IETF Logo Mail Archive

Re: [6tisch] TSCH and CCM security proofs

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 18 July 2019 01:31 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76501120277 for <6tisch@ietfa.amsl.com>; Wed, 17 Jul 2019 18:31:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-X5UJv05mcF for <6tisch@ietfa.amsl.com>; Wed, 17 Jul 2019 18:31:41 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FA621200EF for <6tisch@ietf.org>; Wed, 17 Jul 2019 18:31:41 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 6BF3B3808A; Wed, 17 Jul 2019 21:31:35 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 2C2F78EF; Wed, 17 Jul 2019 21:31:40 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Tero Kivinen <kivinen@iki.fi>
cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "6tisch@ietf.org" <6tisch@ietf.org>
In-Reply-To: <23855.38076.587920.287700@fireball.acr.fi>
References: <23846.23772.363888.302178@fireball.acr.fi> <MN2PR11MB3565CBB6A212C64388B3AA28D8F30@MN2PR11MB3565.namprd11.prod.outlook.com> <23847.46850.300632.27575@fireball.acr.fi> <15268.1563217770@localhost> <23855.38076.587920.287700@fireball.acr.fi>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 17 Jul 2019 21:31:40 -0400
Message-ID: <18823.1563413500@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/QvX7Rufw-K4VG2rL_rOgZhZCRMo>
Subject: Re: [6tisch] TSCH and CCM security proofs
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 01:31:44 -0000

Tero Kivinen <kivinen@iki.fi> wrote:
    > Michael Richardson writes:
    >> > Implementations MUST use different L2 keys when using different MIC
    >> > lengths, as using same key with different MIC lengths might be
    >> unsafe > (i.e., using same key for both MIC-32 and MIC-64). See IEEE
    >> 802.15.4 > Annex B.4.3 for more information.
    >> 
    >> This seems like it isn't a problem.  It would apply to network-wide
    >> keying only.

    > It applies all keys, not only network-wide keys.

yes, but if one uses 802.15.9, then the likelyhood of repeated keys is pretty
low, right?

    >> While I guess we could include multiple Link_Layer_Key with the same
    >> key_id, and a different key_usage, that wasn't the intention.  I guess
    >> one could use a different K1 and K2 with a different MIC length, but
    >> have no idea why a network would want to mix MIC-32 and MIC-64.

    > Most common use might be someone using MIC-32 for beacons, but using
    > MIC-64 for actual data or something like that.

Yes, but why do that?
What's the benefit?

    > draft-ietf-6tisch-minimal-security seems to be using different keys
    > when the mic length is different (k1, and k2), and when k1 and k2 are
    > same it will always use same mic length, so there is no problem there.

    > Anyways it might good idea to add the warning somewhere, just incase
    > someone adds new combinations without realizing this problem.

okay.


-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email