Re: [6tisch] TSCH and CCM security proofs

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 15 July 2019 19:09 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCABA12017C for <6tisch@ietfa.amsl.com>; Mon, 15 Jul 2019 12:09:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 90MiQjXSwEo5 for <6tisch@ietfa.amsl.com>; Mon, 15 Jul 2019 12:09:32 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13558120136 for <6tisch@ietf.org>; Mon, 15 Jul 2019 12:09:31 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B88D9380BE; Mon, 15 Jul 2019 15:09:29 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E9BB5D07; Mon, 15 Jul 2019 15:09:30 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Tero Kivinen <kivinen@iki.fi>
cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "6tisch@ietf.org" <6tisch@ietf.org>
In-Reply-To: <23847.46850.300632.27575@fireball.acr.fi>
References: <23846.23772.363888.302178@fireball.acr.fi> <MN2PR11MB3565CBB6A212C64388B3AA28D8F30@MN2PR11MB3565.namprd11.prod.outlook.com> <23847.46850.300632.27575@fireball.acr.fi>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 15 Jul 2019 15:09:30 -0400
Message-ID: <15268.1563217770@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/ZHz23iM62JGPQUS_PH1FSLVaY_4>
Subject: Re: [6tisch] TSCH and CCM security proofs
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 19:09:34 -0000

Tero Kivinen <kivinen@iki.fi> wrote:
    > Pascal Thubert (pthubert) writes:
    >> Do you have an intention to add text like this in a draft or in annex
    >> of a draft?

    > I think it will be enough for our IETF drafts to just say:

    >   Implementations MUST use different L2 keys when using different MIC
    > lengths, as using same key with different MIC lengths might be unsafe
    > (i.e., using same key for both MIC-32 and MIC-64). See IEEE 802.15.4
    > Annex B.4.3 for more information.

This seems like it isn't a problem.
It would apply to network-wide keying only.
While I guess we could include multiple Link_Layer_Key with the same
key_id, and a different key_usage, that wasn't the intention.  I
guess one could use a different K1 and K2 with a different MIC length, but
have no idea why a network would want to mix MIC-32 and MIC-64.

I imagine that there performance or power tradeoffs to using the longer MIC
lengths, other than there are more check bytes?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-