Re: [6tisch] TSCH and CCM security proofs
Tero Kivinen <kivinen@iki.fi> Mon, 22 July 2019 15:40 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D60B012013B for <6tisch@ietfa.amsl.com>; Mon, 22 Jul 2019 08:40:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.419
X-Spam-Level:
X-Spam-Status: No, score=-3.419 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vatDdJe530f2 for <6tisch@ietfa.amsl.com>; Mon, 22 Jul 2019 08:40:28 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF976120286 for <6tisch@ietf.org>; Mon, 22 Jul 2019 08:40:25 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id x6MFeK8t029397 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 22 Jul 2019 18:40:20 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id x6MFeKJ5029240; Mon, 22 Jul 2019 18:40:20 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23861.55524.136444.89174@fireball.acr.fi>
Date: Mon, 22 Jul 2019 18:40:20 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "6tisch@ietf.org" <6tisch@ietf.org>
In-Reply-To: <18823.1563413500@localhost>
References: <23846.23772.363888.302178@fireball.acr.fi> <MN2PR11MB3565CBB6A212C64388B3AA28D8F30@MN2PR11MB3565.namprd11.prod.outlook.com> <23847.46850.300632.27575@fireball.acr.fi> <15268.1563217770@localhost> <23855.38076.587920.287700@fireball.acr.fi> <18823.1563413500@localhost>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 5 min
X-Total-Time: 4 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/e25HwCdaS01DqeK-Q4sLkYkBpkQ>
Subject: Re: [6tisch] TSCH and CCM security proofs
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 15:40:30 -0000
Michael Richardson writes: > > Tero Kivinen <kivinen@iki.fi> wrote: > > Michael Richardson writes: > >> > Implementations MUST use different L2 keys when using different MIC > >> > lengths, as using same key with different MIC lengths might be > >> unsafe > (i.e., using same key for both MIC-32 and MIC-64). See IEEE > >> 802.15.4 > Annex B.4.3 for more information. > >> > >> This seems like it isn't a problem. It would apply to network-wide > >> keying only. > > > It applies all keys, not only network-wide keys. > > yes, but if one uses 802.15.9, then the likelyhood of repeated keys is pretty > low, right? No. Broadcast keys are most likely same for some time, and if you join the network before they are changed, the 15.9 will deliver you the same keys than last time. Pairwise keys generated by 15.9 are of course going to be different. > > Most common use might be someone using MIC-32 for beacons, but using > > MIC-64 for actual data or something like that. > > Yes, but why do that? > What's the benefit? Most likely saving bytes over the air. The EBs are sent quite often, and things that are there are already known by anybody who is already joined the network, thus they only care about the exact timing of the frame, not really about the content. Of course if there is changes for the network setup indicaed by EB, then it would be different, but I do not think anybody does that, as chaing any of the parameters inside the network (timing, channels used etc) would really mess up the network completely thus tearing down the network and starting over is better option. -- kivinen@iki.fi
- [6tisch] TSCH and CCM security proofs Tero Kivinen
- Re: [6tisch] TSCH and CCM security proofs Pascal Thubert (pthubert)
- Re: [6tisch] TSCH and CCM security proofs Tero Kivinen
- Re: [6tisch] TSCH and CCM security proofs Michael Richardson
- Re: [6tisch] TSCH and CCM security proofs Tero Kivinen
- Re: [6tisch] TSCH and CCM security proofs Michael Richardson
- Re: [6tisch] TSCH and CCM security proofs Tero Kivinen