Re: [6tisch] 6tisch join requirements for 6top

dejichen@tongji.edu.cn Wed, 03 December 2014 12:46 UTC

Return-Path: <dejichen@tongji.edu.cn>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFA011A0174 for <6tisch@ietfa.amsl.com>; Wed, 3 Dec 2014 04:46:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.008
X-Spam-Level: *
X-Spam-Status: No, score=1.008 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkmqRI1u629I for <6tisch@ietfa.amsl.com>; Wed, 3 Dec 2014 04:46:22 -0800 (PST)
Received: from tongji.edu.cn (mail2.tongji.edu.cn [202.120.189.173]) by ietfa.amsl.com (Postfix) with ESMTP id 9DCAB1A00FA for <6tisch@ietf.org>; Wed, 3 Dec 2014 04:46:20 -0800 (PST)
Received: by ajax-webmail-app2 (Coremail) ; Wed, 3 Dec 2014 20:45:08 +0800 (GMT+08:00)
Date: Wed, 03 Dec 2014 20:45:08 +0800
From: dejichen@tongji.edu.cn
Message-ID: <13696ffd.df22.14a102ec527.Coremail.dejichen@tongji.edu.cn>
In-Reply-To: <13827.1417528828@sandelman.ca>
References: <D0876D12.C03C%rsudhaak@cisco.com> <32412.1415737868@sandelman.ca> <D087B62D.C081%rsudhaak@cisco.com> <10653.1415740821@sandelman.ca> <CADJ9OA_LFkGDuyG_0bf=07d7cvC9FNRr5cMGTmYw2PR=g9XQHA@mail.gmail.com> <8193.1416253349@sandelman.ca> <21619.12717.53454.214321@fireball.kivinen.iki.fi> <E045AECD98228444A58C61C200AE1BD848A77CB5@xmb-rcd-x01.cisco.com> <21620.25926.119766.130028@fireball.kivinen.iki.fi> <54750807.9070901@berkeley.edu> <CADJ9OA_FS2qsTEGCDMMu_wwN=NsfARW26rw_9g9ROP=AHorB3g@mail.gmail.com> <674F70E5F2BE564CB06B6901FD3DD78B29D05F10@TGXML210.toshiba.local> <7934.1417488456@sandelman.ca> <CADJ9OA-rfcMRwNOtOmYnWB+bxH3eY7PTF85NPe_ozaq27JNPMA@mail.gmail.com> <26401CE1-D6CB-43CB-B195-AB1AA279EC9B@tzi.org> <13827.1417528828@sandelman.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [180.154.71.117]
X-Priority: 3
X-Mailer: Coremail Webmail Server Version XT2.1.10 dev build 20131120(24194.5778.5783) Copyright (c) 2002-2014 www.mailtech.cn tongji
X-SendMailWithSms: false
X-CM-TRANSID: BnyowEA5Q8_UBX9UYRkbAA--.15073W
X-CM-SenderInfo: iruykmw6wr0wlmlovvfxof0/1tbiAQAHA1H6MgsSWQADsf
X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3iIAIbVAYjsxI4VWxJw CS07vEb4IE77IF4wCS07vE1I0E4x80FVAKz4kxMIAIbVAFxVCaYxvI4VCIwcAKzIAtYxBI daVFxhVjvjDU=
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/V9ojKOcrNvBisPgywAMBoqFx8ZM
Cc: Thomas Watteyne <watteyne@eecs.berkeley.edu>, Kris Pister <ksjp@berkeley.edu>, Carsten Bormann <cabo@tzi.org>, "6tisch@ietf.org" <6tisch@ietf.org>, "yoshihiro.ohba@toshiba.co.jp" <yoshihiro.ohba@toshiba.co.jp>
Subject: Re: [6tisch] 6tisch join requirements for 6top
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 12:46:27 -0000

I just joined the group so do not have much confidence to offer anything. Could we check if WirelessHART or ISA100.11a faces the same problems and if they have resolved them? If so, could we adopt? Or maybe they are not relatable here?


> -----原始邮件-----
> 发件人: "Michael Richardson" <mcr+ietf@sandelman.ca>
> 发送时间: 2014-12-02 22:00:28 (星期二)
> 收件人: "Carsten Bormann" <cabo@tzi.org>
> 抄送: "Thomas Watteyne" <watteyne@eecs.berkeley.edu>, "Kris Pister" <ksjp@berkeley.edu>, "6tisch@ietf.org" <6tisch@ietf.org>, "yoshihiro.ohba@toshiba.co.jp" <yoshihiro.ohba@toshiba.co.jp>
> 主题: Re: [6tisch] 6tisch join requirements for 6top
> 
> 
> Carsten Bormann <cabo@tzi.org> wrote:
>     >> When the node re-joins the network, it will hear the (updated) ASN and
>     >>start using that. 
> 
>     > Unless it actually "re-joins” an attacker.
> 
> So, we are talking about the *join* network not the production network here.
> (Nodes that joined the production network would have production keys, and 
> would only listen to beacons from other nodes on the "inside".)
> 
> Nodes that reboot having not yet joined the production network could very
> well join an attacker's network.  This is understood regardless of using a
> well known beacon key.  A node which is still in "join stage" might want to
> be promiscuous about listening to beacons, and accepting ones with lower
> ASN. There is definitely a heuristic here, and it is definitely possible for
> a determined attacker who is proximate to the joining node to continuously
> DoS the join process.
> 
> This conversation started with the assertions that using a well known beacon
> key was either impossible, or required too many resources on the part of some
> node (unclear to me be if join assistant or join node).
> 
> We discussed in some of the design team calls that a node that went through
> the join process and discovered that "this wasn't the network it was looking
> for" (as a result of failure to authenticate the JCE at the DTLS part of the
> 6top setup), would have to remember the extended address and/or PANID of the
> networks tried so far, and try another one.  I don't think that this
> discussion adequatedly made it into draft-richardson-6tisch-security-6top.
> 
> 
> -- 
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
>