IETF Logo Mail Archive

Re: [Ace] Summary of ACE Group Communication Security Discussion

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 18 November 2016 03:59 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5661293D6 for <ace@ietfa.amsl.com>; Thu, 17 Nov 2016 19:59:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPR2gejTWv9c for <ace@ietfa.amsl.com>; Thu, 17 Nov 2016 19:59:50 -0800 (PST)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682A8129625 for <ace@ietf.org>; Thu, 17 Nov 2016 19:59:50 -0800 (PST)
Received: by mail-vk0-x235.google.com with SMTP id p9so159053130vkd.3 for <ace@ietf.org>; Thu, 17 Nov 2016 19:59:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Q20FI8x75yZp6pT0YkXFlFMadC3JLVXrv+AMqQ1QPbs=; b=QZVAVeSHA1ZTl/6rTkkiT4stWA6PQ8hH4uFYzYwhPHGucNO8J3qnFhndFsm3pezBAK DoCGeCUvgiuBMtQ8N7X8RWWwBUGG5xtI99SQ2aUUZ+MoUCk+aXVgakoNyjmvAP0T1zIj i9e9vqYbrkVVj6gKJx9yzH3uJ0fxmsl/A5pvd4sk3z4vn0OzCKrIRmYvASThkGgOVU9y Jq37X7bR/32txKs1FiNFUI1ncGgZEfLjwEvvs8oaVNRHmHGtAoAzKAz55NhPFTd4RynB w/JYjblDhgkYkCdBTBbJLCFOeSqDkGU8DywEIPXYKNegGmCo7Aiyse4duekMux0EVTy6 p5tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Q20FI8x75yZp6pT0YkXFlFMadC3JLVXrv+AMqQ1QPbs=; b=HLVeQ1Bc7FITJIgMcQwm9o2vDZ26L1j9L8aE8GgZq+DVPMhgpTf7fK9UfhlupGr9/I CVb/4WmsStSMHIP3mGhhKN0JNBOt0dnoxwK4pR6MpaYPz+/MA5tNtnr2Tqji6iKm5Az9 rhAiFuXy4Z7YNpPsaX1H9YNrq/1Lg8S1CnS+kV3LJhX9lcdthcm2UyurCh3sG1F/xLNv +DU8O8/GPclTyIYHcsgyf2uvyF4Rd5ur+9+g6gZDPqj0QTo2ip/qZQiamRXIF43LXvK3 4L2xvSOhWCbXP0ZeBqyfH7TK/cMsxUygI89+j3Et2PUMNHEZLT10K+c8G3JPGkMAJtoy LzDQ==
X-Gm-Message-State: AKaTC01BW58rsb/sBoDqQpNitg2J+XQCGwcOxfQ3ApCMJNqgZD87RibrifRpM3ZBmgIWh9A06DWfp0VRa0wI/g==
X-Received: by 10.31.200.4 with SMTP id y4mr4380559vkf.115.1479441589446; Thu, 17 Nov 2016 19:59:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.82.143 with HTTP; Thu, 17 Nov 2016 19:59:48 -0800 (PST)
In-Reply-To: <dead56f965b94081bd187585d1272398@XCH-RCD-017.cisco.com>
References: <D40F1535.451DD%kepeng.lkp@alibaba-inc.com> <1cc7f243-e7f7-6ec5-7140-88c74853dc34@gmx.net> <04FDEBEF-68CF-4DC6-B760-4DFB1B87D22C@gmail.com> <b69552fc-97c1-bc8f-6282-c3d42bf081c0@comcast.net> <6108.1478988687@dooku.sandelman.ca> <187ea38f-3271-ee91-7053-3e5ecedeafea@comcast.net> <7f461eca-b294-4a4f-b8e1-ec2fe70effaf.kepeng.lkp@alibaba-inc.com> <3ccde008-1e19-718d-37bb-ed7653c60ec9@comcast.net> <c4ec1408-8453-e056-05d6-1aa4d0aeb105@gmail.com> <0C27644B-6033-4781-86D5-2FD66872CEFC@gmail.com> <dead56f965b94081bd187585d1272398@XCH-RCD-017.cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 17 Nov 2016 22:59:48 -0500
Message-ID: <CAHbuEH5tiYP6wYhC60jQKaDuA0V0j5nQUiKcTGhfYPp3+kzQsw@mail.gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: multipart/alternative; boundary="001a114dd55867ad8805418b567b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/cooHSGo57wtDHa5h7nTsJzmcTpQ>
Cc: Michael StJohns <mstjohns@comcast.net>, Rene Struik <rstruik.ext@gmail.com>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] Summary of ACE Group Communication Security Discussion
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 03:59:53 -0000

On Thu, Nov 17, 2016 at 10:56 PM, Tirumaleswar Reddy (tireddy) <
tireddy@cisco.com> wrote:

> Kathleen,
>
>
>
> I will put up a proposal before the Chicago meeting.
>

Thank you.

>
>
> -Tiru
>
>
>
> *From:* Ace [mailto:ace-bounces@ietf.org] *On Behalf Of *
> kathleen.moriarty.ietf@gmail.com
> *Sent:* Friday, November 18, 2016 5:30 AM
> *To:* Rene Struik <rstruik.ext@gmail.com>
> *Cc:* Michael StJohns <mstjohns@comcast.net>; ace@ietf.org
> *Subject:* Re: [Ace] Summary of ACE Group Communication Security
> Discussion
>
>
>
> Is anyone willing to work on a draft to be ready in advance of the Chicago
> meeting so we have a concrete proposal for asymmetric keys?
>
>
>
> Thanks,
>
> Kathleen
>
> Please excuse typos, sent from handheld device
>
>
> On Nov 17, 2016, at 11:26 PM, Rene Struik <rstruik.ext@gmail.com> wrote:
>
> Dear colleagues:
>
> Just a reminder re perceived technical hurdles for using signatures:
> a) time latency of signing:
> One can pre-compute ephemeral signing keys, so as to reduce online key
> computation to a few finite field multiplies.
> Please see my email to the list of July 26, 2016:
> https://mailarchive.ietf.org/arch/msg/ace/iEb0XnAIMAB_V3I8LjMFQRj1Fe0
> b): further speed-ups/tricks, etc:
> One can try and be smarter by clever implementations.
> Please see my email to the list of July 21, 2016:
> https://mailarchive.ietf.org/arch/msg/ace/iI58mT_DDzKImL1LP_bUQ7TzooI
>
> This seems to take the time latency argument away. The only other
> technical hurdles I can see are
> (i) signature size {is 64B too much?};
> (ii) cost of public key crypto implementations {quite some small, nifty
> designs out there (NaCl etc.}.
>
> As to (i) - one should view signature sizes in perspective: as an example,
> key sizes in the key pre-distribution scheme HIMMO (as promoted by Philips)
> has key sizes of 6.25 kB and up, according to Table 3 of the paper that
> massages parameters to thwart new attacks on their scheme, see
> http://eprint.iacr.org/2016/152.
>
> So, security arguments that favor asymmetric solutions aside, there also
> do not seem to be too many other objections that would hold in the world
> anno 2016 {except for "sunk investment" arguments", but that is a corporate
> mindset issue}.
>
> On 11/17/2016 12:50 AM, Michael StJohns wrote:
>
> On 11/16/2016 9:08 AM, Kepeng Li wrote:
>
> Hello all,
>
> We had a long discussion about group communication security topic since
> the previous F2F meeting.
>
> Hannes and I have tried to make a summary about the discussion as follows:
>
> ·       The solution needs to define both, symmetric and an asymmetric
> group key solution.
>
>
> There is no case (absent hardware mitigation) in which a symmetric group
> key solution can be made secure/safe and no one has made an offer of proof
> that they can make it secure.    I've asked repeatedly - no one has come
> forward with more than "oh we can lock the symmetric key stuff in a corner
> and make sure it isn't used for anything important".
>
>
> Given the recent attacks on the internet by IOT botnets, there is a
> further consideration that should be undertaken - whether the symmetric
> group key solution applied to 10s of 1000s of IOT devices is an active
> threat to the rest of the internet (e.g. enabling DDOS, cyber physical
> issues, etc)?
>
> The multiparty (group) symmetric key solution is only wanted for a single
> corner of the solution space - low latency, no cost systems.  E.g.
> lightbulbs.  Given there is a worked example of the insecurity of
> multiparty symmetric key systems (e.g. the attack on the symmetric signing
> key of the HUE lights), I'm unclear why anyone at all would think that
> pursuing a known bad solution in the IETF is a good idea.
>
>
> ·       The security consideration section needs to explain under what
> circumstances what solution is appropriate.
>
>
> Security consideration sections generally only address the threat *to* the
> system from security choices.  In this case, symmetric key group comms
> reduces down to the same security analysis you would use with shared
> default passwords across 1000s of devices.   An IOT security consideration
> section in the future probably needs to address the threat *FROM* the IOT
> solution to the broader internet.
>
> Mike
>
>
>
> If this is not accurate, please let us know.
>
> Kind Regards
> Kepeng & Hannes
>
> BTW: it is a pity that I can't attend this meeting due to personal
> reasons, and hope you all have a nice meeting in Seoul!
>
>
>
>
> _______________________________________________
>
> Ace mailing list
>
> Ace@ietf.org
>
> https://www.ietf.org/mailman/listinfo/ace
>
>
>
>
>
>
> _______________________________________________
>
> Ace mailing list
>
> Ace@ietf.org
>
> https://www.ietf.org/mailman/listinfo/ace
>
>
>
>
>
> --
>
> email: rstruik.ext@gmail.com | Skype: rstruik
>
> cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
>
> _______________________________________________
> Ace mailing list
> Ace@ietf.org
> https://www.ietf.org/mailman/listinfo/ace
>
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email