IETF Logo Mail Archive

Re: [Dtls-iot] DTLS multicast security

Sye Loong Keoh <SyeLoong.Keoh@glasgow.ac.uk> Thu, 25 September 2014 02:12 UTC

Return-Path: <SyeLoong.Keoh@glasgow.ac.uk>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ABB71A6F27 for <dtls-iot@ietfa.amsl.com>; Wed, 24 Sep 2014 19:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwOGlK3CKqvZ for <dtls-iot@ietfa.amsl.com>; Wed, 24 Sep 2014 19:12:47 -0700 (PDT)
Received: from hillend.cent.gla.ac.uk (hillend.cent.gla.ac.uk [130.209.16.102]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78CFE1A6ED9 for <dtls-iot@ietf.org>; Wed, 24 Sep 2014 19:12:47 -0700 (PDT)
Received: from cas05.campus.gla.ac.uk ([130.209.14.38]) by hillend.cent.gla.ac.uk with esmtp (Exim 4.72) (envelope-from <SyeLoong.Keoh@glasgow.ac.uk>) id 1XWyY1-0007TB-CC; Thu, 25 Sep 2014 03:12:45 +0100
Received: from CMS08-01.campus.gla.ac.uk ([169.254.1.42]) by CAS05.campus.gla.ac.uk ([130.209.14.38]) with mapi id 14.03.0210.002; Thu, 25 Sep 2014 03:12:44 +0100
From: Sye Loong Keoh <SyeLoong.Keoh@glasgow.ac.uk>
To: Dorothy Gellert <dorothy.gellert@gmail.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Thread-Topic: [Dtls-iot] DTLS multicast security
Thread-Index: AQHP04DtO3YA8VA7BkWI5JjOuXLmAJwH8qMAgABPEgCAADuSgIAADC+AgAAEjQCAAATOAIAABM4AgAAGcgCAAA04gIAEpV2AgAAR7wCAAN+egIAAoqCAgAAJbgCAAjdlwA==
Date: Thu, 25 Sep 2014 02:12:43 +0000
Message-ID: <21E26952709A8749ACA6D57D2B38895702414D6C@CMS08-01.campus.gla.ac.uk>
References: <6D27AD8D-3B90-4100-9440-3375946F420B@gmail.com> <541BD0E0.1090409@sics.se> <36F5869FE31AB24485E5E3222C288E1FFAFA@NABESITE.InterDigital.com> <541C452D.9090302@nthpermutation.com> <EBE85F86-00E2-40F8-9205-1B6AE20CAAE9@tzi.org> <541C5336.9040406@nthpermutation.com> <394E30E1-378D-4F37-B86D-F05297A2D8B6@tzi.org> <541C5B46.8060406@nthpermutation.com> <2819E45A-6B1B-4B14-8A7E-3B9358AA3B12@tzi.org> <541C6BC5.7070308@nthpermutation.com> <5420517B.60502@tzi.de> <54206086.1040707@nthpermutation.com> <54211C1B.6000509@sics.se> <5421A487.6050004@nthpermutation.com> <EFFF761C-7937-4F8F-96F6-02107E70344E@gmail.com>
In-Reply-To: <EFFF761C-7937-4F8F-96F6-02107E70344E@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [202.21.159.245]
Content-Type: multipart/alternative; boundary="_000_21E26952709A8749ACA6D57D2B38895702414D6CCMS0801campusgl_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/U32ME28T9bGwSQPjHnRf6KCXiYA
Subject: Re: [Dtls-iot] DTLS multicast security
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2014 02:12:51 -0000

Hi Dorothy,

Me too, I certainly support DICE to continue pursuing option A.

Many thanks
Sye Loong

From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Dorothy Gellert
Sent: Wednesday, 24 September, 2014 1:23 AM
To: dtls-iot@ietf.org
Cc: Michael StJohns
Subject: Re: [Dtls-iot] DTLS multicast security

Hi All,

Ok,  I think we have found a way forward.     Mike,  I have you on record for drafting a " pretty restrictive, pretty blunt security considerations section".

Can I confirm support from those who have responded to the consensus call, specifically, that we pursue A) Protocol for multicast confidentiality in CoRE?

Thanks,
Dorothy







On Sep 23, 2014, at 9:49 AM, Michael StJohns <msj@nthpermutation.com<mailto:msj@nthpermutation.com>> wrote:


On 9/23/2014 3:07 AM, Ludwig Seitz wrote:

On 09/22/2014 07:46 PM, Michael StJohns wrote:
....

If you use multicast symmetric key systems only for confidentiality,
breaking in to a node to extract the key doesn't give you much more than
you already had - the multicast traffic destined for the node you just
hacked.  So things like multicast audio aren't necessarily
identity-important cases.
Aha!

So would it be acceptable to separate the problem?

A.) A protocol for multicast confidentiality in CoRE (with or without DTLS, I don't care)

B.) A protocol for authorizing control messages (whether they are multicasted or not)

Where this work would be done is another question, B. seems like a task for ACE.

Would A.) alone be beneficial enough to justify working on it?

/Ludwig


This above is pretty much where I think we're at.  The only scenario proposed for draft-keoh is a control protocol for lightbulbs.  It's unclear that there is sufficient need for confidentiality there to justify sending the proposal forward.  The protocol doesn't meet the needs (or at least what *I* think are the needs) for being used to authenticate and authorize changes in the physical world.

I pushed back on this suggesting that CoAP figure out how to sign its control messages asymmetrically, and then how to multicast them (not DTLS, not DTLS multicast, just basic IP multicast over UDP probably) to get the effect they want.  The push back to the push back is the "cost" and latency of verifying such a message at an IOT node.  Physics of cryptography colliding with cost.  The problem is as I've noted elsewhere - this protocol has to work for more than just this one scenario - and it has to be secure for those scenarios.  It's not even minimally secure for this one.

With respect to doing draft-keoh only for confidentiality - I'd draft a pretty restrictive, pretty blunt security considerations section sufficient for any company to get into liability hell if they ever attempted to use the keys for control actions and something bad happens.  I did something similar for RFC1413.  That said, we'd need at least a few other scenarios where multicast meets a confidentiality need on the IOT space.

Later, Mike


ps -

I wanted to slightly expand the confidentiality multicast thing. For most high value multicasted content (e.g. think satellite video), there are secure processing elements at each of the receiving node designed to prevent the compromise of the stream key (which changes very frequently).  In addition to that there are SPEs designed to keep the decrypted stream PDUs from being disclosed prior to rendering as pixels and audio wave forms, and to prevent capture of the PDUs for recording. So even when confidentiality is desired, there may be a need for additional implementation requirements over and above what the protocol can provide.  With control multicast, you really start out requiring either asymmetric or an SPE to make it secure enough. /msj/


_______________________________________________
dtls-iot mailing list
dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>
https://www.ietf.org/mailman/listinfo/dtls-iot

v2.23.0 | Report a Bug | By Email