IETF Logo Mail Archive

Re: [6tisch] differential security for CoAP resources

Qin Wang <qinwang6top@yahoo.com> Thu, 07 May 2015 17:49 UTC

Return-Path: <qinwang6top@yahoo.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C67F1ACE3E for <6tisch@ietfa.amsl.com>; Thu, 7 May 2015 10:49:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-61U2hEBkkz for <6tisch@ietfa.amsl.com>; Thu, 7 May 2015 10:49:01 -0700 (PDT)
Received: from nm50-vm8.bullet.mail.bf1.yahoo.com (nm50-vm8.bullet.mail.bf1.yahoo.com [216.109.115.239]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07D3B1ACE3B for <6tisch@ietf.org>; Thu, 7 May 2015 10:49:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1431020940; bh=SdLP2CPQLsHNNc1VGtucepacZ0lXJJrPuiuSweYOzWA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=ZX0zMqScFFluS1kaxRkoopSzzg8occuMqw4LjfKDhGkQXdHTKeW4yLkuWTqREgDe3YVYgwHTl04s4ti82arnRze/42HoLBkZ8xgBKQMWf8P17j8aL/e4truCN3D5gXePkeEFIc3/tCOkk22Fd4wwXi4A3kMpDcGzYLmT/iS/ERuPbly+rVVptvzu4w10XF1l8yxsAKP6Ym5HGf9BRdoPMSzG/GXj3Mt7JyyVUjd9gQUaQZvhH03XvNYeeqxkkF+9PfM9SYdrhBeAR0YEH4nwIkqrPRAsLb/mxBCXRJ4SYkvBqG3d3JJYcVhcjiukgnUgLHjizn4xzqvVVWV1GlGfAw==
Received: from [98.139.170.178] by nm50.bullet.mail.bf1.yahoo.com with NNFMP; 07 May 2015 17:49:00 -0000
Received: from [98.139.212.242] by tm21.bullet.mail.bf1.yahoo.com with NNFMP; 07 May 2015 17:49:00 -0000
Received: from [127.0.0.1] by omp1051.mail.bf1.yahoo.com with NNFMP; 07 May 2015 17:49:00 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 43849.11839.bm@omp1051.mail.bf1.yahoo.com
X-YMail-OSG: 3fBTS34VM1lNBf.JBLXr00TS0uzqTzB9yBzPRU6sr1apuNf4wEg0z6jOC5zOn8z PT4hetS.oJRzTM8K1VkTcz6rnd_8_NdakYkGkqfhu63jXVwLnihsEbNTS.We4oslkbviH9jp.X09 IqKXcjjcypWLqRms_VeLgAB31zViUMZ1r1bT9G7fJXHxxqv5J.BMeUkmdTFBtjFDPM7spfSNAgAI jZGg7CnX_RXlbYNd06S7.HTQ0yMJZpCWm_UPhLg70VRcnS2Kd.HYYdT63iFMNrkkey8zjRDWzjhu YlGuRo4QMOjqXkAyu.m4NX50bzkNi5B_RPKgm2YhnoCpKT_gueQpqgi5Kj6jZCdrGWnHq93159DO md4djjMGp7Lof1hI3P_o6O1AEznTo2u4ysHJ29OcfVsXFR_dQQ9nfoJpYv6xPO5c_Jfd1jdoSzaK a1dh5w1T6NBe9ZFs5JW.0SbPdym7sY9sw62.bV6Jcoiy1CnDwMLuWdA--
Received: by 76.13.27.6; Thu, 07 May 2015 17:48:59 +0000
Date: Thu, 07 May 2015 17:48:40 +0000
From: Qin Wang <qinwang6top@yahoo.com>
To: Thomas Watteyne <watteyne@eecs.berkeley.edu>
Message-ID: <1406110655.2605586.1431020920841.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <CADJ9OA8-cAqSc65rzLu33uLjM8w9ODYOOfU_ST1H_7Mj2W1rAA@mail.gmail.com>
References: <CADJ9OA8-cAqSc65rzLu33uLjM8w9ODYOOfU_ST1H_7Mj2W1rAA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_2605585_934353266.1431020920829"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch/OMvhH27ZvG17tj5IT6lQ9bf1iqM>
Cc: "6tisch@ietf.org" <6tisch@ietf.org>
Subject: Re: [6tisch] differential security for CoAP resources
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Qin Wang <qinwang6top@yahoo.com>
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 17:49:04 -0000

Thomas,
I didn't closely take look the work of ACE. But from the ACE charter, I think you are right, ACE is trying to address the issue. 
One further question: I wonder if it is necessary to describe the access control information in 6tisch interface, i.e. YANG model. Otherwise, how C and S can establish a authorization access to resources even with ACE.
ThanksQin 


     On Friday, May 8, 2015 12:24 AM, Thomas Watteyne <watteyne@eecs.berkeley.edu> wrote:
   

 Isn't that exactly authorization, for which (Half of) the A in ACE stands for? 

On Thursday, May 7, 2015, Qin Wang <qinwang6top@yahoo.com> wrote:

To address Kris's question, I agree with Tero that there are two security elements involved, one is something like DTLS to secure the network access; another is ACL to guarantee right access to the database in devices.
ThanksQin  


     On Thursday, May 7, 2015 9:46 PM, Thomas Watteyne <watteyne@eecs.berkeley.edu> wrote:
   

 Kris,
You're asking the right questions...
To keep 6TiSCH focused, we chose to "outsource" all centralized management to CoMI/CoAP, and focus on the data model.The assumption here is that everything you describe (for the centralized case) is handled by CoAP's security mechanism.The authorization aspect being currently handled by ACE.Unfortunately, I haven't been following the ACE work closely.Can anyone shine a light on whether ACE is handling all of Kris' concerns?
For the distributed CoAPIE case, https://tools.ietf.org/html/draft-wang-6tisch-6top-coapie-00 doesn't focus on security (it's a -00). IMO, there are two options:- we consider CoAPIE security to be part of L2 security. That is, a network-wide PSK, or neighbor-by-neighbor keys installed by the JCE- the CoAPIE also encapsulates the DTLS record. Packet will be (much) bigger, and neighbor-to-neighbor authentication would be needed.
Thomas
On Thu, May 7, 2015 at 9:29 AM, Mališa Vučinić <Malisa.Vucinic@imag.fr> wrote:

Kris,
Some comments inline. 
Regards,Mališa Vučinić

On 06 May 2015, at 17:34, Kris Pister <ksjp@berkeley.edu> wrote:
Mote M has a number of CoAP resources, including temperature and light sensors
coap://M/S/T and /S/L
as well as 6top resources such as slotframes and cells
/6t/6/sf1 and /6t/4/c12_14      (I don't actually know the format).

I might want to allow anyone (host A) on the internet to access the temperature, /S/T,
but only a select few to access anything in /6t.  Maybe some with READ (L2 neighbors, B),
maybe only one with DELETE (e.g. the PCE, C).

Today the assumption is that we will have a DTLS session to protect these resources.
Some problems that I see:
What is the mechanism that the mote uses to differentiate between A, B, and C?
Let's assume that the hand-off between the DTLS module and the CoAP module
tells CoAP if the packet was properly encrypted (vs. the hand-off from UDP).  My
mote needs some sort of table that binds resources to security requirements.  That
takes care of host A asking for temperature (OK) vs. slotframe info (not allowed if
not protected with DTLS).

But how does the mote differentiate between a READ and a DELETE from mote B
or C?  Both will be encrypting their requests with DTLS.  Does the mote need a
table of hosts, each with a list of resources, each resource with a 4 bit flag of
permissions?

If we want to avoid additional packet exchanges with JCE, I believe it is necessary to locally keep such a table. We could for instance optimize this with some sort of .htaccess for 6top.
However, I am a bit skeptical of having DTLS sessions with both B and C, where B can be the set of all the radio neighbors of the mote. Consider that DTLS handshake exchanges 10+ packets and for instance in tinyDTLS implementation, each session occupies around 400B of RAM. This session overhead is certainly necessary with PCE and JCE but I am not sure if it’d be wise to do it for each radio neighbor. 


And what about OTF, where we will be sending CoAP packets as MLME IEs protected
at layer2?

I know that ACE is working on this, and I'm trying to understand the three competing
solutions and their impact on 6TiSCH.  No matter what they do, it won't completely
solve the OTF/coapIE problem.


I agree - this is very specific to 6TiSCH and I don’t really see how we could leverage [1] / DTLS to differentiate OTF CoAP exchanges within the IEs. Outside of ACE, I noticed some work around COSE (CBOR Object Signing and Encryption) [2] that should provide an optimized cryptographic format which 6TiSCH could use at any layer (generic formats for encryption, MIC, signature). IEs carrying CoAP could therefore have the CoAP payload encrypted/authenticated/replay-protected with COSE and by managing different keys we could differentiate the access to different resources. [3] in fact specifies how a generic crypto format such as COSE could be used to also encrypt/authenticate parts of the CoAP header.
[1] https://tools.ietf.org/html/draft-gerdes-ace-dcaf-authorize-02[2] http://www.ietf.org/mail-archive/web/cose/current/maillist.html[3] https://tools.ietf.org/html/draft-selander-ace-object-security-01



_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch




_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch

v2.23.0 | Report a Bug | By Email