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB4632; H:AM6PR07MB4822.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 5rZyNtFKXibD70/zRezKA9tU9LpHp7KM4oVnUIM9lx6uoz0SlG0DxwBrYjtVBS9IxHOqCpT953ljhyvgsXMqN0XlZLW/t70j3enZHd0pkXhVDS9Zh9V2PUlbfS1K3NAhOFEhXM6r6iaSrNzjPlirxmmS1spo1kQY+//5wkUYViUsXZG05ek4HGSeADLOeS9uNu1sFu+ttMB27v7aOynxQYyEy3cqgjzQ8ZADGpZxODzGsZ/Mhajrq/kqPLVkQy/nk9fBRuaitx2471p6RN+hwBXZH1Mi+9lYs/+REDbyvIbGa0gkErUlDs1jMwNc6o8tGucIhpuW17ydXWEDj00Noq2v4BFJETsrR31h8ccJjDc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D3744C7E81204362BF0887257AA207FBericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c6630a32-58b6-4ba5-a370-08d63a583a7d
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2018 08:59:53.1778 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4632
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0iTURTAud9jfq4GN3V5mCg2iFTw2Ut6+Ej/MHopFImCNfVDh3PKPjOV gmFl6jQ0lZj4glZW2sNHuKJElyHObHNaoab5Ap30hwVpqUTbvgX+9zvn/M499x4uQ7p10BJG rsxjVUqZQioQUtrEnquB4pLR5BDzQED4w+k7ZPjWlHcUEafT/SHiUZLwWDqrkOezquCIy8LM lZ5OlLusJwp69Q9oNTK9IMqRKwP4ACxpmmg7u+H3CJ6O5JUjoY3XEOi3Nmg+0BFQpdYK7AGF q0j41N0g4Cu1BLS8qqD4/nkEbZvH7SzAsTCrnnfM8MAyuL8+aXMYhsT7YKX4nD3tjk/Bh+J5 kldOw1Kbmub5CMy0tzqYwnthbmAd2VmEI6F3aZPi55YjGC797ZBccQLMTPQ4GOHdsG5sd8wl sSdMLjY734lB98ZE8iwG68Jfhy/GwdAyfI/ke1Og+JlawDu+UNb33dnrDZZmDbIPBvxZAJZv 1c6DAmG1rs7JZ+DGUA3NS4O2RRpKab4QAFMLBqeUBdaPOudJIwhetm6gKhRav+22PKeBtnvC wSK8C4a0i1S9Y3v+8Px1MK/sgVrNnAvPfnCrodHJcdCoG6O2Oy2IeYLEHMulZmeEhQWxKnka x+Uog5RsXieyfaT+7s0QPbIuRRsQZpB0p6iIHU12o2X5XGG2AQFDSj1EMSm2lChdVljEqnIu qa4oWM6AvBhK6ikKP9uV5IYzZHlsFsvmsqr/VYJxlaiRsFH5KHbCxXXq0I7si34my2LnTNTA 3UqzIiHSverEl9n0JklyHdc3bUzUuGd0lN0+/7b93UnT2og5Oq3AuFw8Fm/M9I/KGWzu79JV mMdjco8Si76aa18vxFVX1q2yv36U1MyNK31uHj4YGCEPkjSIk3yvW8Wp+1e22nx+Wrwep0sp LlMWGkCqONk/06k5SEQDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/Ek9wJjx3K1f0os-sBtb7Rpvfqbc>
Subject: Re: [6tisch] I-D Action: draft-ietf-6tisch-minimal-security-07.txt
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 09:00:20 -0000

Hello authors of minimal security,

Thanks for addressing my previous comments, here are some follow-up comments.

When reading through the latest version I realize that the following uniqueness requirements may have become too strict, see Section 4:


“Each (6LBR) pledge MUST be provisioned with a unique PSK.”

Tightening the “SHOULD” for unique PSKs in previous versions of the draft was definitely the right thing to do: Compromising one pledge must not lead to other pledges being compromised, let alone an entire network. We want each endpoint to have good quality keys for authentication and secure communication, and that the secret keys of one endpoint does not reveal any information about the secret keys of another endpoint.

Now, the PSK in the Constrained Join protocol is used as the OSCORE Master Secret, from which the Sender/Recipient Contexts, including Sender/Recipient Keys, are derived. It is these keys, not the PSK, which are used for authentication and communication security in OSCORE, so they need to be unique and independent in each pledge. Since the Sender/Recipient Contexts are derived from the PSK and the pledge identifier using HKDF, the derived keys are expected to get these good properties as long as the input to HKDF is different for different endpoints. So, having unique PSKs is a sufficient condition. But having unique pledge identifiers is also sufficient, even if the same PSK is used: Pledges may be provisioned directly with the Sender/Recipient Context in a 1-touch fashion without access to the PSK, and can then run the Constrained Join protocol. In fact, this is a quite attractive deployment scheme:


  *   The pledges do not need to implement HKDF or SHA-256.

  *   The JRC need only one PSK for all pledges, and from this PSK and the unique pledge identifier the JRC can derive the relevant security context for that pledge, either just-in-time when needed (reduces storage), or once and for all on first contact with a pledge (reduces computation during message processing).

Thus, requiring unique PSKs is a sufficient condition, but it is not necessary and it excludes this deployment option.

Then again, formulating the uniqueness requirement in terms of PSK as is the case in -07 is much simpler than going into the Sender/Recipient Context of OSCORE, and less risk for implementation errors: Although it is fine to use the same PSK for deriving security contexts for all pledges, a common PSK MUST NOT be accessible to any pledge. Also, the draft is currently not going into the details of the Sender/Recipient Context but treats OSCORE as a black box (which is fine) - the “one-touch” assumption is essentially provisioning of PSK.

So I expect nuancing this requirement: “Each (6LBR) pledge MUST be provisioned with a unique PSK.” would require quite a few reformulations, and I don’t insist on that.

But even if you don’t do that, I propose that you do describe the deployment scheme sketched above, for example in an appendix, and explain in that section why this scheme is secure even though it is not complying with the requirements of the draft. Independently of that I think you should be clear in the text and in the security considerations what are the actual security requirements and that the requirement on PSK is one simple condition to achieve this.

Related nits:

Section 1:
“The messages exchanged allow the JRC and the pledge to mutually authenticate, based on the PSK.”

Section 10:

 “The PSK is used to set the OSCORE

   Master Secret during security context derivation and is important for

   mutual authentication of the (6LBR) pledge and the JRC.”

As discussed above, mutual authentication is carried out with Sender/Recipient Contexts. Which in turn are derived from the PSK. But these sentences gives the impression that the PSK is actually used in the  authentication protocol.


Another nit: it is not very explicit that PSK must be secret. This may be obvious but would not hurt to write somewhere early in the text, for example replace “symmetric” with “secret” in Section 1:


“It further assumes that

   the pledge and the JRC share a symmetric key, called PSK (pre-shared

   key). ”



Best regards,
Göran


From: Mališa Vučinić <malisa.vucinic@inria.fr>
Date: Tuesday, 23 October 2018 at 16:07
To: Göran Selander <goran.selander@ericsson.com>, Xavi Vilajosana Guillen <xvilajosana@uoc.edu>, Tero Kivinen <kivinen@iki.fi>, Jim Schaad <ietf@augustcellars.com>, Tengfei Chang <tengfei.chang@inria.fr>, Klaus Hartke <klaus.hartke@ericsson.com>, William Vignat <wvignat@zii.aero>
Cc: "6tisch@ietf.org" <6tisch@ietf.org>
Subject: Re: [6tisch] I-D Action: draft-ietf-6tisch-minimal-security-07.txt

Dear WGLC reviewers, working group,
We submitted a new version of minimal security incorporating the resolution of most of the issues raised during WGLC. There are two remaining issues that still need to be resolved, and I hope to publish these in an additional version after the draft submission cutoff period has passed.

I will discuss the resolutions during the Bangkok meeting but please go ahead an take a look, and let me know if you are happy or not with the resolutions.
List of issues with referenced changesets is available at:
https://bitbucket.org/6tisch/draft-ietf-6tisch-minimal-security/issues?responsible=malishav

Mališa

On Tue, Oct 23, 2018 at 8:03 AM <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 over the TSCH mode of IEEE 802.15.4e WG of the IETF.

        Title           : Minimal Security Framework for 6TiSCH
        Authors         : Malisa Vucinic
                          Jonathan Simon
                          Kris Pister
                          Michael Richardson
        Filename        : draft-ietf-6tisch-minimal-security-07.txt
        Pages           : 45
        Date            : 2018-10-22

Abstract:
   This document describes the minimal framework required for a new
   device, called "pledge", to securely join a 6TiSCH (IPv6 over the
   TSCH mode of IEEE 802.15.4e) network.  The framework requires that
   the pledge and the JRC (join registrar/coordinator, a central
   entity), share a symmetric key.  How this key is provisioned is out
   of scope of this document.  Through a single CoAP (Constrained
   Application Protocol) request-response exchange secured by OSCORE
   (Object Security for Constrained RESTful Environments), the pledge
   requests admission into the network and the JRC configures it with
   link-layer keying material and other parameters.  The JRC may at any
   time update the parameters through another request-response exchange
   secured by OSCORE.  This specification defines the Constrained Join
   Protocol and its CBOR (Concise Binary Object Representation) data
   structures and configures the rest of the 6TiSCH communication stack
   for this join process to occur in a secure manner.  Additional
   security mechanisms may be added on top of this minimal framework.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-6tisch-minimal-security-07
https://datatracker.ietf.org/doc/html/draft-ietf-6tisch-minimal-security-07

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-6tisch-minimal-security-07


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
6tisch mailing list
6tisch@ietf.org<mailto:6tisch@ietf.org>
https://www.ietf.org/mailman/listinfo/6tisch

v2.23.0 | Report a Bug | By Email