Re: [Ace] Group Communication Security Disagreements
Michael StJohns <mstjohns@comcast.net> Thu, 21 July 2016 13:48 UTC
Return-Path: <mstjohns@comcast.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AFBB12D5CB for <ace@ietfa.amsl.com>; Thu, 21 Jul 2016 06:48:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.987
X-Spam-Level:
X-Spam-Status: No, score=-3.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nye5diyl0ujq for <ace@ietfa.amsl.com>; Thu, 21 Jul 2016 06:48:27 -0700 (PDT)
Received: from resqmta-ch2-11v.sys.comcast.net (resqmta-po-11v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FEBB12D51D for <ace@ietf.org>; Thu, 21 Jul 2016 06:48:25 -0700 (PDT)
Received: from resomta-po-03v.sys.comcast.net ([96.114.154.227]) by resqmta-po-11v.sys.comcast.net with SMTP id QEKsbYeuKEp5XQEKubHLQk; Thu, 21 Jul 2016 13:48:24 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1469108904; bh=UoQguL3x1sPUY6cTQM8P6cF7jcqeVUX9V31EolZtU7k=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=WwGFokLk9IuhYOFw5O9akuw0GBZK3/Zb0nc5h10eiRQ0nS66u9YWslelrb4iu6Ay0 n7w0bUWXrfxNUZKNd61W+xGHOAcTcuOsX7XcBNzk8OaZLd/cR2FTTHLo75TBDoXWQR o3MrbzavBcZtzNk3Rp1R1vIDP4unzPFCp4R6Bar5nmTTIUOrxjWdkkEsJ2MXnEaPZf JXpEzBhpmNx6bOWpR/dkLlwWlxKPYglLgndcPz6oNQ8vhwIcoCL2CsUH+p0uUhpxKi jScEm2qmk5zeBORU3cpGiihYCWZooF3vSzA34znBwnaa0iQfFDOdPWZCRdJXR/FCxA kLp+WgSdebfIA==
Received: from [IPv6:2001:67c:370:136:f5b6:8aca:fcf6:bf81] ([IPv6:2001:67c:370:136:f5b6:8aca:fcf6:bf81]) by comcast with SMTP id QEKgbgErmhUZtQEKmbIPON; Thu, 21 Jul 2016 13:48:21 +0000
To: ace@ietf.org
References: <57909032.10809@gmx.net>
From: Michael StJohns <mstjohns@comcast.net>
Message-ID: <6d259c5b-28e3-c748-4590-0c9f942fe343@comcast.net>
Date: Thu, 21 Jul 2016 09:48:13 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <57909032.10809@gmx.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfClSdWSIb2PzVaBwXDyHvIb1E+fqyOnxGs983sV9Bvc5eCEkD2VhSrTuaYTF7FNfLmDtSC3hlQu971xjPuDOVlDzLwjnhZtjtJd5Pzr0un3uSp8DwMKZ 16cskM2+Upj9lZPC400wxUP6j79io7voVLer1F9/MLsD0d7ogxpx2EXfVzXlvMphwC7kvbNAWOTGeA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/QG8biUdLe7OePZ8kQY__FzaU9Lg>
Subject: Re: [Ace] Group Communication Security Disagreements
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 13:48:28 -0000
On 7/21/2016 5:04 AM, Hannes Tschofenig wrote: > Some other folks, including myself, believe that we would not just > use the group key to determine the authorization decision but would > instead rely on the authorization mechanism to prevent larger harm. > This means that a compromised luminare would indeed turn on and off > other luminaires in the group but they would not be able to successfully > send commands to a door lock since those would (a) not use group > communication and (b) if they use group communication then that would > require an interaction with the authorization server to first obtain a > different group key for such an interaction. Most likely there is no > need for a luminare to obtain a group key for communicating with a door > lock. Hi Hannes - If the protocol were constrained to a small number of group members - say 16 for example - then solving this problem is as simple as sending a control message with multiple message integrity tags - one per target device. In the lighting problem, you could probably make this work with about a 3 byte overhead per device for a total of 48 MIC bytes (4 bits for EP identifier, 20 bits for the MIC) and still have reasonable security. And all without having to have a group key. If you go larger than this, then the group key becomes more attractive, but also less secure. The probability of compromise of the group - if its an interesting target - approaches unity assuming physical access to any device in the group. Without unique source identification (and for that matter role identification either inband or implicit) any compromised device results in your attacker being able to act as a controller for the group. Again, not a large problem (but a problem nonetheless) for a small group of lights inside an office behind locked doors. But a very large problem for a system that's possibly controlling 100 or 1000 lights in a group. As I said at the microphone, if I thought you could just do this as the "ACE protocol for group control of lights" and keep people from using it for other things I'd be a lot less concerned (but still there's the whole threat of turning off all the lights in a building all at once). But the reality is this protocol will be used for control of things beyond lights and it would be irresponsible to standardize a protocol with a real possibility for direct real-world negative impacts on safety and health. The way to solve this for a general involves public key cryptography - that's just how the security and physics and math work out. Mike ps - the idea of secure group multicast for controlling things is indeed a wonderful idea - but think for a moment. If it's such a great idea, why isn't it already in use somewhere? MSEC did quite a lot of work on providing confidentiality for multicasted messages, but the work it did on integrity/authentication produced only a document that allowed you to authenticate the sender after the event was supposed to occur. (E.g. TESLA) That's probably not useful for controlling things in real time. Given the amount of work that was done there, and in various academic settings and with a large number of people and with money and with impetus to make this work on symmetric key systems, why will ACE be more successful? What has changed in our understanding of the problem and the solutions set?
- Re: [Ace] Group Communication Security Disagreeme… Michael Richardson
- Re: [Ace] Group Communication Security Disagreeme… Mohit Sethi
- Re: [Ace] Group Communication Security Disagreeme… Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Mohit Sethi
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Derek Atkins
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- [Ace] (on signature verification times) Re: Group… Rene Struik
- [Ace] Group Communication Security Disagreements Hannes Tschofenig
- Re: [Ace] Group Communication Security Disagreeme… Derek Atkins
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Paul Duffy
- Re: [Ace] Group Communication Security Disagreeme… Michael Richardson
- Re: [Ace] Group Communication Security Disagreeme… Grunwald, Markus
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- Re: [Ace] Group Communication Security Disagreeme… Michael Richardson
- Re: [Ace] Group Communication Security Disagreeme… Kathleen Moriarty
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- Re: [Ace] Group Communication Security Disagreeme… Ludwig Seitz
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Somaraju Abhinav
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns
- Re: [Ace] Group Communication Security Disagreeme… Eliot Lear
- Re: [Ace] Group Communication Security Disagreeme… Michael StJohns