IETF Logo Mail Archive

Re: [COSE] Multicast Use Case

"Jim Schaad" <ietf@augustcellars.com> Wed, 09 September 2015 15:45 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A44C1B2EDE for <cose@ietfa.amsl.com>; Wed, 9 Sep 2015 08:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_42=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLo7vNg5hXc7 for <cose@ietfa.amsl.com>; Wed, 9 Sep 2015 08:45:19 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 760A21B3116 for <cose@ietf.org>; Wed, 9 Sep 2015 08:45:19 -0700 (PDT)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 7DE7B2CA33; Wed, 9 Sep 2015 08:45:18 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Somaraju Abhinav' <abhinav.somaraju@tridonic.com>, 'Göran Selander' <goran.selander@ericsson.com>, 'Hannes Tschofenig' <hannes.tschofenig@gmx.net>, cose@ietf.org
References: <55E400AC.7090507@gmx.net>, <D20F54E9.34F4C%goran.selander@ericsson.com> <0E9A48AB39AF3547ACD28A6DE3E2906A091D40@ATDOAGMSX02.itiso.net>
In-Reply-To: <0E9A48AB39AF3547ACD28A6DE3E2906A091D40@ATDOAGMSX02.itiso.net>
Date: Wed, 09 Sep 2015 08:43:01 -0700
Message-ID: <009001d0eb16$36c0fe90$a442fbb0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Content-Language: en-us
Thread-Index: AQFOSJy01QpTkZygPNqMOVMY93IQJAGv22c5AoRbR8ifF/lQcA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/GPY2ZK35Ie7aLEli-OZ9J2BhHSs>
Subject: Re: [COSE] Multicast Use Case
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 15:45:21 -0000

I am seeking a piece of information on the DTLS solutions for the ACE group.
Do these messages go as top level UDP objects or do they still have a CoAP
wrapper?

Jim


> -----Original Message-----
> From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Somaraju Abhinav
> Sent: Monday, September 07, 2015 12:55 AM
> To: Göran Selander <goran.selander@ericsson.com>; Hannes Tschofenig
> <hannes.tschofenig@gmx.net>; cose@ietf.org
> Subject: Re: [COSE] Multicast Use Case
> 
> Hi Goran,
> I agree with what you are saying. At least in the Multicast use case, we
are able
> to use locally unique context information (which could be sent out during
the
> key distribution phase) to establish a context that would allow the
identification
> of the algorithm.
> Abhinav
> ________________________________________
> From: COSE [cose-bounces@ietf.org] on behalf of Göran Selander
> [goran.selander@ericsson.com]
> Sent: Friday, September 04, 2015 3:15 PM
> To: Hannes Tschofenig; cose@ietf.org
> Subject: Re: [COSE] Multicast Use Case
> 
> Hi,
> 
> Independently of the multicast use case, there is a secure communication
> setting that is similar to this example which I think deserves being
considered in
> COSE.
> 
> What I expect to be a common setting is that the receiver has already
> established a security context, including algorithm, key, sequence
number/used
> nonces etc. with a context identifier that is locally unique.
> In this case the only information that needs to be passed in the message
is
> context identifier and nonce/sequence number together with ciphertext +
tag.
> 
> You may of course argue that you should use the existing COSE_encrypt
format.
> But since a) the assumptions are quite different, b) the optimizations may
be
> significant and c) this may be a common mode of operation, I think it
actually
> deserves a (sub-)format of its own. If we don’t define this in COSE,
someone
> may be tempted to do this elsewhere.
> 
> 
> Regards
> Göran
> 
> 
> 
> On 2015-08-31 09:22, "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
> wrote:
> 
> >Hi Jim, Brian, all,
> >
> >I am trying to compare the work on multicast security done by Sandeed &
> >co against an application layer solution using CBOR/COSE.
> >
> >The DTLS multicast includes the following relevant components:
> >- Epoch: 2 Byte
> >- Sender ID: 1 Byte
> >- Sequence Number: 5 Byte
> >
> >The combination of epoch, sender id and sequence number are used as a
> >nonce for the cipher and the use of the sender id ensures that no
> >member of the group accidentally selects values that will cause re-use.
> >
> >The 1 byte sender id is chosen small to reflect the expected size of a
> >group in the professional lighting environment, as explained in the
> >DTLS multicast document.
> >
> >Ciphersuite related information includes:
> >- Encrypted Content (variable length)
> >- MAC (variable length)
> >
> >Content Type, Version and Length are DTLS-specific aspects that cannot
> >be removed without re-design of the record layer.
> >
> >Data based on Figure 4 of
> >http://tools.ietf.org/html/draft-keoh-dice-multicast-security-08.txt.
> >
> >Since there is no sequence number defined in COSE I put the epoch and
> >the sequence number together into the nonce field.
> >
> >Here is the commented version of the COSE message I came up with:
> >
> >[
> >     2, // Encrypted COSE message
> >     {
> >       1: 10, // Algorithm - AES-CCM-16-64-128
> >       5: h'89f52fa' // 7-byte nonce
> >     },
> >     h'7b9dcfa42c4e1d3182c402dc18ef8b5637de4fb62cf1dd156ea6e6e0',
> >      // encrypted payload.
> >     [
> >       [
> >         h'',
> >         {
> >           1: -6, // Direct use of CEK
> >           4: h'01' // Key ID - 0x01
> >         },
> >         h''
> >       ]
> >     ]
> >   ]
> >
> >According to cbor.me the resulting COSE encoding has 59 bytes whereby
> >28 bytes are purely used for message encryption.  This means that there
> >is
> >31 bytes overhead with COSE compared to 12 bytes [= 8 for Epoch +
> >Sequence Number + Sender ID, 3 bytes for Content Type and Version
fields].
> >
> >Ciao
> >Hannes
> >
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
> ________________________________________________________ The
> contents of this e-mail and any attachments are confidential to the
intended
> recipient. They may not be disclosed to or used by or copied in any way by
> anyone other than the intended recipient. If this e-mail is received in
error,
> please immediately notify the sender and delete the e-mail and attached
> documents. Please note that neither the sender nor the sender's company
> accept any responsibility for viruses and it is your responsibility to
scan or
> otherwise check this e-mail and any attachments.
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email