Re: [6tisch] [6tisch-security] proposed security text for architecture draft

[<yoshihiro.ohba@toshiba.co.jp>]

Michael,

Regarding EAP method, I mentioned EAP-TLS.  EAP-TLS works for both certificate-based authentication and pre-shared key based authentication (EAP-TLS-PSK) without EAP tunneling method such as EAP-TTLS.  In the latter case, TLS session is typically terminated at AAA server.   

It is unfortunate that some contributors felt that EAP-based approach does not work for them, but there is another use case where EAP-based approach is definitely needed (smart meters).  Having said that it would make sense to have two options (DTLS-based and EAP-based approaches) for joining operation.

Regarding beacon security, I can send clarification text.

Yoshihiro Ohba


-----Original Message-----
From: 6tisch [mailto:6tisch-bounces@ietf.org] On Behalf Of Michael Richardson
Sent: Thursday, November 13, 2014 8:36 AM
To: ohba yoshihiro(大場 義洋 ○ＲＤＣ□ＮＳＬ)
Cc: 6tisch@ietf.org; 6tisch-security@ietf.org
Subject: Re: [6tisch] [6tisch-security] proposed security text for architecture draft


<yoshihiro.ohba@toshiba.co.jp> wrote:
    > I am still in the middle of understanding how loose source routes for
    > joining nodes that have only link-local address can work.  Another
    > option that is not mentioned in the text below is relaying
    > authentication at join assistant node.  

Yoshihiro has correctly pointed out that in IPv6 some of the loose source route options are not as rich as we envisioned; and we need to think which exact option is appropriate.  I think this is a detail, and I think that we can deal with this.

    > The authentication relay model
    > is proven to work in ZigBee IP.

I can not comment directly; some contributors felt that this would not work for them. Too much single use code, too much total byte count, packets too big.

    > I have a reservation on JCE-initiated TLS session as opposed to what
    > existing 802.1X/PANA with EAP-TLS do where TLS session is initiated by
    > joining node.  An obvious downside of JCE-initiated TLS session is that
    > it is difficult to use AAA infrastructure.

Perhaps you can more clearly say what kind of EAP methods you would propose.
Username+password?  SIM or AKA authentication?  Kerberos/NTLM(ActiveDirectory)?
What else is there?

The TLS methods do not count, as they are usually used just to create a secure container for a username/password, and in the situations where the certificate is relevant, the *DTLS* method proposed can use certificates in the same way. 

    > Beacon security issue should be investigated more.  Integrity
    > protecting beacons with a well-known key can allow attackers to easily
    > launch a DoS attack on already connected nodes by advertising forged
    > ASN as attackers know the well-known key.  Shouldn't network-specific
    > dynamic key also be needed for protecting beacons for already-connected
    > nodes?

Already connected nodes listen to beacons sent under the production key, none of this text not changes that: can you offer some edits to make that clearer.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-