Re: [core] Block Transfer and Object Security .... Re: Agenda
Göran Selander <goran.selander@ericsson.com> Tue, 29 March 2016 09:57 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB09C12D5E9 for <core@ietfa.amsl.com>; Tue, 29 Mar 2016 02:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J1WDKHxXeJ7E for <core@ietfa.amsl.com>; Tue, 29 Mar 2016 02:57:18 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F219E12D5E2 for <core@ietf.org>; Tue, 29 Mar 2016 02:57:17 -0700 (PDT)
X-AuditID: c1b4fb3a-f79d86d000005b69-12-56fa517b11fe
Received: from ESESSHC010.ericsson.se (Unknown_Domain [153.88.183.48]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id AF.18.23401.B715AF65; Tue, 29 Mar 2016 11:57:16 +0200 (CEST)
Received: from ESESSMB303.ericsson.se ([169.254.3.117]) by ESESSHC010.ericsson.se ([153.88.183.48]) with mapi id 14.03.0248.002; Tue, 29 Mar 2016 11:57:05 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [core] Block Transfer and Object Security .... Re: Agenda
Thread-Index: AQHRiQJfozlE0Zss2kOk94eHNyee8p9wMKwA
Date: Tue, 29 Mar 2016 09:57:04 +0000
Message-ID: <D3201458.5114A%goran.selander@ericsson.com>
References: <56F56B0F.9070508@gmx.net> <56F6A942.4010405@tzi.org> <56F6B333.2060105@gmx.net> <56F6B708.4080805@tzi.org> <56F90AFF.5080809@gmx.net> <56F92027.9060308@tzi.org> <D31EF504.5109E%goran.selander@ericsson.com> <56F946B3.8020309@gmx.net>
In-Reply-To: <56F946B3.8020309@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="utf-8"
Content-ID: <6A3BE89B5571E546B25A1EEDEA49442B@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMIsWRmVeSWpSXmKPExsUyM2K7gW5N4K8wg7cneSyOTLnLarHv7Xpm i6U777E6MHss3rSfzWPJkp9MHtMWZQYwR3HZpKTmZJalFunbJXBl3F0jXTDFraLjVi97A+Ma ly5GTg4JAROJBc+6mCFsMYkL99azdTFycQgJHGGUeD9nJxNIQkhgCaPEiX5hEJtNwEXiQcMj sLiIgKHE9ZnTWUFsZgE3icef/4MNEgayZ2y9wQxR4y6xaMY0KNtI4tXzCWC9LAKqEqtXnGYD sXkFLCR2tz9hgVj8m1Hi8YLn7CAJTgF1iQ/zTrKA2IxA130/tYYJYpm4xK0n85kgrhaQWLLn PNQHohIvH/8DO0hUQE/idsdadoi4kkTjkidAcQ6gXk2J9bv0IcZYS/T9vAl1v6LElO6H7BD3 CEqcnPmEZQKjxCwk22YhdM9C0j0LSfcsJN0LGFlXMYoWpxYX56YbGemlFmUmFxfn5+nlpZZs YgRG5cEtv612MB587niIUYCDUYmHN2HlzzAh1sSy4srcQ4wSHMxKIrzlAb/ChHhTEiurUovy 44tKc1KLDzFKc7AoifOyfbocJiSQnliSmp2aWpBaBJNl4uCUamCM5Dm592san0zVRk3BXPeC v0mnCyx7L925wJF0esNpg+dfAuUcX1/9qGK3p3t/u4vDwbj1f3oc1vRM5ukTDk26XZfwfMm3 KX8Md18Q4GA62sx7tqd2q/Xqyw+2qxqqu0uFtwQosKjv8Zj6cfLFVeceCfKv5PzJVf8pe26Y 9oSrTPHp2YyHbhorsRRnJBpqMRcVJwIA9D05KMYCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/core/NQfQWDMQuI2A6M_AxbURmXwzDhs>
Cc: "core@ietf.org WG" <core@ietf.org>
Subject: Re: [core] Block Transfer and Object Security .... Re: Agenda
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2016 09:57:21 -0000
Hi Hannes,
Such a solution only is not very robust against denial of service unless
there is additional security at lower layer or that it is possible to
protect fragments in sizes of certain upper limit such as in HTTP content
encryption. In the case of application layer security only, one would thus
have to invent something like the latter. While this is possible, it would
be very unfortunate if for each CoAP "feature" being defined, you need to
separately define the corresponding "e2e secure feature", instead of
making these considerations before standardizing the feature in question.
In particular as in the case of Block where all feaures of a secure
fragmentation scheme are present if you only were able to apply integrity
protection of each CoAP block message between the endpoints.
That is the problem statement. In terms of solution, it actually seems
possible to separate options intended for proxies from options intended
for endpoints without additional intrusion on CoAP. This means that you
can reuse Block, which although wasn't designed for end-to-end security,
of course does work in the absense intermediaries making changes.
Since you seem to be interested in the details here it goes: The
application layer security solutions presented so far which are applicable
to 3.1 and 3.2 of draft-hartke-core-e2e-security-reqs are based on
wrapping an unprotected CoAP message in a COSE object and send this in a
("protected") CoAP message. The idea for simultaneously managing
end-to-end and proxy options is based on the concept of “duplicate”
options introduced in the latest version of OSCOAP: For certain options we
may allow the use of an “inner” option encrypted inside the COSE object
intended for the endpoint, and an “outer” option in the options part of
protected CoAP message intended for a proxy.
The block options could potentially be used in this way, allowing the
sending endpoint using an inner block option to fragment a large message
where each fragment can be protected end-to-end. This allows for a policy
of an upper limit for fragments which can be verified, the lack of which
was one of the concerns.
These secure fragments can, if necessary, in turn be fragmented by a proxy
using an outer block option. The receiving endpoint then first defragments
the protected CoAP message, then verifies and decrypts, then after
verifying and decrypting all protected fragments, defragments the
unprotected CoAP message which becomes verified by this process. (The
outer and inner options may be independent, so either the endpoint or the
proxy or both fragment, the scenario above is the case of “both”, which of
course is the most complicated.)
This is in brief what I propose to discuss in the CoRE WG under the topic
of "blockwise" in the security section.
Göran
On 2016-03-28 16:58, "Hannes Tschofenig" <hannes.tschofenig@gmx.net> wrote:
>Hi Goeran,
>
>normally you would do the following:
>
> 1) You take the entire payload (for example a firmware image).
> 2) You add some security protection in the front.
> 3) Then, you make it available for download.
> 4) A server may then chunk it into pieces and delivery them separately
>using the Blockwise Transfer mechanism.
> 5) The client receives all the pieces, puts them together, verifies the
>signature or MAC, and then updates the firmware.
>
>This sequence of steps should be the same regardless of whether there is
>a proxy that caches pieces or not.
>
>So, what exactly is the concern here?
>
>Ciao
>Hannes
>
>On 03/28/2016 03:36 PM, Göran Selander wrote:
>> Hi Hannes
>>
>> Complementing Carsten’s explanation:
>>
>> There is a conflict between being able to protect a message fragment
>> end-to-end between endpoints and giving any intermediate node the right
>>to
>> refragment a message. Block operations performed by proxies cannot be
>> verified which has two consequences. Blockwise cannot be directly
>>applied
>> to secure message fragmentation, and the Block option opens up for DoS
>>by
>> any on-path adversary. I found this serious enough to warrant a security
>> consideration, which is included in -19.
>>
>> It turns out that while plaintext CoAP block options passing proxies
>> cannot be protected in the way blockwise works, they could potentially
>>be
>> used end-to-end if you were certain there were no changes being made in
>> transfer, and that is something an object security solution could be
>>used
>> for. This is one of the topics I’d like to discuss in the security
>>section
>> on the CoRE agenda.
>>
>> Göran
>>
>>
>>
>> On 2016-03-28 14:14, "core on behalf of Carsten Bormann"
>> <core-bounces@ietf.org on behalf of cabo@tzi.org> wrote:
>>
>>> Hi Hannes,
>>>
>>>> I have re-read the Blockwise Transfer draft and the document does not
>>>> give me the impression that there is any specific need to tie it to
>>>> Object Security.
>>>>
>>>> Can you explain what the relationship is?
>>>
>>> After the last call completed, we had a discussion on the IETF mailing
>>> list how to employ object security in a block-wise transfer that spans
>>> proxies.
>>> If you secure only the complete representation, the cache in a proxy
>>> might be poisoned by fake blocks, and you get an availability problem.
>>> If you secure each of the blocks (and have a way for the proxy to be
>>> part of a security association needed so it also can verify the
>>>blocks),
>>> you can prevent that, but you still have to secure the way the entire
>>> representation is composed from those blocks, and that might mean
>>> additional components are needed in an object security protocol.
>>>
>>> I agree that none of these considerations have a bearing on the
>>> block-wise protocol itself, and this also was the resolution we reached
>>> after the discussion. But it was useful to have the discussion, and it
>>> will inform the discussion about object security.
>>>
>>>> I hope there is no plan to make the completion of Blockwise transfer
>>>> dependent on the progress of object security.
>>>
>>> No, as far as the CoRE WG is concerned, block-wise is done.
>>> It is currently in IESG evaluation and on the agenda of the 2016-04-21
>>> IESG telechat; Matthias Kovatsch is the shepherd.
>>>
>>> Grüße, Carsten
>>>
>>> _______________________________________________
>>> core mailing list
>>> core@ietf.org
>>> https://www.ietf.org/mailman/listinfo/core
>>
- Re: [core] Agenda Alexey Melnikov
- [core] Agenda Hannes Tschofenig
- Re: [core] Agenda Alexander Pelov
- Re: [core] Agenda peter van der Stok
- Re: [core] Agenda Alexey Melnikov
- Re: [core] Agenda peter van der Stok
- Re: [core] Agenda Hannes Tschofenig
- Re: [core] Agenda Carsten Bormann
- Re: [core] Agenda Hannes Tschofenig
- Re: [core] Agenda Carsten Bormann
- Re: [core] Agenda Rahman, Akbar
- [core] draft-ietf-core-http-mapping-07 -- was Re:… Hannes Tschofenig
- Re: [core] draft-ietf-core-http-mapping-07 -- was… Rahman, Akbar
- Re: [core] draft-ietf-core-http-mapping-07 -- was… Hannes Tschofenig
- Re: [core] Agenda Kepeng Li
- Re: [core] Agenda Carsten Bormann
- [core] Block Transfer and Object Security .... Re… Hannes Tschofenig
- Re: [core] Block Transfer and Object Security ...… Carsten Bormann
- Re: [core] Block Transfer and Object Security ...… Göran Selander
- Re: [core] Block Transfer and Object Security ...… Hannes Tschofenig
- Re: [core] Block Transfer and Object Security ...… Hannes Tschofenig
- Re: [core] Block Transfer and Object Security ...… Göran Selander
- Re: [core] Block Transfer and Object Security ...… Göran Selander