Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
Michael StJohns <mstjohns@comcast.net> Wed, 20 July 2016 12:29 UTC
Return-Path: <mstjohns@comcast.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5369D12D52C for <ace@ietfa.amsl.com>; Wed, 20 Jul 2016 05:29:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.987
X-Spam-Level:
X-Spam-Status: No, score=-3.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4GfMy9k6E7a for <ace@ietfa.amsl.com>; Wed, 20 Jul 2016 05:29:20 -0700 (PDT)
Received: from resqmta-po-10v.sys.comcast.net (resqmta-po-10v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 027B812D587 for <ace@ietf.org>; Wed, 20 Jul 2016 05:29:19 -0700 (PDT)
Received: from resomta-po-02v.sys.comcast.net ([96.114.154.226]) by resqmta-po-10v.sys.comcast.net with SMTP id Pqcpb0TzkHqolPqcpb8215; Wed, 20 Jul 2016 12:29:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1469017759; bh=nns+1xT0PD5wneLPLKeKHBEVT2EutR0rXCvpmfTY6s0=; h=Received:Received:To:From:Subject:Message-ID:Date:MIME-Version: Content-Type; b=smfDQKgPFNU7Ljb2j/Jo7254YBt17Dmu/el2Vh6qsFMXVMoJgj3R8nK7HSWHASG5/ EOSBXOpg8PJkJmvUaVuEeyX/HBdwExCfbfL/gEgSmKXpAXUrHp55lGQIJtzHh8Aahp NxUzk7aJKh/fuXxeRxfUvTp6aAtU32DtyyGQcQ3qCCMK3MkahHTOxudRq4friYRmMH IBx9IVS6maK6wRVUz7wEsdwchJbqqFnmjda2f1CGAuYX1vSSgux+MZS3ni9qPHrDrL trimwBMSSZy0RELS78JpDYHW0ESKhBMq5BBY2QTMTwq9saYMEUhKi5lnfu7KQo5AaZ aH7HMfoyQxjhg==
Received: from [IPv6:2001:67c:370:176:15b0:8503:5279:1996] ([IPv6:2001:67c:370:176:15b0:8503:5279:1996]) by comcast with SMTP id Pqcdbe7NCEBksPqcibr5Uf; Wed, 20 Jul 2016 12:29:17 +0000
To: ace@ietf.org
From: Michael StJohns <mstjohns@comcast.net>
Message-ID: <8f6eff05-e7b0-dbc0-7a2a-38db6fb37be4@comcast.net>
Date: Wed, 20 Jul 2016 08:29:11 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfCXhNHDZrAy+wimwr1TBnZFzHB+WtEGdhPwvRnTfTButjFi+F87YvIt6ceR5oazD20kwoYfURv8h60XZkNW/krQqPtzc7FUTHWDSu2tsv2CY4aCTqKDq MFHtaB12m0NL+Wp5MTYZZ6NDsBDP1OksXTlCkousxKpAS5BPUmBlAlupGC/Nxe7LYOL65efidxlruw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/0gL_qFO85oLkkGuCyc__5diJnyM>
Subject: Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 12:29:27 -0000
As I mentioned at the microphone I'm opposed to pursuing symmetric key multicast solutions. WRT to the current set of proposal documents, I see no substantive improvement on the rejected proposals from the DICE (https://mailarchive.ietf.org/arch/search/?email_list=dtls-iot) working group. The topic of symmetric key multicast security came up fairly early in the WG (https://mailarchive.ietf.org/arch/msg/dtls-iot/jRL-bZwFpEK-P19S0b0CFXFfMBA) and went on for most of the life of the working group before being finally killed due to an agreement that the problems could not be resolved. For a detailed discussion of the issues, please see that archive and mostly substitute "ACE group communications" wherever you see "DTLS multicast" or similar. The discussion points mostly apply to both. My specific objection is that protocols that affect (or have the potential to affect) the physical world (e.g. by turning on lights, by setting off a fire extinguisher, by opening or locking doors, by turning on or off heating or cooling, etc), need to be secure enough to not present a danger to health and safety. Using multicast, specifically using a symmetrically keyed multicast, to authenticate an actuator operation has the general property of - without specific mitigation - of not being secure enough in the general case. That conclusion comes from the FACT that compromising ANY device that shares the multicast or group communication key is all that is necessary to get the key material necessary to masquerade as the controller of the group. Since both the controllers and the controllees share the same keys, there is no secure way using only those symmetric keys to differentiate between controller/controllee for the purposes of authenticating a command. The possible approaches for mitigation are few (and mostly discussed in DICE): 1) Place the multicast group key management protocol and related functions inside a secure element. The work factor to penetrate any single secure element becomes the work factor to compromise the group. This particular mitigation is difficult to specify/enforce in an IETF protocol. 2) Use multicast group keys for confidentiality only and provide source authentication through the use of public key systems. 3) Limit the use of any given group key to a small group of mostly homogeneous actuators and controllers in a physically contiguous area. Basically, the work factor to penetrate any element is on the order of the work factor to enter the physical space at which point you probably manually change the state of the controlled device. This doesn't provide a general solution, but may be acceptable in the ACE space. It would be enforced in the protocol by - for example - limiting the size of the node participant identifiers to 3 or 4 bits (8 or 16 elements) and by limiting it to 2 physical hops or so. 4) Limit the field of use by protocol and document constraints (e.g. Apply (3) above plus calling this the "Lighting Control Protocol Security"). 5) Limit the protocol use to data transmission only - with no cyber-physical actuations being possible. (E.g. no messages cause any changes in the real world). It's probable that none of these are acceptable constraints for ACE - in which case if this work item is accepted, ACE may find itself in the same position of DICE in 2 years. Mike
- Re: [Ace] Adoption of Low Latency Group Communica… Rene Struik
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Stephen Farrell
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Derek Atkins
- Re: [Ace] Adoption of Low Latency Group Communica… Jim Schaad
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Thomas Hardjono
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Rahman, Akbar
- Re: [Ace] Adoption of Low Latency Group Communica… Smith, Ned
- [Ace] Adoption of Low Latency Group Communication… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Grunwald, Markus
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Garcia Morchon O, Oscar
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Carsten Bormann
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz