Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
Michael StJohns <mstjohns@comcast.net> Mon, 25 July 2016 16:03 UTC
Return-Path: <mstjohns@comcast.net>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FA5412D7F4 for <ace@ietfa.amsl.com>; Mon, 25 Jul 2016 09:03:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.986
X-Spam-Level:
X-Spam-Status: No, score=-3.986 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NASFbP746-p5 for <ace@ietfa.amsl.com>; Mon, 25 Jul 2016 09:03:26 -0700 (PDT)
Received: from resqmta-po-12v.sys.comcast.net (resqmta-po-12v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB5B712D728 for <ace@ietf.org>; Mon, 25 Jul 2016 09:03:26 -0700 (PDT)
Received: from resomta-po-04v.sys.comcast.net ([96.114.154.228]) by resqmta-po-12v.sys.comcast.net with SMTP id RiLDbBJiclHMYRiLmbDIgB; Mon, 25 Jul 2016 16:03:26 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1469462606; bh=lhcxg/FM+PbnJg7pSU8sxSbGxVljxgRNveEQTnVk0p8=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=A7dydJSKTXHp3HlyahpGGhK7iMSbp8tCRrljJg3PYQfGj+836wh5P2UleDIs4Pu8r ksHLYjWOvgdKnWVd5NkqY9/kTFzC5ekBufEnfiZZAWTIJXxFH2mtF2QzHAJPo4i5pJ PGcleQewb+wvssLTU9uYHfWWWFGYSFlMN6j9utcG5xk3Y6NIRfjKJC4bVENiLvjhV0 07PV1Oaic+jXvJECUkkt7MtQ8oa83vBt4fI3dr21Ssy3gl7YSR/hxzlTVc9wtOHFK8 PlgFW8PV2GbkTEarLjap+wYNlA288TMKQDGOKk4lJYzYNPH+ks0N8R4MUkMdgL0LXY FmqLqItueVb2g==
Received: from [IPv6:2601:148:c000:1951:ccd7:589d:2636:a1d] ([IPv6:2601:148:c000:1951:ccd7:589d:2636:a1d]) by comcast with SMTP id RiLjbJPG7EFuXRiLkbRxob; Mon, 25 Jul 2016 16:03:25 +0000
To: Somaraju Abhinav <abhinav.somaraju@tridonic.com>, "ace@ietf.org" <ace@ietf.org>
References: <578F4D59.8050005@gmx.net> <5E393DF26B791A428E5F003BB6C5342AB3716D64@OC11EXPO33.exchange.mit.edu> <23666.1469091857@obiwan.sandelman.ca> <95b0103c-ba2d-6cd8-6241-228df46e530b@sics.se> <8ca27108-a8b9-7b07-e752-656247716708@comcast.net> <HE1PR0601MB22030003D2913DA6096CB3E4FC0D0@HE1PR0601MB2203.eurprd06.prod.outlook.com>
From: Michael StJohns <mstjohns@comcast.net>
Message-ID: <a318cda7-ebf2-5a5c-d86a-9d67fb41a82f@comcast.net>
Date: Mon, 25 Jul 2016 12:03:33 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <HE1PR0601MB22030003D2913DA6096CB3E4FC0D0@HE1PR0601MB2203.eurprd06.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------984951034BBC48127A2DE7F9"
X-CMAE-Envelope: MS4wfFPgdkvGlCvGq9vHrfnxY7Qav+JaMHxT4aZvYgx5xzuOlkPjxMdb48rWgfO2SFCx1ghUlinOUU0HrSmQy4VHM9Uu/8AebHGGY6KxTmo0KEEmnccHX0/P CH1wf+xFJhGzT0FXkEwIcvgSaziigsFOdeRo9R5sv+8R+HihEJWbxDIXiT6aCZcGgaGaxDmmpxLPfj75c0QPY9CcNd/YffyfXIYk1f9JlBs44OruGkn0a4sR
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/teMwKAWzWGJDktP6IuGnweP8Byo>
Subject: Re: [Ace] Adoption of Low Latency Group Communication Security Work in ACE
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 16:03:28 -0000
On 7/25/2016 8:21 AM, Somaraju Abhinav wrote: > > Hi Mike, > > > The group key is also the authorization key in the model proposed. > Any entity that holds that key can forge a message that can cause the > action authorized by the issuance of that key. In your example, > assuming that the door lock and the lightbulb share the same group > key, then compromising the lightbulb allows you to control the door lock. > [AS] This is not the model we have in mind in the document. It is > clear that the document needs some more specification work which > relies on OSCOAP/COSE being complete. However, if you look at sections > 3.3 and 3.4 both the AT-R and AT-KDC assume that there is a field > “Scope” which mentions permissions of the entity holding the token > including “which resources maybe accessed with the token”. So, > compromising a lightbulb group key does not automatically imply that > the door-lock can be controlled with the same key. > Let's try one more time here. 1) If a group of devices share a key, and 2) If some of that group of devices are controllers, and 3) The majority are actuators (e.g. lightbulbs, locks), and, 4) The shared key is the only cryptographic protection on authentication, THEN, 5) The compromise of any device, even an actuator can be used to successfully forge messages that appear to come from controller nodes. Permissions notwithstanding - if more than two entities share a symmetric key, a receiver of a symmetrically signed message cannot trust that the message it received came from the identified source. [If two entities share a key, and I get a message that's signed by that key, and I didn't sign the message then obviously it came from the other guy. If three entities share a key Alice, Bob and Charlie, and Alice receives a message that purports to be from Bob, but is actually originating from Charlie, she cannot determine that the message did not come from Bob through any cryptographic means with this key] Continuing: The usual model for symmetric key authentication of a message is: Sender does: messageAuthenticationCode = MAC (sharedKey, Message). Send Message || messageAuthenticationCode. Receiver does: receivedMessageAuthenticationCode = MAC (sharedKey, Message). Compare receivedMessageAuthenticationCode with messageAuthenticationCode and if they match (according to match rules), message is authenticate. Note the similarities. In a symmetric key authentication - the sign and verify steps differ only on what you do with the output of the MAC calculation. Which implies that basically if you can verify it, you can forge it. Please let's consider the cryptography rather than something that doesn't actually provide an enforceable mechanism. Mike ps - someplace along the way someone came up with the meme that the lightbulbs and locks were on the same key domain and that was what I was complaining about. Instead, see above. What I'm complaining about - indeed what we settled upon in DICE - is that symmetric key group communications systems are not secure enough for any cyber-physical control system without specific mitigations. (For a definition of cyber-physical - Wiki is pretty good - https://en.wikipedia.org/wiki/Cyber-physical_system) > > In general, authentication comes with the key that you have - > authorization is then tied to that key. In DTLS (as in TLS), your > session key is also your authorization key once your TLS session is > tied to a particular identity (e.g. via an HTTP login, via a client > cert exchange, via OAuth). > > So - cosmetic differences only. > > Mike >
- Re: [Ace] Adoption of Low Latency Group Communica… Rene Struik
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Stephen Farrell
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Derek Atkins
- Re: [Ace] Adoption of Low Latency Group Communica… Jim Schaad
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Michael Richardson
- Re: [Ace] Adoption of Low Latency Group Communica… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Thomas Hardjono
- Re: [Ace] Adoption of Low Latency Group Communica… Kumar, Sandeep
- Re: [Ace] Adoption of Low Latency Group Communica… Rahman, Akbar
- Re: [Ace] Adoption of Low Latency Group Communica… Smith, Ned
- [Ace] Adoption of Low Latency Group Communication… Hannes Tschofenig
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Grunwald, Markus
- Re: [Ace] Adoption of Low Latency Group Communica… Robert Cragie
- Re: [Ace] Adoption of Low Latency Group Communica… Garcia Morchon O, Oscar
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Eliot Lear
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Kathleen Moriarty
- Re: [Ace] Adoption of Low Latency Group Communica… Somaraju Abhinav
- Re: [Ace] Adoption of Low Latency Group Communica… Michael StJohns
- Re: [Ace] Adoption of Low Latency Group Communica… Carsten Bormann
- Re: [Ace] Adoption of Low Latency Group Communica… Ludwig Seitz