Re: [core] About freshness and order of information in CoAP End-To-End Security
Göran Selander <goran.selander@ericsson.com> Fri, 08 April 2016 08:28 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 708DE12D571 for <core@ietfa.amsl.com>; Fri, 8 Apr 2016 01:28:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHwTcZhMRh9T for <core@ietfa.amsl.com>; Fri, 8 Apr 2016 01:28:18 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 076AC12D555 for <core@ietf.org>; Fri, 8 Apr 2016 01:28:17 -0700 (PDT)
X-AuditID: c1b4fb3a-f79d86d000005b69-4b-57076b9f97d3
Received: from ESESSHC007.ericsson.se (Unknown_Domain [153.88.183.39]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id BE.A6.23401.F9B67075; Fri, 8 Apr 2016 10:28:16 +0200 (CEST)
Received: from ESESSMB303.ericsson.se ([169.254.3.117]) by ESESSHC007.ericsson.se ([153.88.183.39]) with mapi id 14.03.0248.002; Fri, 8 Apr 2016 10:27:27 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Aura Tuomas <tuomas.aura@aalto.fi>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] About freshness and order of information in CoAP End-To-End Security
Thread-Index: AQHRkWl9O78ERTYIGE68jZYY6505zJ9/alEA
Date: Fri, 08 Apr 2016 08:27:27 +0000
Message-ID: <D32CE690.51D7D%goran.selander@ericsson.com>
References: <7F9C975440487E49BBD35F4FB088ED74CFD21D9C@EXMDB01.org.aalto.fi> <D32C66AE.51CBA%goran.selander@ericsson.com>
In-Reply-To: <D32C66AE.51CBA%goran.selander@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.2.160219
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="utf-8"
Content-ID: <DD067A96357FBF4DACDCE1F807738C0F@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHIsWRmVeSWpSXmKPExsUyM2K7uu6CbPZwg4XvOSz2vV3PbPFm4kZ2 ByaP468Xs3osWfKTKYApissmJTUnsyy1SN8ugSvj3uS3rAVLTCqWrrjN3MD4w6iLkZNDQsBE 4vDhn8wQtpjEhXvr2boYuTiEBI4wSqze9BLKWcwo8XTbCrAqNgEXiQcNj5hAbBEBd4nN+xeA xYUFoiQ+vnrGBhGPlnj77A4zhG0kcevrA1YQm0VARaJr4VEwm1fAQmLv1lPsILaQQJXEq9bH QPUcHJwClhI3+4NBwoxAB30/tQZsFbOAuMStJ/OZIA4VkFiy5zzU0aISLx//AxspKqAnseMc hC0hoCSx9vB2FpCRzAKaEut36UOMsZbYtxDiSmYBRYkp3Q/ZIa4RlDg58wnLBEbxWUi2zULo noWkexaS7llIuhcwsq5iFC1OLS7OTTcy0kstykwuLs7P08tLLdnECIy1g1t+W+1gPPjc8RCj AAejEg/vAgH2cCHWxLLiytxDjBIczEoivCnpQCHelMTKqtSi/Pii0pzU4kOM0hwsSuK8OZH/ woQE0hNLUrNTUwtSi2CyTBycUg2MS5hsu2Yopi9nq+22fqiuVq13JG1KtaXhSvk2L5ZPlTv4 jrz6sNh6CtcRm/18m1g617W97vfRXG32MeZb1L6bG99rf3P8wSY/of3MHcszlSnnpQ8+bpR0 311z1D7wTo1YTODJuQyO9jPW717kbtOnWRXdWdWv+bmb7aKL4exnOlqf3n4uyJZWYinOSDTU Yi4qTgQAxmE/KLECAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/core/a4DX2JCPibZKAb83j8Cxl5xefMM>
Subject: Re: [core] About freshness and order of information in CoAP End-To-End Security
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2016 08:28:21 -0000
Hi again Tuomas, It seems I missed to complete some sentences. Here are the missing gaps: About time as freshness: there is always the concern that the devices should be synchronised but for some reason are not, unless you constantly synchronise. About actuator applications: also here there are different ways for a security solution to support the client to infer some aspect of freshness: integrity protection of some time parameter, and challenge-response based are both useful in different settings. As I see the e2e security work we should describe a set of relevant scenarios that illustrates the basic constructs needed, develop those and then allow applications to build solutions using them. And as your examples illustrate, the latter may be a challenge, but is IMHO out of scope for this work. Do you see any specific requirements, or requirement sets that are missing in this respect? Again, thanks for good comments. Göran On 2016-04-08 04:37, "Göran Selander" <goran.selander@ericsson.com> wrote: >Hi Thomas, > >Thanks for comments, inline > >On 2016-04-07 19:21, "core on behalf of Aura Tuomas" ><core-bounces@ietf.org on behalf of tuomas.aura@aalto.fi> wrote: > >>Reading "draft-hartke-core-e2e-security-reqs-00", I started to wonder >>about the freshness and reordering of sensor data and actuation >>confirmation. The examples in section "3.1. One Request - One Response" >>seem quite simple compared to potential application requirements. >> >>https://tools.ietf.org/html/draft-hartke-core-e2e-security-reqs-00#sectio >>n >>-3.1 >> >>Example: Alarm status retrieval >> >>* There are many kinds of freshness: Sometimes you just want to avoid >>replays, e.g. for counting events. Sometimes reordering of data is not >>allowed, e.g. if you want the latest sensor status. Sometimes the data >>should come causally after another event, e.g. in nonce-based freshness >>mechanisms that bind the sensor data causally to a specific local clock >>interval at the receiver. Sometimes the data needs to be recent by the >>wall clock time, e.g. if you have loosely synchronized clocks. >> >>* In the alarm status example, it may not be necessary or sufficient for >>the status data to be "current". In fact, I don't think you ever need to >>link the answer to the individual alarm status request. Sometimes it is >>ok to have "recent" status information, in which case caching the at the >>proxy for a short period is ok. Sometimes you may not want to miss alarms >>that were raised and then dismissed, in which case the current status is >>not sufficient but you need the full history. > >It is true that different applications have different types of freshness >requirements. It is also true that for devices that can maintain >time synchronisation it may be sufficient to verify a “recent” >state (although there is always a concern that the clocks may) > >As you noted, with quickly transitioning states status requests provides >very limited information, better measure a different status parameter, >e.g. whose value reflects an alarm that needs to be reset by authorised >personnel. And in that case, when time synchronisation can’t be >guaranteed, a challenge-response protocol provides one way to get some >certainty of a relevant status parameter. > >> >>Example: Actuation confirmation >> >>* Some actuation may have unique identity, e.g. admit animal number 12345 >>through the turnstile, and need to be confirmed individually. However, >>that is not necessarily the case. Some actuation is cumulative, e.g. >>admit one person though turnstile. Some actions are idempotent, e.g. >>close the door, and one confirmation may be sufficient. >> >>* Some actuations need to be strictly ordered, e.g. open and close the >>door. Some can be reordered, e.g. close door A and close door B. This >>could possibly be discussed in terms of causal order (the vector clocks >>mentioned in the ACE WG list) and how much of that order needs to be >>preserved in the actuation and in confirmations. > >Also very interesting examples illustrating the wide variety of >application settings. Again, depending on use case the > >> >> >>Perhaps some of the above comments are beside the point of the draft, but >>it looks to me that the concepts of freshness and ordering in object or >>multi-hop security are more difficult to define and address than in >>secure end-to-end connections where data on the wire is linearly ordered >>in each direction. > >Yes there are certainly challenges here. Is your proposal that we provide >more details to the examples where the scenarios are applicable? > >Göran > >> >>Tuomas >> >>_______________________________________________ >>core mailing list >>core@ietf.org >>https://www.ietf.org/mailman/listinfo/core >
- [core] About freshness and order of information i… Aura Tuomas
- Re: [core] About freshness and order of informati… Göran Selander
- Re: [core] About freshness and order of informati… Göran Selander
- Re: [core] About freshness and order of informati… Jim Schaad