IETF Logo Mail Archive

Re: [COSE] Multicast Use Case

Somaraju Abhinav <abhinav.somaraju@tridonic.com> Mon, 07 September 2015 07:55 UTC

Return-Path: <abhinav.somaraju@tridonic.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA681B4A17 for <cose@ietfa.amsl.com>; Mon, 7 Sep 2015 00:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.002
X-Spam-Level:
X-Spam-Status: No, score=-1.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_42=0.6, MIME_8BIT_HEADER=0.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VgCTON8GQMjf for <cose@ietfa.amsl.com>; Mon, 7 Sep 2015 00:55:29 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0758.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe04::758]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 359221B4A0E for <cose@ietf.org>; Mon, 7 Sep 2015 00:55:29 -0700 (PDT)
Received: from VI1PR06CA0034.eurprd06.prod.outlook.com (10.162.116.172) by AM3PR06MB147.eurprd06.prod.outlook.com (10.242.245.17) with Microsoft SMTP Server (TLS) id 15.1.256.15; Mon, 7 Sep 2015 07:55:10 +0000
Received: from AM1FFO11FD022.protection.gbl (2a01:111:f400:7e00::127) by VI1PR06CA0034.outlook.office365.com (2a01:111:e400:587c::44) with Microsoft SMTP Server (TLS) id 15.1.262.15 via Frontend Transport; Mon, 7 Sep 2015 07:55:08 +0000
Authentication-Results: spf=fail (sender IP is 146.108.200.10) smtp.mailfrom=tridonic.com; ericsson.com; dkim=none (message not signed) header.d=none;ericsson.com; dmarc=none action=none header.from=tridonic.com;
Received-SPF: Fail (protection.outlook.com: domain of tridonic.com does not designate 146.108.200.10 as permitted sender) receiver=protection.outlook.com; client-ip=146.108.200.10; helo=ATBRAGMSX02.itiso.net;
Received: from ATBRAGMSX02.itiso.net (146.108.200.10) by AM1FFO11FD022.mail.protection.outlook.com (10.174.64.211) with Microsoft SMTP Server (TLS) id 15.1.262.18 via Frontend Transport; Mon, 7 Sep 2015 07:55:07 +0000
Received: from ATDOAGMSX02.itiso.net ([169.254.4.182]) by ATBRAGMSX02.itiso.net ([169.254.2.72]) with mapi id 14.03.0224.002; Mon, 7 Sep 2015 09:55:05 +0200
From: Somaraju Abhinav <abhinav.somaraju@tridonic.com>
To: Göran Selander <goran.selander@ericsson.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] Multicast Use Case
Thread-Index: AQHQ473PF5A8ArhiiE2Pf9JVfUnJWZ4sPqiAgAR+Owo=
Date: Mon, 07 Sep 2015 07:55:05 +0000
Message-ID: <0E9A48AB39AF3547ACD28A6DE3E2906A091D40@ATDOAGMSX02.itiso.net>
References: <55E400AC.7090507@gmx.net>, <D20F54E9.34F4C%goran.selander@ericsson.com>
In-Reply-To: <D20F54E9.34F4C%goran.selander@ericsson.com>
Accept-Language: en-US, de-AT
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [146.108.8.124]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; AM1FFO11FD022; 1:UV3s1Akv5JbhY4uVf0VTyu72X78z/0iD1Hrgadl+gETCHQC3tYO5zBK2ByVmzv4hKUhIdEPTx9smVFlxm1UijnWgnFddSAS57sBRZBv61VAoKDVD+YoUeOm1S5iv9mo13msL6zzo5qm9UNmj3DvUMsDrqqeYKSNLssJclbaeKKQ+aIUCgpIxyVoC8uSncpaDXjFGYQCoBjqnF7h/Ai/jl/fNLP8x/2BKvuo013vGKiHf/Hq4M+gQMLYmxMi3wnpIC0T33pi9VtENhYDUAjMwTv2wK7s+gtChPje24qRX3ao4H3b7t7i02dQP9KdvvmibI5vlXp4XmhPZ2bOf5CNKvOjgekmmHn13deQJ+odT8JI=
X-Forefront-Antispam-Report: CIP:146.108.200.10; CTRY:AT; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(1109001)(339900001)(189002)(377454003)(199003)(377424004)(24454002)(5003600100002)(106466001)(5001860100001)(5001830100001)(23746002)(55846006)(87936001)(33656002)(2501003)(107886002)(46102003)(5001770100001)(47776003)(69596002)(66066001)(64706001)(104016003)(5004730100002)(81156007)(5890100001)(26826002)(105606002)(4001540100001)(106116001)(189998001)(50466002)(19580405001)(77156002)(15975445007)(6806004)(50986999)(85426001)(54356999)(86362001)(53416004)(19580395003)(102836002)(5001960100002)(62966003)(2920100001)(2950100001)(76176999)(5007970100001)(2900100001)(92566002); DIR:OUT; SFP:1102; SCL:1; SRVR:AM3PR06MB147; H:ATBRAGMSX02.itiso.net; FPR:; SPF:Fail; PTR:unknown.zgrp.net; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; AM3PR06MB147; 2:sgZxkkx/g0fYz6kFIA6Ot7yRcAuBfI3tt1J7rQkIvAtYgAnIVcSK4wZhQUHXoNXPKPVHFjf3YDpIxBMuB0KO87MQ78kEnl/YRMjtsIVXMJKDdyea2C77PkovHBVz99xS53mUQuDglYDfMYLlgV/i0EewpEV0i2PskYyTpwU8sis=; 3:sa+w2Sz5+QMR3yqJjBI4/UMkO1sKgckJ2tJ31nmg3vzgmsqUTNgqprRfbDttd/lgMDPnNs25sNfAIh2VZ2P8MUU+tosDH87BNAFtuPpmZJI5IybYh3AH+wlHuujDm39o6HJpw9rS7pW30oIDC53qd36PWaWC7/smyKIS95E+cdrBX6ozVNig8avlM/UFjs2LONB13jJJbaSJ3r9Flvs5qk6fQMmGpRrFXz8RbtRrF3VJYKgpC7tPrThUmeultoOt; 25:JqS9EE5nAjtjlxP1n2V3JvxyOZaLmaiIwZlhYKY5b/uKu0gojV+RIdhV11zHvntj4vAIndl51AArN2aztE9wyXqI92uAHAcSoCNB+tSz/etvtHt50VV6EhMyPfbeBEKKF6KyrTlWtYc1fAzDZH7gC0nSx5+HJYZ/JySjFFrhJJ5Z6/EopT2wVzj0GF5TxsXKvD7scGHP5KE3LRIv6Wh+tJvkXSmA6EswWcN0PQh/cMWsCk5NaMDiEcUHGrLvwWZ53FVCxcXZbGOVwKAzs5tz4g==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM3PR06MB147;
X-Microsoft-Exchange-Diagnostics: 1; AM3PR06MB147; 20:y02y+9ZfcWUM5ZT9yb4NqxGpT28iGP2kpQjl/d/p2nqJ7hnOSwQSFVJRxjZZiShYVEXZKdgFR5k4nxMbhnOEtt5mxfZ3bE6Fhql41xkCAA/9umifLrUb6oarxLNzoV7BZP3IzHA3W27+Ic/VZdVuBbU1iVX+aPQ3Bhxx0+k9WUGt4cG5uHonisayszdJT5gcG45V6qIxVUkWv4NVgYZV0jR7ugfUhCU7gvxOCDvjDLVyoddu15Qs6LzG8gwzvQFEMEDWsmJ+HfEnkuVXFBbaam+kYodmsFycE1Lr2pAvPKIW7lj7MkLcC2JZ1N1Byjblt+Bat/EH4C70zXXhNgv4BVlr8tveBvgAI9dPHzoLO7Yyku1BuaxadgIA69KF0lgb9EZ4ur4oq8FWeKaNDwyVw5imtKQr/hrioaBmRcUunLxRrJPBrBMooNCHi5pDkZYReO3UV/MHGFkWjCfiB7Fka1HoiGdF5Z5USFDclDtZfHaosoyJUv6fSBgHb+2khxoI; 4:DatJ3+2byNnICa21HJKaVNtloaPGoTnj3UMCrFZoSB6WVjZucA0b25rzGZVcqGuaDkkh0MQOR49rBfxPI2dvq9ttGuQ6AtRbbpCPBsIsK2JF7j1Bw3TpH31b5w9R36UMHoy+9VA2P3Lwrd5moRh5cBA/1h1GuAEOemzDbnXpONL8Uddn1WAwjUTo9wOBZM9lVeQPs6B0upkseIVtPCWncanB1KYtregsNbDySMLa+G/nBioTtN6CG7uOs1wpzpKYUYLDRDcTSrAsHKNLSEeibRZNByaA7VeRa1yQDrV5yq13C8WngtfvmSZCv3SPAtRojoRJvxNvtkQYTTTKp6OgqQ==
X-Microsoft-Antispam-PRVS: <AM3PR06MB147F6286D57805F5919BCAAFC540@AM3PR06MB147.eurprd06.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(8121501046)(3002001); SRVR:AM3PR06MB147; BCL:0; PCL:0; RULEID:; SRVR:AM3PR06MB147;
X-Forefront-PRVS: 069255B8B8
X-Microsoft-Exchange-Diagnostics: 1; AM3PR06MB147; 23:s93M/Evel6baU2yFkm2FW3QVtrDN2qPU48jfwCr00s+YNtBttEejuohdzlbC6FA/+iSIajheDgV2cblcYiIFBF87Eec2IF7KSDfDGpesMe0JLK0/OSR87XzWe3Jc8Ps0eaSfhLCh35ndUqoscv0kKuE8unZFrXmbR5DksFU21MNn7/taxOH8YoffJcnRp9KuaBv3jNRRTrC71pEtk+AHVKZCPm4SBEJAMAj2gWea5UQG9vhGpb7NkbXMDsIz9i+dqRdHczx2Fy64jyLsrAVyBmrUW9kz0HeFc7yXAb/nlFTEcHX/0BIOzTOpD7kYGZu9CdJGMWm91bnn51iAqz+maCrVAD3iPp0BoN22hzolQVOCXWdhxN4jfTT+6VlKPRKUJIpbTQDSvewgHwELP77iCelW0ZgVMl8agRhHA4ZO+o4HOM0tlfDSaYOlySoUA+MIsSjpNShiNJ4qsK2w9kgQkChbLJkVLguULiUqlJ05DPgnWpuIfmwhFLb/09AceZWsG7jMSI+K3NplXTMWPONWys+ycqozEa595vdtDMGfNxfl1cGoVDtzJUzb+MfI+xGwGDYN4syHC4eVORjGEpC4YG13Qj2xsMQNO9+dzHY+D5mJjIyIDQ+N30V6hyfUWapqKjgoKvw2E5F7m4fzj13viJRZ4Wmf+EF2HPZf38EovWZgnDaYvpKWDa2wjldIDLfa3beTalc9qBW/mAOfeTHdpB/qNgDDyOpF7NTnM6oLMXsP5f/T/ZzWS/6iWNRgOCeUQnGqqHuyMCvDtd38SVACto/Vx7WYoKfHMJZgmh6frAsJOyLDto39QbkEEP7Es9+nM2UOn+bO6IraLm89GyJnFFE+b1ekfsuCP6AD2f/ARPCIcvjZ4gVuApjrYcnlodiEbObXsMs1/s4Kupu17j4Rsc+M3xpEdCrJ8IKQNPIUFExyzldB3Pm2itkw0gpZn2L8EhrRu+X+XDVwKcVG9p9nI0N7atZ9UPrQJWfDcfy+RA3Bb2QhCsNhi58NBzsHc5Xuiz2U710s32heg1T3DcmpdtTxiw3b9jW/wjKoq8lrVG35hH3DL8jcaTnS0cx85HugEHwUsdLSSFzxCPqvRU7q0Zh9PNWr/w7Mi9kheuVCFJQzcf0xVi5rrcwoNnTZ0XpYX4Pj1XaA0r1QprW+Od8vcfv2MkIP7KFkj7zFgQZ0uUwW26EiAyws3nKb9gpB5sEFHgNEHfWD9DUC+E0k4tsykdO5PFCWZgDYpMVKfUSbusnK7tSYBmBrvgaA6KGowo6Xa6rBNYOxXTM58A+hWTAUwH7+wnwblJhXbf3n5bRddvabi9z2bHlZ4x5z0SMNywI/fdOisDwljVG7WQmEoA0WRVrkd06uO4p6sa+G6BcKyMNTLDJ81Cm3HuX2K2yCVSJpp6sPKEqLHjxSxm13Ql+bQ0o+znIs8om/tywkbYekrOQ=
X-Microsoft-Exchange-Diagnostics: 1; AM3PR06MB147; 5:kI0EpRarzGiOis9QM8DAqJ3KOj9W570Ng8U1J+6KsKjGAvL/V5uQ9nRn6T65R5sRqwmx8TdzDd2ZVxEdvpMSZeG1/5x864uKklqAgHAZcqlKhFlbp3iwNBPy+Eo1MEAIcwEHsvw/gtWM++Xd/kWleA==; 24:YgMMrqpNHyhaeXYT63AQdhgD+5U1Wu4gxUNdFYDYhGoIeRmZCQh3KkelO/PMXNvuipyAPxTtDdLB81Aka9bbK1ztJkBo+Jj1LvVYETW52l4=; 20:lPE5fhFJQKTHT/ZPs5EE2Wd5NkUucgOqsrxCo3S0cudmyu+x9zXHTzPgXC6At2AbNfAHu60Qm+SWnGBbtIjcCQ==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: tridonic.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Sep 2015 07:55:07.0703 (UTC)
X-MS-Exchange-CrossTenant-Id: 8b206608-a593-4ace-a4b6-ef1fc83c9169
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8b206608-a593-4ace-a4b6-ef1fc83c9169; Ip=[146.108.200.10]; Helo=[ATBRAGMSX02.itiso.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR06MB147
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/05pDVJuU9OMTlRDq3jJZk9AO9VA>
Subject: Re: [COSE] Multicast Use Case
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Sep 2015 07:55:32 -0000

Hi Goran,
I agree with what you are saying. At least in the Multicast use case, we are able to use locally unique context information (which could be sent out during the key distribution phase) to establish a context that would allow the identification of the algorithm.
Abhinav
________________________________________
From: COSE [cose-bounces@ietf.org] on behalf of Göran Selander [goran.selander@ericsson.com]
Sent: Friday, September 04, 2015 3:15 PM
To: Hannes Tschofenig; cose@ietf.org
Subject: Re: [COSE] Multicast Use Case

Hi,

Independently of the multicast use case, there is a secure communication
setting that is similar to this example which I think deserves being
considered in COSE.

What I expect to be a common setting is that the receiver has already
established a security context, including algorithm, key, sequence
number/used nonces etc. with a context identifier that is locally unique.
In this case the only information that needs to be passed in the message
is context identifier and nonce/sequence number together with ciphertext +
tag.

You may of course argue that you should use the existing COSE_encrypt
format.  But since a) the assumptions are quite different, b) the
optimizations may be significant and c) this may be a common mode of
operation, I think it actually deserves a (sub-)format of its own. If we
don’t define this in COSE, someone may be tempted to do this elsewhere.


Regards
Göran



On 2015-08-31 09:22, "Hannes Tschofenig" <hannes.tschofenig@gmx.net> wrote:

>Hi Jim, Brian, all,
>
>I am trying to compare the work on multicast security done by Sandeed &
>co against an application layer solution using CBOR/COSE.
>
>The DTLS multicast includes the following relevant components:
>- Epoch: 2 Byte
>- Sender ID: 1 Byte
>- Sequence Number: 5 Byte
>
>The combination of epoch, sender id and sequence number are used as a
>nonce for the cipher and the use of the sender id ensures that no member
>of the group accidentally selects values that will cause re-use.
>
>The 1 byte sender id is chosen small to reflect the expected size of a
>group in the professional lighting environment, as explained in the DTLS
>multicast document.
>
>Ciphersuite related information includes:
>- Encrypted Content (variable length)
>- MAC (variable length)
>
>Content Type, Version and Length are DTLS-specific aspects that cannot
>be removed without re-design of the record layer.
>
>Data based on Figure 4 of
>http://tools.ietf.org/html/draft-keoh-dice-multicast-security-08.txt.
>
>Since there is no sequence number defined in COSE I put the epoch and
>the sequence number together into the nonce field.
>
>Here is the commented version of the COSE message I came up with:
>
>[
>     2, // Encrypted COSE message
>     {
>       1: 10, // Algorithm - AES-CCM-16-64-128
>       5: h'89f52fa' // 7-byte nonce
>     },
>     h'7b9dcfa42c4e1d3182c402dc18ef8b5637de4fb62cf1dd156ea6e6e0',
>      // encrypted payload.
>     [
>       [
>         h'',
>         {
>           1: -6, // Direct use of CEK
>           4: h'01' // Key ID - 0x01
>         },
>         h''
>       ]
>     ]
>   ]
>
>According to cbor.me the resulting COSE encoding has 59 bytes whereby 28
>bytes are purely used for message encryption.  This means that there is
>31 bytes overhead with COSE compared to 12 bytes [= 8 for Epoch +
>Sequence Number + Sender ID, 3 bytes for Content Type and Version fields].
>
>Ciao
>Hannes
>

_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose
________________________________________________________ The contents of this e-mail and any attachments are confidential to the intended recipient. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If this e-mail is received in error, please immediately notify the sender and delete the e-mail and attached documents. Please note that neither the sender nor the sender's company accept any responsibility for viruses and it is your responsibility to scan or otherwise check this e-mail and any attachments.

v2.23.0 | Report a Bug | By Email