Re: [core] Question about AEAD nonce uniqueness
Göran Selander <goran.selander@ericsson.com> Tue, 11 April 2017 05:44 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4933012871F; Mon, 10 Apr 2017 22:44:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wDjgHXztpiSj; Mon, 10 Apr 2017 22:44:03 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C1B81205F0; Mon, 10 Apr 2017 22:44:02 -0700 (PDT)
X-AuditID: c1b4fb25-84bff70000006af2-08-58ec6d1e796d
Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.183.57]) by (Symantec Mail Security) with SMTP id 20.B0.27378.E1D6CE85; Tue, 11 Apr 2017 07:44:00 +0200 (CEST)
Received: from ESESSMB107.ericsson.se ([169.254.7.253]) by ESESSHC013.ericsson.se ([153.88.183.57]) with mapi id 14.03.0339.000; Tue, 11 Apr 2017 07:43:58 +0200
From: Göran Selander <goran.selander@ericsson.com>
To: Mohit Sethi M <mohit.m.sethi@ericsson.com>, 'Core' <core@ietf.org>, "6tisch@ietf.org" <6tisch@ietf.org>
CC: Jim Schaad <ietf@augustcellars.com>, Christian Amsüss <c.amsuess@energyharvesting.at>
Thread-Topic: [core] Question about AEAD nonce uniqueness
Thread-Index: AQHSsh1IHF3Oh9Y+Y0KzCXtT1ygnt6G/qPyA
Date: Tue, 11 Apr 2017 05:43:57 +0000
Message-ID: <D512297C.7B59D%goran.selander@ericsson.com>
References: <c31694fe-43db-875d-496a-a9ab3fd3c40f@ericsson.com> <002101d2b21d$3ff5ba30$bfe12e90$@augustcellars.com>
In-Reply-To: <002101d2b21d$3ff5ba30$bfe12e90$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.2.170228
x-originating-ip: [153.88.183.148]
Content-Type: multipart/alternative; boundary="_000_D512297C7B59Dgoranselanderericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrNIsWRmVeSWpSXmKPExsUyM2K7pa5C7psIg0lTVCyW3e1jtlh+4TmL xb6365ktVk//zubA4rFxznQ2j6377zJ5LFnykymAOYrLJiU1J7MstUjfLoErY+Hp86wFz6cz Vmy52cfawHhnMmMXIyeHhICJxK8v3cxdjFwcQgLrGSX2bFzCCuEsYZTon3CYDaSKTcBF4kHD IyYQW0QgV+L89HfMIDazQL7EhvYlYHFhAQuJO3sOsEPUWEo83HcPyjaSWHXwEpDNwcEioCpx eGc6SJgXqPzMqxusILaQQKnEys5bYAdxCjhIrFm6lQXEZhQQk/h+ag0TxCpxiVtP5jNBHC0g sWTPeWYIW1Ti5eN/YHNEBfQk9v37ygYRV5JoXPKEFaI3VuLJrDZmiL2CEidnPmGZwCg6C8nY WUjKZiEpmwV0NbOApsT6XfoQJYoSU7ofskPYGhKtc+ayQ5RYSxz+b4GsZAEjxypG0eLU4qTc dCNjvdSizOTi4vw8vbzUkk2MwCg9uOW36g7Gy28cDzEKcDAq8fA+6H8dIcSaWFZcmXuIUYKD WUmE92oHUIg3JbGyKrUoP76oNCe1+BCjNAeLkjiv474LEUIC6YklqdmpqQWpRTBZJg5OqQZG G58AlplvQtV4Sjmvz76i9uxencjHNyJnJxv3Wn8J9r51abPnuQ2eO3/8fK8r/ejyh2RFBq2f 4Ubr3gltuLzrY+1rk19JjckS2TyLzQqvSNsq57ssTNotuntrhKvsruWVIaplCksMtQ7K3JIL qowIOM33dNbHA6feCal9MTRp2bbhd8X+9hXaSizFGYmGWsxFxYkAG0CZ284CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/nhl1ZAPErdSbIRNVR3dNMxEl9O8>
Subject: Re: [core] Question about AEAD nonce uniqueness
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 05:44:05 -0000
Hello Mohit, Christian and Jim already provided answers, let me just provide pointers to the relevant sections. OSCOAP: — The requirements on the security context parameters are here: https://tools.ietf.org/html/draft-ietf-core-object-security-02#section-3.3 Two methods for establishing unique sender IDs are presented: 1) use EDHOC or 2) generate large random identifiers. The former allows for the use of short sender IDs. Multicast OSCOAP: — In Multicast OSCOAP (Secure group communication for CoAP) the requirements on the security context parameters are here: https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-01#section-2 It is the responsibility of the Group Manager to establish and manage the security context, which includes the sender IDs, but how the assignment is done is out of scope. The uniqueness of sender IDs in this draft follows from OSCOAP, but since you asked I think we should add a sentence to this draft stressing that. Göran From: core <core-bounces@ietf.org<mailto:core-bounces@ietf.org>> on behalf of Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> Date: Monday 10 April 2017 at 19:09 To: Mohit Sethi <mohit.m.sethi@ericsson.com<mailto:mohit.m.sethi@ericsson.com>>, 'Core' <core@ietf.org<mailto:core@ietf.org>>, "6tisch@ietf.org<mailto:6tisch@ietf.org>" <6tisch@ietf.org<mailto:6tisch@ietf.org>> Subject: Re: [core] Question about AEAD nonce uniqueness There is not a problem with dealing with nonce uniqueness in this draft because each entity is going to be assigned to a unique key for transmissions. The transport key is derived from the PSK and the sender ID. Sender IDs will be unique based on the enrollment protocol in the group as each entity will have a unique identifier. Jim From: core [mailto:core-bounces@ietf.org] On Behalf Of Mohit Sethi Sent: Monday, April 10, 2017 4:51 AM To: Core <core@ietf.org<mailto:core@ietf.org>>; 6tisch@ietf.org<mailto:6tisch@ietf.org> Subject: [core] Question about AEAD nonce uniqueness Hi OSCoAP authors I was trying to read the OSCoAP and 6tisch minimal security drafts. I have a question about the AEAD nonce uniqueness. RFC 5116 says that: When there are multiple devices performing encryption using a single key, those devices must coordinate to ensure that the nonces are unique. A simple way to do this is to use a nonce format that contains a field that is distinct for each one of the devices So my obvious question is how is the AEAD nonce uniqueness ensured. The PSK is known to at least two parties (more in case of some uses such as multicast OSCoAP https://tools.ietf.org/html/draft-tiloca-core-multicast-oscoap-01)?? The draft currently says that AEAD Nonce uniqueness is ensured with sequence numbers and sender context which is essentially the sender ID. But how do you ensure that the two parties have different sender ID. Especially since sender ID is not fixed length. I guess there will be other problems in case of sender ID collisions? as Sender IDs are currently used, they are mutually agreed-upon like the rest of the security context (key, algorithm etc); in other words, they are explicitly given to a device by the mechanism that also distributes the key. Best regards Christian -- Christian Amsüss | Energy Harvesting Solutions GmbH founder, system architect | headquarter: mailto:c.amsuess@energyharvesting.at | Arbeitergasse 15, A-4400 Steyr tel:+43-664-97-90-6-39 | http://www.energyharvesting.at/ | ATU68476614
- Re: [core] Question about AEAD nonce uniqueness Christian Amsüss
- [core] Question about AEAD nonce uniqueness Mohit Sethi
- Re: [core] Question about AEAD nonce uniqueness Jim Schaad
- Re: [core] Question about AEAD nonce uniqueness Göran Selander
- Re: [core] Question about AEAD nonce uniqueness Göran Selander
- Re: [core] Question about AEAD nonce uniqueness Jim Schaad
- Re: [core] Question about AEAD nonce uniqueness Mohit Sethi