IETF Logo Mail Archive

Re: [6tisch] [secdir] secdir review of draft-ietf-6tisch-architecture-21

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 27 June 2019 12:06 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7E5A12028A for <6tisch@ietfa.amsl.com>; Thu, 27 Jun 2019 05:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Rh71X1UT; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=kF+tVDuN
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g6ZpJxB8SKum for <6tisch@ietfa.amsl.com>; Thu, 27 Jun 2019 05:06:46 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E68412024C for <6tisch@ietf.org>; Thu, 27 Jun 2019 05:06:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=49962; q=dns/txt; s=iport; t=1561637206; x=1562846806; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=qSMfUegZhIC9I6clGGSc6F6UkihrIsNoJm71MucyrnE=; b=Rh71X1UTcI9mO4QHmlA39JOJQjvweoxhUZRM4d8tuVdCqUZhHu2/bE6N r6U62jfywvLGD18Ad9/xxSvslJUSqVWIzrwi+pda7wG94pBuZnpOLfkCe ZiAvQMwwjT5CBic24cKLH7w81ehY1CUEJ83T9P/UHSfziyP1bwQ90czt0 k=;
IronPort-PHdr: 9a23:j1sV4RB1g+iqhmhPmlvGUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qs03kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuNOLqciY3BthqX15+9Hb9Ok9QS47z
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ClAAC/sBRd/5JdJa1kHAEBAQQBAQcEAQGBVQUBAQsBgRQvJAUnA2pMAQggBAsohBmDRwOOXIJbfohNjXSBLhSBEANQBAkBAQEMAQEYAQoKAgEBgUuCL0YCF4JpIzYHDgEDAQEEAQECAQVtijcMhUoBAQEEAQEQCAkEBhMBASwLAQsEAgEIEQEDAQEhAQYDAgICHwYLFAMGCAIEDgUIEweCNUyBHU0DHQECDJpdAoE4iGBxfzOCeQEBBYEyAYNYDQuCEQmBNAGEcYQkdoE2HReBQD+BEUaBTkk1PoIaRwEBAgGBIiQaKwkIgkwygiaLaxKCYYR7iFmNDSw/CQKCF4ZSiTKEDIIrhxeOHJRhgXCNdgIEAgQFAg4BAQWBVwEwgVhwFTuCbAmCOIMdVIUUhT9yAQEBgSaLMQIEIAeCJQEB
X-IronPort-AV: E=Sophos;i="5.63,423,1557187200"; d="scan'208,217";a="583469956"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 Jun 2019 12:06:44 +0000
Received: from XCH-RCD-018.cisco.com (xch-rcd-018.cisco.com [173.37.102.28]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x5RC6iWl021124 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 27 Jun 2019 12:06:44 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-018.cisco.com (173.37.102.28) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 27 Jun 2019 07:06:43 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 27 Jun 2019 07:06:43 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 27 Jun 2019 07:06:43 -0500
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=m8zuJiI1/XsyncduT7/roNP9OfrABop6NhPNN5bltcSzYlD4e0hrtdwWoJz881Iwp0NDt5cKkDIIDIqFDwsuCxsYbGZ7MZIAHkg/Hi9S0o4hBUSzaKMS3N2wJPIv6ZExgXuHkMGH8M4TLIAzyDqdcZta3V8b5c18ED+nj5ELO/c=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qSMfUegZhIC9I6clGGSc6F6UkihrIsNoJm71MucyrnE=; b=YP8M1gaIVkoLjtBG1WLomjoSThcfBewcedPc58twYaQmh/ksDJgjfyC6k7lnjFZggYZmeWCwFpA9sqdBFx6ChX77XtlR8+oCYl1ki+EmfFJlclu7rEpZDnScnzJVH3NaBYmNHKzHCP4rpKwTj0CNA3sNiHI7Hbyt8otkpT46JKY=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none;dkim=none;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qSMfUegZhIC9I6clGGSc6F6UkihrIsNoJm71MucyrnE=; b=kF+tVDuNOy3TkCALE8EEHV2WJvXK2couLgonOI/T7lGt0tTMAbl/QgC4UrKOiFp63QCmA2ym2rzPZYDegCy0AWiIxXosQdeeRltnwb+0j4yErjo8o6RV0vwR1ga6T0Kgtiv9RE2/csuPNDLyYE957r8sxPwLRbgNAj47A5aS0WE=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3774.namprd11.prod.outlook.com (20.178.254.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.16; Thu, 27 Jun 2019 12:06:41 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a%6]) with mapi id 15.20.2008.018; Thu, 27 Jun 2019 12:06:41 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Mališa Vučinić <malisa.vucinic@inria.fr>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "6tisch@ietf.org" <6tisch@ietf.org>, Tero Kivinen <kivinen@iki.fi>
Thread-Topic: [6tisch] [secdir] secdir review of draft-ietf-6tisch-architecture-21
Thread-Index: AQHVKitVZAMqDsUZHEuS/CYS/vDUhKaqVH6wgAEk6YCAAAywAIAAbXDggAACzzCAAI0ZqoABNPqAgABgmgCAAR/2UIAAHjAAgAAVP4A=
Date: Thu, 27 Jun 2019 12:06:35 +0000
Deferred-Delivery: Thu, 27 Jun 2019 12:06:05 +0000
Message-ID: <MN2PR11MB35658DC317E834D301EE0B94D8FD0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <2cced16c-d1df-88c2-eb21-7452b42f081a@mandelberg.org> <MN2PR11MB35651735463F27A247B4B0F0D8E00@MN2PR11MB3565.namprd11.prod.outlook.com> <23825.24715.882644.180316@fireball.acr.fi> <5229f400-076c-80e3-e0dc-a7cf3998abed@mandelberg.org> <MN2PR11MB35654D7658F0EEB05443F2ABD8E30@MN2PR11MB3565.namprd11.prod.outlook.com> <BYAPR11MB3558261B37E1E8FFFF4D8D27D8E30@BYAPR11MB3558.namprd11.prod.outlook.com> <62FC2528-9165-4E2E-89E5-6452D93030E0@gmail.com> <28248.1561477015@localhost> <7C7A7473-7266-4B09-BB41-79C871142BC9@gmail.com> <15836.1561564142@localhost> <MN2PR11MB356596FED088A56533857022D8FD0@MN2PR11MB3565.namprd11.prod.outlook.com> <C6BEEFF1-CE2C-4958-ACAB-F1B1FD54B3A3@inria.fr>
In-Reply-To: <C6BEEFF1-CE2C-4958-ACAB-F1B1FD54B3A3@inria.fr>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1006::89]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 008265fe-51c2-4fdd-a7e8-08d6faf7ea88
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3774;
x-ms-traffictypediagnostic: MN2PR11MB3774:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <MN2PR11MB377463D8987A17EE0A35A39AD8FD0@MN2PR11MB3774.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 008184426E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(366004)(396003)(39860400002)(136003)(199004)(189003)(13464003)(51444003)(53546011)(6506007)(478600001)(54906003)(76116006)(64756008)(66446008)(73956011)(66556008)(66476007)(66946007)(102836004)(186003)(30864003)(76176011)(33656002)(5660300002)(6666004)(229853002)(71190400001)(71200400001)(25786009)(11346002)(4326008)(606006)(486006)(46003)(14454004)(476003)(6246003)(66574012)(446003)(966005)(99286004)(86362001)(7696005)(8676002)(790700001)(8936002)(81166006)(7736002)(316002)(74316002)(6116002)(81156014)(6306002)(55016002)(9686003)(236005)(256004)(14444005)(5024004)(52536014)(54896002)(6916009)(6436002)(68736007)(53936002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3774; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: AKB6cawIxg8c/VRG2ALhMGP8rOOongCL7E45k4j2JfJBvGnOh1eLrEWwVdxmdO48+kGTQIuol6adC8Md4CQTK0/66lHilXuH6jVy+WLaQooZuv1+jAbUycNtRc2MFNJ3BrX0CHySgkLOKjPuQYaahni6+/kuFSgPv76iGt1SfVoW30xSAXmO29i8iohLRggTOZebvE/TmvQlGP+yXCsH7j0ODTkHKrdgMoKfYH3Y5CFF8wVbKYgOT4xpzXQlzjWz/2RaWUlqZrFUhJ984isXWUzHsrAe52PeedwLRwV5s7fEZKZlsxOFxxG7WnCzg9YJvVpFelEz75/iT50zF8CUBcP+JPF1WrTkuxLbPvW4RouHibzr+pTNUeS755XtWzZKXafHBgFNZmuIcBoIDH6UGyLgYx3vuVDZayJ/eq0MpDw=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB35658DC317E834D301EE0B94D8FD0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 008265fe-51c2-4fdd-a7e8-08d6faf7ea88
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jun 2019 12:06:41.5965 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3774
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.28, xch-rcd-018.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/FelxjVWi5dg_g1B9DlOCgzFmV9o>
Subject: Re: [6tisch] [secdir] secdir review of draft-ietf-6tisch-architecture-21
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 12:06:53 -0000

Hello Malisa

Please find below the proposed text; note that last paragraph is commented out to leave space for minimal to complete the story.

    <t>
    The operation of 6TiSCH Tracks inherits its high level operation from DetNet
    and is subject to the observations in section 5 of
    <xref target="I-D.ietf-detnet-architecture"/>. As discussed there, measures
    must be taken to protect the time synchronization, and for 6TiSCH this
    includes ensuring that the Absolute Slot Number (ASN), which is used as ever
    incrementing counter for the computation of the Link-Layer security nonce,
    is not compromised, more below on this. Also, the installation and the
    maintenance of the 6TiSCH Tracks depends on the availability of a controller
    with a PCE to compute and push them in the network. When that connectivity
    is lost, existing Tracks may continue to operate until the end of their
    lifetime, but cannot be removed or updated, and new Tracks cannot be
    installed. As with DetNet in general, the communication with the PCE must be
    secured and should be protected against DoS attacks, and the discussion on
    the security considerations defined for Abstraction and Control of Traffic
    Engineered Networks (ACTN) in Section 9 of <xref target="RFC8453"/>, applies
    equally to 6TiSCH.
    </t>
     <t>
    In a TSCH network as specified by
    <xref target="IEEE802154">IEEE Std. 802.15.4</xref>, the nonce that is used
    to secure Link-Layer frames includes an address of the source and the ASN.
    The ASN itself is supposed to be distributed securely by other means. With
    TSCH, the ASN is included in the CCM* nonce for the computation of the
    Message Integrity Code (MIC), but it is only implicit in the data frames.
    This is not considered as a complete replay protection and upper layer
    protocols must provide a way to detect duplicates and cope with them.

    </t>
     <t>
    If the receiver and the sender have a different sense of ASN, the MIC will
    not validate and the frame will be dropped. In that sense, TSCH induces an
    event horizon whereby only nodes that have a common sense of ASN can talk to
    one another in an authenticated manner. With 6TiSCH, the pledge discovers a
    tentative ASN in beacons from nodes that have already joined the network.
    But even if the beacon can be authenticated, the ASN cannot be trusted as it
    could be a replay by an attacker and thus could announce an ASN that
    represents a time in the  past. If the pledge uses an ASN that is learned
    from a replayed beacon for an encrypted transmission, a nonce-reuse attack
    becomes possible and the network keys may be compromised.
    </t>
    <t>
    Time Synchronization in TSCH induces another event horizon whereby a node
    will only communicate with another node if they are synchronized within a
    guard time. The pledge discovers the synchronization of the network based
    on the time of reception of the beacon. If an attacker synchronizes a pledge
    outside of the guard time of the legitimate nodes then the pledge will never
    see a legitimate beacon and may not discover the attack.
    </t>
    <t>
    After obtaining the tentative ASN, the pledge authenticates itself to the
    network using some mechanism outside of IEEE Std. 802.15.4. With 6TiSCH,
    a Join Proxy (JP) helps the pledge for the join procedure by relaying the
    link-scope Join Request over the IP network to a Join Registrar/Coordinator
    (JRC) that can authenticate the pledge and validate that it is attached to
    the appropriate network. As a result of this exchange the pledge is in
    possession of a Link-Layer material including keys and a short address, and
    if the ASN is known to be correct, all traffic can now be secured using CCM*
    at the Link-Layer.
    </t>
    <t>
    The authentication steps must be such that they cannot be replayed by an
    attacker, and they must not depend on the tentative ASN being valid.
    During the authentication, the keying material that the pledge obtains from
    the JRC does not provide protection against spoofed ASN. Once the pledge has
    obtained the keys to use in the network, it may still need to verify the ASN.
    If the nonce used in the Layer-2 security derives from the extended (MAC-64)
    address, then replaying the ASN alone cannot enable a nonce-reuse attack
    unless the same node is lost its state with a previous ASN. But
    if the nonce derives from the short address (e.g., assigned by the JRC) then
    the JRC must ensure that it never assigns short addresses that were already
    given to this or other nodes with the same keys. In other words, the network
    must be rekeyed before the JRC runs out of short addresses.
    </t>
    <t>
    These issues is are discussed in more details in
    <xref target="I-D.ietf-6tisch-minimal-security"/>.
    </t>
    <!--t>
    Once the node obtains the keys from the JRC, an additional step may be
    required to ensure that the ASN is correct before encrypting any message.
    If the ASN is not guaranteed to be correct by other means, the pledge should
    perform a non-replayable exchange (e.g., using a nonce in the payload that
    does not derive from ASN) with a peer node that is trusted and has already
    joined (e.g., the JP or a RPL time parent). The request by the pledge should
    not be encrypted at the Link-Layer but only authenticated to avoid
    nonce-replay attacks. A successful authenticated exchange proves a common
    sense of ASN and encrypted traffic can now happen.
    </t-->

All the best,

Pascal

From: Mališa Vučinić <malisa.vucinic@inria.fr>
Sent: jeudi 27 juin 2019 12:48
To: Pascal Thubert (pthubert) <pthubert@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6tisch@ietf.org; Tero Kivinen <kivinen@iki.fi>
Subject: Re: [6tisch] [secdir] secdir review of draft-ietf-6tisch-architecture-21

Pascal,

Before the pledge selects a JP, the text from RFC8180 that is relevant seems to be (Section 6.2):


When a node joins a network, it may hear EBs sent by different nodes

   already in the network.  The decision of which neighbor to

   synchronize to (e.g., which neighbor becomes the node's initial time-

   source neighbor) is implementation specific.  For example, after

   having received the first EB, a node MAY listen for at most

   MAX_EB_DELAY seconds until it has received EBs from

   NUM_NEIGHBOURS_TO_WAIT distinct neighbors.  Recommended values for

   MAX_EB_DELAY and NUM_NEIGHBOURS_TO_WAIT are defined in Figure 5.

   When receiving EBs from distinct neighbors, the node MAY use the Join

   Metric field in each EB to select the initial time-source neighbor,

   as described in Section 6.3.6<https://tools.ietf.org/html/rfc8180#section-6.3.6> of IEEE Std 802.15.4 [IEEE.802.15.4<https://tools.ietf.org/html/rfc8180#ref-IEEE.802.15.4>].

To me, this text is ambiguous on whether the pledge should duty cycle its radio according to the schedule found in the first received EB. In case the pledge does not duty cycle its radio upon receiving the first EB that happens to be a replay, the attacker cannot really desync the pledge due to its radio being on 100% of the time waiting for additional beacons. Eventually, as Michael noted, one fresh EB will arrive from a legitimate node with a higher ASN, at which point it becomes critical for the pledge to select the JP with the largest available ASN for a given advertised PAN ID. I believe this text deserves expanded discussion in the Security Considerations of minimal-security but I am not convinced on the need for a special mechanism to exchange/sign the ASN.

Mališa


On 27 Jun 2019, at 11:53, Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:

Hello Michael

Both ASN and sync create event horizons.
* A wrong ASN will cause MIC processing to fail and the packet will be ignored.
* If an attacker syncs a pledge outside of the network sync's beyond guard time, the pledge will not even see that legitimate nodes are sending.

In both cases, a node that believes an attacker has no way to validate ASN right there. It needs an additional one-hop authenticated exchange with a legitimate node with a, e.g., random nonce in payload. Some people will want that step even if the window is narrow. I think we should describe it in archie and in minimal sec.

6P or MSF could be used for that purpose when present but cannot be the only way since they are optional.

All the best,

Pascal


-----Original Message-----
From: 6tisch <6tisch-bounces@ietf.org<mailto:6tisch-bounces@ietf.org>> On Behalf Of Michael Richardson
Sent: mercredi 26 juin 2019 17:49
To: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malishav@gmail.com<mailto:malishav@gmail.com>>
Cc: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>; 6tisch@ietf.org<mailto:6tisch@ietf.org>; Tero
Kivinen <kivinen@iki.fi<mailto:kivinen@iki.fi>>
Subject: Re: [6tisch] [secdir] secdir review of draft-ietf-6tisch-architecture-21


Mališa Vučinić <malishav@gmail.com<mailto:malishav@gmail.com>> wrote:

Mališa Vučinić <malishav@gmail.com<mailto:malishav@gmail.com>> wrote:

Instead, as with traditional TSCH, the joined node can obtain its time
information from its time source neighbor, i.e. RPL preferred parent,
by triggering an exchange of link-layer frames with L2 security
features enabled. The MSF draft already mandates that the first
outgoing message from the joined node after joining is the 6P ADD
message to its preferred parent, which consequently gets protected
with

L2 security.

But, how can the L2-security work if the newly-joined node has an
ancient

ASN?  Won't the parent just drop the packet as being a replay, and then
what?


Yes, so the node will desynchronize eventually, fall out of network and
restart the join process, hopefully with a different network.

hmm.   Or, it sees a new beacon, which it can integrity check, and then sees
the ASN jump forward.  This would be the same as if it had slept for awhile.

Unless the attacker can continuously *block* the node from seeing the latest
beacons, and continuously feeds it old beacons, the problem should go away.

So maybe this is really not as a big a deal as I thought.


What needs to be specified clearly is that this first 6P
exchange should not be encrypted but only authenticated at L2.
Upon successful completion of the first 6P exchange with its time
(routing)

parent, the joined node obtains a negotiated cell and as a side effect
proves freshness of the ASN used.

I'd rather that we added a new exchange, rather than special casing some
6P

interaction here.   An RPL DIS would be a better choice here, I think, with
an RPL DAO unicast reply.  Still, I hate to special case this as being
authenticated only.
Doesn't that have to happen first?


Whatever packet we send here, be it DIS or 6P, they need to have
special handling in terms of L2 security… Is DIS mandatory to send upon
preferred parent selection?

I think that we can do nothing.

Maybe the replayed beacon attack (and solution: wait for another beacon)
belongs in the Security Considerations of the Architecture.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca<mailto:mcr@sandelman.ca>  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>, Sandelman Software Works  -
= IPv6 IoT consulting =-


_______________________________________________
6tisch mailing list
6tisch@ietf.org<mailto:6tisch@ietf.org>
https://www.ietf.org/mailman/listinfo/6tisch

v2.23.0 | Report a Bug | By Email