IETF Logo Mail Archive

Re: [6tsch] draft-ohba-6tsch-security-00

Jonathan Simon <jsimon@linear.com> Thu, 27 June 2013 21:08 UTC

Return-Path: <jsimon@linear.com>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F3121F9F14 for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 14:08:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j6mF3vxOG9SR for <6tsch@ietfa.amsl.com>; Thu, 27 Jun 2013 14:08:26 -0700 (PDT)
Received: from p02c11o142.mxlogic.net (p02c11o142.mxlogic.net [208.65.144.75]) by ietfa.amsl.com (Postfix) with ESMTP id 9586511E80D9 for <6tsch@ietf.org>; Thu, 27 Jun 2013 14:08:25 -0700 (PDT)
Received: from unknown [12.218.215.72] (EHLO smtpauth1.linear.com) by p02c11o142.mxlogic.net(mxl_mta-7.1.0-3) with ESMTP id 2c9acc15.0.392837.00-216.974512.p02c11o142.mxlogic.net (envelope-from <jsimon@linear.com>); Thu, 27 Jun 2013 15:08:26 -0600 (MDT)
X-MXL-Hash: 51cca9ca31aaa907-48f4629bf30a1d21d6e32ca7831a881123a8bf3e
Received: from jsimonmacmini.engineering.linear.com (unknown [10.70.48.25]) by smtpauth1.linear.com (Postfix) with ESMTPSA id 15C71740A4; Thu, 27 Jun 2013 14:08:18 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-111-1070644218"
From: Jonathan Simon <jsimon@linear.com>
In-Reply-To: <674F70E5F2BE564CB06B6901FD3DD78B12D258EB@tgxml338.toshiba.local>
Date: Thu, 27 Jun 2013 14:09:11 -0700
Message-Id: <8E172190-20C7-4BD4-96B8-E3F79684FECD@linear.com>
References: <674F70E5F2BE564CB06B6901FD3DD78B12D258EB@tgxml338.toshiba.local>
To: yoshihiro.ohba@toshiba.co.jp
X-Mailer: Apple Mail (2.1085)
X-AnalysisOut: [v=2.0 cv=VruU9ZKn c=1 sm=1 a=glloKNylpeYNumXQcclYyA==:17 a]
X-AnalysisOut: [=6gXxV4Ww6ikA:10 a=D2_GN2MmYMYA:10 a=BLceEmwcHowA:10 a=MqD]
X-AnalysisOut: [INYqSAAAA:8 a=c9vm7nRTORYA:10 a=48vgC7mUAAAA:8 a=S0bVEc-ty]
X-AnalysisOut: [DbwmqgipxgA:9 a=pILNOxqGKmIA:10 a=19wCD08tTksA:10 a=vsVyj9]
X-AnalysisOut: [psLt0A:10 a=qVizmW-ZYBIA:10 a=p-HxVa_ds0YA:10 a=xLpt9-x9cS]
X-AnalysisOut: [EA:10 a=lZB815dzVvQA:10 a=zr4-hSbxxPbl2PTC:21 a=tyx0BjWTSf]
X-AnalysisOut: [DDaqUv:21 a=i3osheWuwSsGgXZN7gcA:9 a=_W_S_7VecoQA:10 a=8E4]
X-AnalysisOut: [e5tMtP5athpjO:21]
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2010122901)]
X-MAIL-FROM: <jsimon@linear.com>
X-SOURCE-IP: [12.218.215.72]
Cc: 6tsch@ietf.org
Subject: Re: [6tsch] draft-ohba-6tsch-security-00
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 21:08:33 -0000

Section 1

"6TSCH builds on a series of semi-proprietary wireless protocols..."
Is it really relevant that TSCH was built on concepts in WirelessHART?  TSCH is not proprietary, and saying it builds on proprietary protocols is a red flag.

"Following Metcalf's law..."
Not only is it not clear what point is being made, Metcalf’s law measures “utility” in connections.  For a networked sensor device, there are likely a finite number of consumers of its data, and the total number of nodes is an irrelevant utility metric. Additionally, in terms of mesh connectivity, in general there is little additional utility to having 1000 neighbors (which may be more than the node can store) over 100, and perhaps 100 over 10 provided there is sufficient connectivity for the network to function.

General

So the problem this draft is trying to solve is shared link-layer keys in the network.  It does this by proposing an 3-phase authentication scheme with unstated overhead to provide unique per-peer link-layer keys, among other things.

a) Each node would need to be preconfigured with every node's certificate material (bad), or communicate with the coordinator to validate PK certs for every device attempting to join (nearly as bad if this takes a lot of packets).  Without seeing the overhead, its hard to tell if this would even work - if a device has to stay synchronized for a long time using unsecured frames, how is that any better than a shared secret? There's still a DoS vector in the unsecured bandwidth.

b) I agree that in protocols with a well-known key for authenticating join requests, an attacker can perform a DoS attack by simulating many devices joining.  These messages are passed up to the coordinator (and rejected).  However this requires distributed injection of messages to be maximally effective, and this is little worse than flooding the network with packets authenticated with the wrong key, so I don't see how per-peer keys is an effective DoS mitigator.
-- 
Jonathan Simon, Ph. D
Director of Systems Engineering
Linear Technology, Dust Networks product group
30695 Huntwood Ave
Hayward, CA 94544-7021
(510) 400-2936
(510) 489-3799 FAX
jsimon@linear.com

**LINEAR TECHNOLOGY CORPORATION** 
*****Internet Email Confidentiality Notice***** 
 This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail, or by telephone at (510) 400-2936, and destroy the original transmission and its attachments without reading or saving in any manner. Thank you. 

On Jun 23, 2013, at 7:10 PM, <yoshihiro.ohba@toshiba.co.jp> <yoshihiro.ohba@toshiba.co.jp> wrote:

> 6tsch-security draft has been submitted to IETF:
> 
> http://tools.ietf.org/html/draft-ohba-6tsch-security-00
> 
> Regards,
> Yoshihiro Ohba
> 
> _______________________________________________
> 6tsch mailing list
> 6tsch@ietf.org
> https://www.ietf.org/mailman/listinfo/6tsch

v2.23.0 | Report a Bug | By Email