Re: [6tisch] 6tisch join requirements for 6top

<yoshihiro.ohba@toshiba.co.jp> Mon, 01 December 2014 23:49 UTC

Return-Path: <yoshihiro.ohba@toshiba.co.jp>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 525741A89AF for <6tisch@ietfa.amsl.com>; Mon, 1 Dec 2014 15:49:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ft-lD2mFOxGj for <6tisch@ietfa.amsl.com>; Mon, 1 Dec 2014 15:49:46 -0800 (PST)
Received: from imx2.toshiba.co.jp (inet-tsb5.toshiba.co.jp [202.33.96.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA3BC1A1BE1 for <6tisch@ietf.org>; Mon, 1 Dec 2014 15:49:45 -0800 (PST)
Received: from arc1.toshiba.co.jp ([133.199.194.235]) by imx2.toshiba.co.jp with ESMTP id sB1Nnb0h001018; Tue, 2 Dec 2014 08:49:37 +0900 (JST)
Received: (from root@localhost) by arc1.toshiba.co.jp id sB1Nnacc007296; Tue, 2 Dec 2014 08:49:36 +0900 (JST)
Received: from ovp2.toshiba.co.jp [133.199.192.144] by arc1.toshiba.co.jp with ESMTP id JAA07293; Tue, 2 Dec 2014 08:49:36 +0900
Received: from mx12.toshiba.co.jp (localhost [127.0.0.1]) by ovp2.toshiba.co.jp with ESMTP id sB1NnaOt006016; Tue, 2 Dec 2014 08:49:36 +0900 (JST)
Received: from TGXML208.toshiba.local by toshiba.co.jp id sB1NnZHZ027293; Tue, 2 Dec 2014 08:49:35 +0900 (JST)
Received: from TGXML210.toshiba.local ([169.254.4.170]) by TGXML208.toshiba.local ([133.199.70.17]) with mapi id 14.03.0195.001; Tue, 2 Dec 2014 08:49:36 +0900
From: yoshihiro.ohba@toshiba.co.jp
To: watteyne@eecs.berkeley.edu, ksjp@berkeley.edu
Thread-Topic: [6tisch] 6tisch join requirements for 6top
Thread-Index: AQHQAp6mzn11Yy2yUkumPgLa1+2pqpxvN/yAgAA3cgCAATc9AIAAwgWAgAXb3wCABDOD4A==
Date: Mon, 01 Dec 2014 23:49:35 +0000
Message-ID: <674F70E5F2BE564CB06B6901FD3DD78B29D05F10@TGXML210.toshiba.local>
References: <D0876D12.C03C%rsudhaak@cisco.com> <32412.1415737868@sandelman.ca> <D087B62D.C081%rsudhaak@cisco.com> <10653.1415740821@sandelman.ca> <CADJ9OA_LFkGDuyG_0bf=07d7cvC9FNRr5cMGTmYw2PR=g9XQHA@mail.gmail.com> <8193.1416253349@sandelman.ca> <21619.12717.53454.214321@fireball.kivinen.iki.fi> <E045AECD98228444A58C61C200AE1BD848A77CB5@xmb-rcd-x01.cisco.com> <21620.25926.119766.130028@fireball.kivinen.iki.fi> <54750807.9070901@berkeley.edu> <CADJ9OA_FS2qsTEGCDMMu_wwN=NsfARW26rw_9g9ROP=AHorB3g@mail.gmail.com>
In-Reply-To: <CADJ9OA_FS2qsTEGCDMMu_wwN=NsfARW26rw_9g9ROP=AHorB3g@mail.gmail.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
x-originating-ip: [133.196.20.148]
msscp.transfermailtomossagent: 103
Content-Type: multipart/alternative; boundary="_000_674F70E5F2BE564CB06B6901FD3DD78B29D05F10TGXML210toshiba_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/zB9KYW8NQaebn0QmiTG374c-e4U
Cc: 6tisch@ietf.org
Subject: Re: [6tisch] 6tisch join requirements for 6top
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 23:49:48 -0000

There is some weakness if a device does not store a frame counter (i.e., ASN in TSCH) across a reboot.  There can be a replay attack by sending a copy of beacon fame sent in the past, letting the rebooted device to re-use the frame counter (until the device synch up with correct ASN).

Yoshihiro Ohba


From: 6tisch [mailto:6tisch-bounces@ietf.org] On Behalf Of Thomas Watteyne
Sent: Sunday, November 30, 2014 1:20 AM
To: Kris Pister
Cc: 6tisch@ietf.org
Subject: Re: [6tisch] 6tisch join requirements for 6top

Tero, all,

As the key is AES-CCM key that means that every single device needs to
store their frame counters to stable storage. This sets quite high
requirements for the devices. In theory they should also store the
frame counters for all the peers they are talking to, but I don't know
if any device does that. Usually they only store their own frame
counter to flash every now and then, and then on the restart they load
it from the flash, and add big enough counter to it to make sure that
it is unique.

IEEE802.15.4e-2012 TSCH [1], the ASN is used as the Frame Counter for security operations, so you don't have to store the frame counters to stable storage, right?

Thomas

[1] http://standards.ieee.org/getieee802/download/802.15.4e-2012.pdf

On Tue, Nov 25, 2014 at 2:51 PM, Kris Pister <ksjp@berkeley.edu<mailto:ksjp@berkeley.edu>> wrote:
No, when someone defines protocol B that is not compatible with protocol A then
they will pick a different well-known key.  That is the whole idea.

ksjp

On 11/25/2014 3:17 AM, Tero Kivinen wrote:
So when someone is running the protocol A and B both over the same
default well-known key then you still have the problem...

_______________________________________________
6tisch mailing list
6tisch@ietf.org<mailto:6tisch@ietf.org>
https://www.ietf.org/mailman/listinfo/6tisch