Re: [6tisch] differential security for CoAP resources
Qin Wang <qinwang6top@yahoo.com> Thu, 07 May 2015 15:38 UTC
Return-Path: <qinwang6top@yahoo.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 578061AC3FF for <6tisch@ietfa.amsl.com>; Thu, 7 May 2015 08:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Byf1nGF6lDJE for <6tisch@ietfa.amsl.com>; Thu, 7 May 2015 08:38:13 -0700 (PDT)
Received: from nm8-vm0.bullet.mail.bf1.yahoo.com (nm8-vm0.bullet.mail.bf1.yahoo.com [98.139.213.95]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE8CA1AC3CE for <6tisch@ietf.org>; Thu, 7 May 2015 08:38:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1431013090; bh=oCkztgIewkAlalYldMS67TFA8oPhiL9c6OdBuGnRibI=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=cyxkzJSNbU+egLP4dh9DoSMgzYQxGzgdmmlYYeMly7eIsWymbtZ5O3SFeASH3iqMhLvE25Gbrh5SCtY4nfg+erYe38WNM+p80EDlQBml/4GqueRqnmmqNtqkPXyVC+TJXuK6V9hprpWvt4Ats01xV+qQfRCk0ukJQwDFe4oN8VLnVFGdDSmSshlJm+1tXFDjwBy4hIC6vG/c0GGwvCqYu+tqewr3tSetx81R3v29e9r7qXI1yiNI2VrQcuEIALqoNjcFJE3Czjt/F2wmOQoULwlyNFB/YfA+oWwDtSixnfh9ITrXN7/vMWiJvN0FtTupgkKERvnLNZk2HZ1O2R4fnw==
Received: from [66.196.81.171] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 07 May 2015 15:38:10 -0000
Received: from [98.139.212.192] by tm17.bullet.mail.bf1.yahoo.com with NNFMP; 07 May 2015 15:38:10 -0000
Received: from [127.0.0.1] by omp1001.mail.bf1.yahoo.com with NNFMP; 07 May 2015 15:38:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 39652.92328.bm@omp1001.mail.bf1.yahoo.com
X-YMail-OSG: XPjHlqgVM1nr2Cw5J6E_8V_fIkzlwNkQieYDF_uGe4Qdsn3wLKW4KJfRUPWdGE. 4O8amEmUaxnCavt.pwbsQ2nA8xI2CiKZ7t1NHH_yBXVO38ty2.Tg4mko0.4BwCXZWnsLenvt_H67 BQKVYqMjbBeLZ2_TzpXvNHf5KZtw5S9ZZ9AytDyee5BTsNoVSpLZtSX_p4buqJ8hcVV7D2KpjzH_ hn9kNVOXCKhECSc26hODeZdR0Wjrd95j6_1dC4k.GHOeT1ICMfo4IzUFxXxOq6v.BqEgGWYiRduu 94_ZacifJOrdsPliKm.VY5dpNGWv_4EE1hz0pkPL.QrmWyhzhKIiFP1Sur3gYm30_7Sg27E88vNt iY1Hzrv5NO6wXv4b0ronqyT1ACl9jT2RbAW2cJ1rz6Kw5wpCCzAVkiBSreVrpLw0L1IqN_rs2ile Y_j11eY.RyseJ9.3SyvTtck9nbLwLrRnKpaAbCegJm4yzp7SDq2YO_g--
Received: by 66.196.80.193; Thu, 07 May 2015 15:38:09 +0000
Date: Thu, 07 May 2015 15:36:21 +0000
From: Qin Wang <qinwang6top@yahoo.com>
To: Thomas Watteyne <watteyne@eecs.berkeley.edu>, "6tisch@ietf.org" <6tisch@ietf.org>
Message-ID: <77960473.2501122.1431012981982.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <CADJ9OA_TbHhAWpM5_-RBCMu2NwM+O-OQqKzgfomTM9LyLzncbw@mail.gmail.com>
References: <CADJ9OA_TbHhAWpM5_-RBCMu2NwM+O-OQqKzgfomTM9LyLzncbw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_2501121_632850034.1431012981972"
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch/bOKiTSNIj9l-cviTsg3SGBii4V0>
Subject: Re: [6tisch] differential security for CoAP resources
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Qin Wang <qinwang6top@yahoo.com>
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 15:38:22 -0000
To address Kris's question, I agree with Tero that there are two security elements involved, one is something like DTLS to secure the network access; another is ACL to guarantee right access to the database in devices.
ThanksQin
On Thursday, May 7, 2015 9:46 PM, Thomas Watteyne <watteyne@eecs.berkeley.edu> wrote:
Kris,
You're asking the right questions...
To keep 6TiSCH focused, we chose to "outsource" all centralized management to CoMI/CoAP, and focus on the data model.The assumption here is that everything you describe (for the centralized case) is handled by CoAP's security mechanism.The authorization aspect being currently handled by ACE.Unfortunately, I haven't been following the ACE work closely.Can anyone shine a light on whether ACE is handling all of Kris' concerns?
For the distributed CoAPIE case, https://tools.ietf.org/html/draft-wang-6tisch-6top-coapie-00 doesn't focus on security (it's a -00). IMO, there are two options:- we consider CoAPIE security to be part of L2 security. That is, a network-wide PSK, or neighbor-by-neighbor keys installed by the JCE- the CoAPIE also encapsulates the DTLS record. Packet will be (much) bigger, and neighbor-to-neighbor authentication would be needed.
Thomas
On Thu, May 7, 2015 at 9:29 AM, Mališa Vučinić <Malisa.Vucinic@imag.fr> wrote:
Kris,
Some comments inline.
Regards,Mališa Vučinić
On 06 May 2015, at 17:34, Kris Pister <ksjp@berkeley.edu> wrote:
Mote M has a number of CoAP resources, including temperature and light sensors
coap://M/S/T and /S/L
as well as 6top resources such as slotframes and cells
/6t/6/sf1 and /6t/4/c12_14 (I don't actually know the format).
I might want to allow anyone (host A) on the internet to access the temperature, /S/T,
but only a select few to access anything in /6t. Maybe some with READ (L2 neighbors, B),
maybe only one with DELETE (e.g. the PCE, C).
Today the assumption is that we will have a DTLS session to protect these resources.
Some problems that I see:
What is the mechanism that the mote uses to differentiate between A, B, and C?
Let's assume that the hand-off between the DTLS module and the CoAP module
tells CoAP if the packet was properly encrypted (vs. the hand-off from UDP). My
mote needs some sort of table that binds resources to security requirements. That
takes care of host A asking for temperature (OK) vs. slotframe info (not allowed if
not protected with DTLS).
But how does the mote differentiate between a READ and a DELETE from mote B
or C? Both will be encrypting their requests with DTLS. Does the mote need a
table of hosts, each with a list of resources, each resource with a 4 bit flag of
permissions?
If we want to avoid additional packet exchanges with JCE, I believe it is necessary to locally keep such a table. We could for instance optimize this with some sort of .htaccess for 6top.
However, I am a bit skeptical of having DTLS sessions with both B and C, where B can be the set of all the radio neighbors of the mote. Consider that DTLS handshake exchanges 10+ packets and for instance in tinyDTLS implementation, each session occupies around 400B of RAM. This session overhead is certainly necessary with PCE and JCE but I am not sure if it’d be wise to do it for each radio neighbor.
And what about OTF, where we will be sending CoAP packets as MLME IEs protected
at layer2?
I know that ACE is working on this, and I'm trying to understand the three competing
solutions and their impact on 6TiSCH. No matter what they do, it won't completely
solve the OTF/coapIE problem.
I agree - this is very specific to 6TiSCH and I don’t really see how we could leverage [1] / DTLS to differentiate OTF CoAP exchanges within the IEs. Outside of ACE, I noticed some work around COSE (CBOR Object Signing and Encryption) [2] that should provide an optimized cryptographic format which 6TiSCH could use at any layer (generic formats for encryption, MIC, signature). IEs carrying CoAP could therefore have the CoAP payload encrypted/authenticated/replay-protected with COSE and by managing different keys we could differentiate the access to different resources. [3] in fact specifies how a generic crypto format such as COSE could be used to also encrypt/authenticate parts of the CoAP header.
[1] https://tools.ietf.org/html/draft-gerdes-ace-dcaf-authorize-02[2] http://www.ietf.org/mail-archive/web/cose/current/maillist.html[3] https://tools.ietf.org/html/draft-selander-ace-object-security-01
_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
- [6tisch] differential security for CoAP resources Kris Pister
- Re: [6tisch] differential security for CoAP resou… Mališa Vučinić
- [6tisch] differential security for CoAP resources Tero Kivinen
- Re: [6tisch] differential security for CoAP resou… Thomas Watteyne
- Re: [6tisch] differential security for CoAP resou… Qin Wang
- Re: [6tisch] differential security for CoAP resou… Thomas Watteyne
- Re: [6tisch] differential security for CoAP resou… Qin Wang
- Re: [6tisch] differential security for CoAP resou… Carsten Bormann
- Re: [6tisch] differential security for CoAP resou… Mališa Vučinić
- Re: [6tisch] differential security for CoAP resou… Qin Wang
- Re: [6tisch] differential security for CoAP resou… Thomas Watteyne