Re: [COSE] Multicast Use Case
Sandeep Kumar <ietf@sandeep.de> Mon, 31 August 2015 21:28 UTC
Return-Path: <ietf@sandeep.de>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8742F1B63CC for <cose@ietfa.amsl.com>; Mon, 31 Aug 2015 14:28:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.427
X-Spam-Level:
X-Spam-Status: No, score=-0.427 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, J_CHICKENPOX_42=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZiuzSrzp6a4m for <cose@ietfa.amsl.com>; Mon, 31 Aug 2015 14:28:16 -0700 (PDT)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A1411B63C7 for <cose@ietf.org>; Mon, 31 Aug 2015 14:28:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1441056492; l=13658; s=domk; d=sandeep.de; h=Content-Type:Cc:To:From:Subject:Date:References:In-Reply-To: MIME-Version; bh=/VzHsgLFLWKsRtDRtMmf0AQYVShsrRvIkHf8Zl9ebbQ=; b=wB4Qo6Xpv8EPCZhRE9VzUU17YCVGo1ygHmVkhMDaDHkDbJUtkDem2e1s3LmCv8DG9T5 WvQYscRpmxgw7tNd5c2M1rzRpd6ifdvBLklmXFzDW6UjoU3EMz6LdVSsKj+lUYk63oQDC 1vNGue3BJrZ4ErgMoyot8npoOnj5WCTAJ4U=
X-RZG-AUTH: :JWkQc2C7evFfytIRBe7p82UYMzBqkr+YiXEkNEKLhUifTGQRFYQZmyOG
X-RZG-CLASS-ID: mo00
Received: from mail-qk0-f169.google.com ([209.85.220.169]) by smtp.strato.de (RZmta 37.11 AUTH) with ESMTPSA id 60166br7VLSARSD (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verification FAILED - unable to get local issuer certificate)) (Client hostname not verified) for <cose@ietf.org>; Mon, 31 Aug 2015 23:28:10 +0200 (CEST)
Received: by qkdv1 with SMTP id v1so18387975qkd.0 for <cose@ietf.org>; Mon, 31 Aug 2015 14:28:10 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.13.221.137 with SMTP id g131mr24467092ywe.84.1441056490050; Mon, 31 Aug 2015 14:28:10 -0700 (PDT)
Received: by 10.37.110.84 with HTTP; Mon, 31 Aug 2015 14:28:10 -0700 (PDT)
In-Reply-To: <064c01d0e428$047d2700$0d777500$@augustcellars.com>
References: <55E400AC.7090507@gmx.net> <064c01d0e428$047d2700$0d777500$@augustcellars.com>
Date: Mon, 31 Aug 2015 23:28:10 +0200
Message-ID: <CAH51uSc2a4V2eccdVSSYxDN+KL1A0ohnXQheegUXoZxQTsd3kA@mail.gmail.com>
From: Sandeep Kumar <ietf@sandeep.de>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="94eb2c06e9e430df41051ea21cb9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/cy2TzWlVa-NelCsKLUFdi81VkGc>
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, cose WG <cose@ietf.org>
Subject: Re: [COSE] Multicast Use Case
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 21:28:19 -0000
Hi Jim You seem to be referring to an alternative version of the draft than Hannes used. The draft Hannes used draft-keoh-dice-multicast-security-08 uses SenderID to separate the nonce, while draft-kumar-dice-multicast-security derives new keys per sender (based on a single key and SenderID). the change was due to a difference is preference in my co-author but should not change the overhead. Finally I disagree on your assessment on code reuse, it had been implemented with minimal changes needed to an existing IoT DTLS library. regards Sandeep On Mon, Aug 31, 2015 at 10:02 PM, Jim Schaad <ietf@augustcellars.com> wrote: > Hannes, > > I think that characterizing draft-kumar-dice-multicast-security as some > type of DTLS may be a huge misnomer. On first read it is not matching a > great deal of what I think of as being TLS/DTLS. For example, all of the > record layering that is present in DTLS does not appear to be here, and I > would assume that none of the starting handshaking is going to be present > here. > > Looking at the figure 2 in that document appears to have an overhead of 13 > bytes, but I am not seeing the sender ID that you are talking about so I am > unsure that your analysis of the sizes is going to be correct for this. It > is definitely not true if the multiple layering of TLS is going to be used. > > I am having a hard time with the example you gave, I put it into cbor.me > (after removing comments) and it generated a syntax error. After > generating it on my own, I came up with: > > [ > 2, // encrypted message > h'a2010a0547089f52fa000000', // Protected headers > // {1: 10, - algorithm AES-CCM-16-64-128 > // 5: h'089f52fa000000' - nonce of 7 bytes} > { }, // Unprotected headers (none) > h'7b9dcfa42c4e1d3182c402dc18ef8b5637de4fb62cf1dd156ea6e6e0', // > encrypted message + authentication tag > [ > [ > h'', // Protected header - none > { // Unprotected headers > 1: -6, // Algorithm direct > 4: h'01' // sender ID > }, > h'' // No cipher text > ] > ] > ] > > Which maps to 56 bytes with a 28 byte message, using my best guess from > what you are saying you get a 42 byte message with you "DTLS" message. The > current difference in overhead thus being 14 bytes rather than the 19 bytes > you have below. I expect that this difference will decrease as time goes > by. We have a proposals on the table which would reduce the size of the > COSE message for handling of single recipient messages, but it is not clear > which, if any, are going to be incorporated into the document. Part of > this is a question of what the implementation sizes are going to be. > > Although the kumar document says that there should be significant code > reuse between it and DTLS, I am not sure that I would agree with this. It > seems to be that it is just reusing small portions but it would be a > significant re-write and would need to have a corresponding complete > security review. > > Jim > > > > > -----Original Message----- > > From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Hannes Tschofenig > > Sent: Monday, August 31, 2015 12:22 AM > > To: cose@ietf.org > > Subject: [COSE] Multicast Use Case > > > > Hi Jim, Brian, all, > > > > I am trying to compare the work on multicast security done by Sandeed & > co > > against an application layer solution using CBOR/COSE. > > > > The DTLS multicast includes the following relevant components: > > - Epoch: 2 Byte > > - Sender ID: 1 Byte > > - Sequence Number: 5 Byte > > > > The combination of epoch, sender id and sequence number are used as a > nonce > > for the cipher and the use of the sender id ensures that no member of > the group > > accidentally selects values that will cause re-use. > > > > The 1 byte sender id is chosen small to reflect the expected size of a > group in the > > professional lighting environment, as explained in the DTLS multicast > document. > > > > Ciphersuite related information includes: > > - Encrypted Content (variable length) > > - MAC (variable length) > > > > Content Type, Version and Length are DTLS-specific aspects that cannot be > > removed without re-design of the record layer. > > > > Data based on Figure 4 of > > http://tools.ietf.org/html/draft-keoh-dice-multicast-security-08.txt. > > > > Since there is no sequence number defined in COSE I put the epoch and the > > sequence number together into the nonce field. > > > > Here is the commented version of the COSE message I came up with: > > > > [ > > 2, // Encrypted COSE message > > { > > 1: 10, // Algorithm - AES-CCM-16-64-128 > > 5: h'89f52fa' // 7-byte nonce > > }, > > h'7b9dcfa42c4e1d3182c402dc18ef8b5637de4fb62cf1dd156ea6e6e0', > > // encrypted payload. > > [ > > [ > > h'', > > { > > 1: -6, // Direct use of CEK > > 4: h'01' // Key ID - 0x01 > > }, > > h'' > > ] > > ] > > ] > > > > According to cbor.me the resulting COSE encoding has 59 bytes whereby 28 > > bytes are purely used for message encryption. This means that there is > > 31 bytes overhead with COSE compared to 12 bytes [= 8 for Epoch + > Sequence > > Number + Sender ID, 3 bytes for Content Type and Version fields]. > > > > Ciao > > Hannes > > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose >
- [COSE] Multicast Use Case Hannes Tschofenig
- Re: [COSE] Multicast Use Case Jim Schaad
- Re: [COSE] Multicast Use Case Sandeep Kumar
- Re: [COSE] Multicast Use Case Jim Schaad
- Re: [COSE] Multicast Use Case Kumar, Sandeep
- Re: [COSE] Multicast Use Case Carsten Bormann
- Re: [COSE] Multicast Use Case Stephen Farrell
- Re: [COSE] Multicast Use Case Göran Selander
- Re: [COSE] Multicast Use Case Hannes Tschofenig
- Re: [COSE] Multicast Use Case Hannes Tschofenig
- Re: [COSE] Multicast Use Case Hannes Tschofenig
- Re: [COSE] Multicast Use Case Somaraju Abhinav
- Re: [COSE] Multicast Use Case Jim Schaad