Re: [Ace] Summary of ACE Group Communication Security Discussion
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 18 November 2016 03:59 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5661293D6 for <ace@ietfa.amsl.com>; Thu, 17 Nov 2016 19:59:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPR2gejTWv9c for <ace@ietfa.amsl.com>; Thu, 17 Nov 2016 19:59:50 -0800 (PST)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682A8129625 for <ace@ietf.org>; Thu, 17 Nov 2016 19:59:50 -0800 (PST)
Received: by mail-vk0-x235.google.com with SMTP id p9so159053130vkd.3 for <ace@ietf.org>; Thu, 17 Nov 2016 19:59:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Q20FI8x75yZp6pT0YkXFlFMadC3JLVXrv+AMqQ1QPbs=; b=QZVAVeSHA1ZTl/6rTkkiT4stWA6PQ8hH4uFYzYwhPHGucNO8J3qnFhndFsm3pezBAK DoCGeCUvgiuBMtQ8N7X8RWWwBUGG5xtI99SQ2aUUZ+MoUCk+aXVgakoNyjmvAP0T1zIj i9e9vqYbrkVVj6gKJx9yzH3uJ0fxmsl/A5pvd4sk3z4vn0OzCKrIRmYvASThkGgOVU9y Jq37X7bR/32txKs1FiNFUI1ncGgZEfLjwEvvs8oaVNRHmHGtAoAzKAz55NhPFTd4RynB w/JYjblDhgkYkCdBTBbJLCFOeSqDkGU8DywEIPXYKNegGmCo7Aiyse4duekMux0EVTy6 p5tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Q20FI8x75yZp6pT0YkXFlFMadC3JLVXrv+AMqQ1QPbs=; b=HLVeQ1Bc7FITJIgMcQwm9o2vDZ26L1j9L8aE8GgZq+DVPMhgpTf7fK9UfhlupGr9/I CVb/4WmsStSMHIP3mGhhKN0JNBOt0dnoxwK4pR6MpaYPz+/MA5tNtnr2Tqji6iKm5Az9 rhAiFuXy4Z7YNpPsaX1H9YNrq/1Lg8S1CnS+kV3LJhX9lcdthcm2UyurCh3sG1F/xLNv +DU8O8/GPclTyIYHcsgyf2uvyF4Rd5ur+9+g6gZDPqj0QTo2ip/qZQiamRXIF43LXvK3 4L2xvSOhWCbXP0ZeBqyfH7TK/cMsxUygI89+j3Et2PUMNHEZLT10K+c8G3JPGkMAJtoy LzDQ==
X-Gm-Message-State: AKaTC01BW58rsb/sBoDqQpNitg2J+XQCGwcOxfQ3ApCMJNqgZD87RibrifRpM3ZBmgIWh9A06DWfp0VRa0wI/g==
X-Received: by 10.31.200.4 with SMTP id y4mr4380559vkf.115.1479441589446; Thu, 17 Nov 2016 19:59:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.82.143 with HTTP; Thu, 17 Nov 2016 19:59:48 -0800 (PST)
In-Reply-To: <dead56f965b94081bd187585d1272398@XCH-RCD-017.cisco.com>
References: <D40F1535.451DD%kepeng.lkp@alibaba-inc.com> <1cc7f243-e7f7-6ec5-7140-88c74853dc34@gmx.net> <04FDEBEF-68CF-4DC6-B760-4DFB1B87D22C@gmail.com> <b69552fc-97c1-bc8f-6282-c3d42bf081c0@comcast.net> <6108.1478988687@dooku.sandelman.ca> <187ea38f-3271-ee91-7053-3e5ecedeafea@comcast.net> <7f461eca-b294-4a4f-b8e1-ec2fe70effaf.kepeng.lkp@alibaba-inc.com> <3ccde008-1e19-718d-37bb-ed7653c60ec9@comcast.net> <c4ec1408-8453-e056-05d6-1aa4d0aeb105@gmail.com> <0C27644B-6033-4781-86D5-2FD66872CEFC@gmail.com> <dead56f965b94081bd187585d1272398@XCH-RCD-017.cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 17 Nov 2016 22:59:48 -0500
Message-ID: <CAHbuEH5tiYP6wYhC60jQKaDuA0V0j5nQUiKcTGhfYPp3+kzQsw@mail.gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: multipart/alternative; boundary="001a114dd55867ad8805418b567b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/cooHSGo57wtDHa5h7nTsJzmcTpQ>
Cc: Michael StJohns <mstjohns@comcast.net>, Rene Struik <rstruik.ext@gmail.com>, "ace@ietf.org" <ace@ietf.org>
Subject: Re: [Ace] Summary of ACE Group Communication Security Discussion
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 03:59:53 -0000
On Thu, Nov 17, 2016 at 10:56 PM, Tirumaleswar Reddy (tireddy) < tireddy@cisco.com> wrote: > Kathleen, > > > > I will put up a proposal before the Chicago meeting. > Thank you. > > > -Tiru > > > > *From:* Ace [mailto:ace-bounces@ietf.org] *On Behalf Of * > kathleen.moriarty.ietf@gmail.com > *Sent:* Friday, November 18, 2016 5:30 AM > *To:* Rene Struik <rstruik.ext@gmail.com> > *Cc:* Michael StJohns <mstjohns@comcast.net>; ace@ietf.org > *Subject:* Re: [Ace] Summary of ACE Group Communication Security > Discussion > > > > Is anyone willing to work on a draft to be ready in advance of the Chicago > meeting so we have a concrete proposal for asymmetric keys? > > > > Thanks, > > Kathleen > > Please excuse typos, sent from handheld device > > > On Nov 17, 2016, at 11:26 PM, Rene Struik <rstruik.ext@gmail.com> wrote: > > Dear colleagues: > > Just a reminder re perceived technical hurdles for using signatures: > a) time latency of signing: > One can pre-compute ephemeral signing keys, so as to reduce online key > computation to a few finite field multiplies. > Please see my email to the list of July 26, 2016: > https://mailarchive.ietf.org/arch/msg/ace/iEb0XnAIMAB_V3I8LjMFQRj1Fe0 > b): further speed-ups/tricks, etc: > One can try and be smarter by clever implementations. > Please see my email to the list of July 21, 2016: > https://mailarchive.ietf.org/arch/msg/ace/iI58mT_DDzKImL1LP_bUQ7TzooI > > This seems to take the time latency argument away. The only other > technical hurdles I can see are > (i) signature size {is 64B too much?}; > (ii) cost of public key crypto implementations {quite some small, nifty > designs out there (NaCl etc.}. > > As to (i) - one should view signature sizes in perspective: as an example, > key sizes in the key pre-distribution scheme HIMMO (as promoted by Philips) > has key sizes of 6.25 kB and up, according to Table 3 of the paper that > massages parameters to thwart new attacks on their scheme, see > http://eprint.iacr.org/2016/152. > > So, security arguments that favor asymmetric solutions aside, there also > do not seem to be too many other objections that would hold in the world > anno 2016 {except for "sunk investment" arguments", but that is a corporate > mindset issue}. > > On 11/17/2016 12:50 AM, Michael StJohns wrote: > > On 11/16/2016 9:08 AM, Kepeng Li wrote: > > Hello all, > > We had a long discussion about group communication security topic since > the previous F2F meeting. > > Hannes and I have tried to make a summary about the discussion as follows: > > · The solution needs to define both, symmetric and an asymmetric > group key solution. > > > There is no case (absent hardware mitigation) in which a symmetric group > key solution can be made secure/safe and no one has made an offer of proof > that they can make it secure. I've asked repeatedly - no one has come > forward with more than "oh we can lock the symmetric key stuff in a corner > and make sure it isn't used for anything important". > > > Given the recent attacks on the internet by IOT botnets, there is a > further consideration that should be undertaken - whether the symmetric > group key solution applied to 10s of 1000s of IOT devices is an active > threat to the rest of the internet (e.g. enabling DDOS, cyber physical > issues, etc)? > > The multiparty (group) symmetric key solution is only wanted for a single > corner of the solution space - low latency, no cost systems. E.g. > lightbulbs. Given there is a worked example of the insecurity of > multiparty symmetric key systems (e.g. the attack on the symmetric signing > key of the HUE lights), I'm unclear why anyone at all would think that > pursuing a known bad solution in the IETF is a good idea. > > > · The security consideration section needs to explain under what > circumstances what solution is appropriate. > > > Security consideration sections generally only address the threat *to* the > system from security choices. In this case, symmetric key group comms > reduces down to the same security analysis you would use with shared > default passwords across 1000s of devices. An IOT security consideration > section in the future probably needs to address the threat *FROM* the IOT > solution to the broader internet. > > Mike > > > > If this is not accurate, please let us know. > > Kind Regards > Kepeng & Hannes > > BTW: it is a pity that I can't attend this meeting due to personal > reasons, and hope you all have a nice meeting in Seoul! > > > > > _______________________________________________ > > Ace mailing list > > Ace@ietf.org > > https://www.ietf.org/mailman/listinfo/ace > > > > > > > _______________________________________________ > > Ace mailing list > > Ace@ietf.org > > https://www.ietf.org/mailman/listinfo/ace > > > > > > -- > > email: rstruik.ext@gmail.com | Skype: rstruik > > cell: +1 (647) 867-5658 | US: +1 (415) 690-7363 > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > -- Best regards, Kathleen
- [Ace] Summary of ACE Group Communication Security… Kepeng Li
- Re: [Ace] Summary of ACE Group Communication Secu… Eliot Lear
- Re: [Ace] Summary of ACE Group Communication Secu… Hannes Tschofenig
- Re: [Ace] Summary of ACE Group Communication Secu… kathleen.moriarty.ietf
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… Eliot Lear
- Re: [Ace] Summary of ACE Group Communication Secu… kathleen.moriarty.ietf
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… kathleen.moriarty.ietf
- Re: [Ace] Summary of ACE Group Communication Secu… Michael Richardson
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… Michael Richardson
- [Ace] Summary of ACE Group Communication Security… Kepeng Li
- [Ace] Slides for the Seoul F2F meeting Kepeng Li
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… Michael Richardson
- Re: [Ace] Summary of ACE Group Communication Secu… Rene Struik
- Re: [Ace] Summary of ACE Group Communication Secu… kathleen.moriarty.ietf
- Re: [Ace] Summary of ACE Group Communication Secu… Tirumaleswar Reddy (tireddy)
- Re: [Ace] Summary of ACE Group Communication Secu… Kathleen Moriarty
- Re: [Ace] Summary of ACE Group Communication Secu… Göran Selander
- Re: [Ace] Summary of ACE Group Communication Secu… Kumar, Sandeep
- Re: [Ace] Summary of ACE Group Communication Secu… Shahid Raza
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… Hannes Tschofenig
- Re: [Ace] Summary of ACE Group Communication Secu… Carsten Bormann
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns
- Re: [Ace] Summary of ACE Group Communication Secu… Rahman, Akbar
- Re: [Ace] Summary of ACE Group Communication Secu… Michael StJohns