Re: [6tisch] 6tisch join requirements for 6top

Tero Kivinen <kivinen@iki.fi> Mon, 01 December 2014 13:15 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 812181A1BB3 for <6tisch@ietfa.amsl.com>; Mon, 1 Dec 2014 05:15:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.131
X-Spam-Level:
X-Spam-Status: No, score=-1.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AXxn0UnCxVS1 for <6tisch@ietfa.amsl.com>; Mon, 1 Dec 2014 05:15:51 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65B2F1A1B5D for <6tisch@ietf.org>; Mon, 1 Dec 2014 05:15:51 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id sB1DARsC019839 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 1 Dec 2014 15:10:27 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id sB1DAQhY024154; Mon, 1 Dec 2014 15:10:26 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21628.26818.749893.359404@fireball.kivinen.iki.fi>
Date: Mon, 01 Dec 2014 15:10:26 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Michael Richardson <mcr+ietf@sandelman.ca>
In-Reply-To: <5693.1417383361@sandelman.ca>
References: <D0876D12.C03C%rsudhaak@cisco.com> <32412.1415737868@sandelman.ca> <D087B62D.C081%rsudhaak@cisco.com> <10653.1415740821@sandelman.ca> <CADJ9OA_LFkGDuyG_0bf=07d7cvC9FNRr5cMGTmYw2PR=g9XQHA@mail.gmail.com> <8193.1416253349@sandelman.ca> <21619.12717.53454.214321@fireball.kivinen.iki.fi> <E045AECD98228444A58C61C200AE1BD848A77CB5@xmb-rcd-x01.cisco.com> <21620.25926.119766.130028@fireball.kivinen.iki.fi> <5693.1417383361@sandelman.ca>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 28 min
X-Total-Time: 29 min
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/UP62pWJnmQrg2RVtPj3JLEZJMm0
Cc: "Raghuram Sudhaakar (rsudhaak)" <rsudhaak@cisco.com>, "Pascal Thubert (pthubert)" <pthubert@cisco.com>, Robert Moskowitz <rgm@htt-consult.com>, "6tisch@ietf.org" <6tisch@ietf.org>
Subject: Re: [6tisch] 6tisch join requirements for 6top
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 13:15:53 -0000

Michael Richardson writes:
>     > Didn't 6LoWPAN add some multiplexer in the beginning of data, or do I
>     > remember wrong? 
> 
> Yes-ish, but it's only a few bits.

And because of that you add 20 extra bytes to beacon packet to solve
that situation.

>     > Note, that receiving peer needs to know the extended address of the
>     > sender in the 15.4 to be able to decrypt the packet, as the nonce
>     > generation depends on that. There is no way around that. 
> 
> When you say "extended address", do you mean 64-bit EUI?

Yes. In 802.15.4 the extended address is the full 64-bit EUI. The
short address is the 16-bit address assigned by the coordinator (and
that short address is associated with PANId). 

The 15.4 uses nonce for the AES-CCM in format of

+------------------------+------------------+--------------------+
| Octets: 8     	 |	 4	    |	    1            |
+------------------------+------------------+--------------------+
| Source Address	 |   Frame Counter  |  Security Level    |
+------------------------+------------------+--------------------+

for non-TSCH mode, and for TSCH mode it uses:

+------------------------+-------------+
| Octets: 8     	 |     5       |
+------------------------+-------------+
| Source Address	 |     ASN     |
+------------------------+-------------+

where the ASN is the absolute slot number. The Source Address is the
64-bit EUI, i.e. extended address of the sender.

The source address is fetched from the KeyDescriptor found using the
Key Identifier Mode, Key Source and Key Index.

So unless you know the extended address of the sender, you cannot
decrypt the packet, as you cannot calculate the Nonce for the AES-CCM
operation. 
-- 
kivinen@iki.fi