IETF Logo Mail Archive

[6tisch] 802.15.4 "change" that will affect 6TiSCH.

Tero Kivinen <kivinen@iki.fi> Thu, 02 April 2015 22:36 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A71011A8758 for <6tisch@ietfa.amsl.com>; Thu, 2 Apr 2015 15:36:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.269
X-Spam-Level:
X-Spam-Status: No, score=0.269 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cTMui2MpAOMR for <6tisch@ietfa.amsl.com>; Thu, 2 Apr 2015 15:36:44 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1534E1A8756 for <6tisch@ietf.org>; Thu, 2 Apr 2015 15:36:43 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id t32Mad06014401 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <6tisch@ietf.org>; Fri, 3 Apr 2015 01:36:39 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id t32Mad0I024416; Fri, 3 Apr 2015 01:36:39 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID: <21789.50294.884554.24962@fireball.kivinen.iki.fi>
Date: Fri, 3 Apr 2015 01:36:38 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: 6tisch@ietf.org
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 48 min
X-Total-Time: 78 min
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch/NekosbwLE_iU8a9suSWrNc5Iuz8>
Subject: [6tisch] 802.15.4 "change" that will affect 6TiSCH.
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 22:36:46 -0000

While I was doing the latest recirculation ballot for 802.15.4rev, I
noticed something that can affect 6tisch, my comment and proposed
resolution is:

My Comment:

	The TSCH pan formation should include not explaining that
	beacons can be secured, but if they are encrypted new devices
	cannot see the IEs and cannot join the network at all.

Proposed Change:

	Add note: “TSCH beacons cannot be encrypted, they can only be
	authenticated. This is because if the beacons are encrypted,
	then the TSCH Synchronization IE used to transmit ASN to
	joining devices will be encrypted. The joining (or devices who
	has lost synchronization with network) need to know the ASN
	before they can decrypt the beacon frame, thus they cannot
	decrypt the beacons and cannot join the network using
	encrypted beacons..”

I.e. this will affect the question whether the beacons can be
encrypted with default key, which was one of the suggestions for the
6tisch drafts.

This is something that is unchanged since 802.15.4-2011 and
802.15.4e-2012, i.e. the TSCH ASN has been carried in the Payload IEs,
and Payload IEs are encrypted if security level >= 4. And to be able
to decrypt the payload, you need to know ASN, which you cannot see as
it is in encrypted part...

The reason for this email is that people pointed me that there has
been discussion about what changes there has been in the revision that
would affect 6tisch and this is the latest one I found (just adding
text stating the fact that has been true already before).

There is also changes that might affect implementations, and those
changes are fixing security issues:

	* Disallow short addresses in Nonce generation
	
	* Removal of encrypt only mode (this caused easy way to attack
	  TSCH mode, i.e. attacker could pick any encrypted and
	  authenticated frame from the air, remove the MIC, change the
	  security level in header to be encrypt only, then modify the
	  packet at will, and then send it to final destination, which
	  would then decrypt and receive the frame without noticing
	  anything, this was not problem for non-TSCH mode, as
	  security level was used to generate Nonce).

	* Adding ability to filter whether MAC acts on information
          elements. The 802.15.4e didn't add any method of saying
          whether we should process information elements we receive in
          the frame. I.e. the implicit default was that they were all
          processed by MAC.

	* Fixes in the inbound security processing to clearly allow
          unsecured and secured frames to be processed at the same
          time.

	* Fixes in the inbound and outbound security processing for
          TSCH saying that we do not keep normal 32-bit FrameCounter
          when using TSCH mode, 802.15.4e didn't modify anything in
          inbound or outbound security porcedures, meaning that
          outbound processing rules still kept incrementing 32-bit
          macFrameCounter for each outgoinf frame, and stopping at
          counter error when it reached max value, even when it is not
          used at all in TSCH mode. Also in the inbound rules it did
          still got the frame counter from frame (not there in TSCH)
          and compared it against previous value etc...

	* Defined how new frames added in 802.15.4e are actually
          encrypted and MACed, the 802.15.4e did not modify the table
          53 listing private and open payloads, thus it was not clear
          how those are encrypted etc.

	* Changed the MAC command identifier to be encrypted for frame
          versions 0b10. MAC command fames with Frame versions 0b10
          can have payload IEs, and those are encrypted. The MAC
          command identifier is after Payload IEs, and it would be in
          clear, then the device would need to first n-bytes of the
          frame (n is unknown, before the frame is decrypted, because
          payload IEs have termination IE at the end), then get next
          byte as is, i.e. without decrypting it, and then decrypt
          rest of the frame. When polled from the 4e implementors they
          said they do nto do that, but they will encrypt and decrypt
          the MAC command identifier too for frame version 0b10. This
          also caused changes to the inbound state machine as now we
          cannot run filters based on the MAC command identifier for
          MAC command frames before we decrypt the frame.

	* Most likely still something more that I have forgotten...
          And of course some changes which do not affect TSCH, or
          which do not affect old devices (like adding new
          secFrameCounterPerKey property for key).

Ps. I have been too busy to really follow the 6tisch mailing list, but
perhaps I need to find time to do it. I did read the "removing the 'e'
thread" in the archives, and I think the correct thing would be to
refer to the 802.15.4 without any year or specific list of amendments. 
-- 
kivinen@iki.fi

v2.8.7 | Report a Bug | By Email