Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
Michael StJohns <msj@nthpermutation.com> Tue, 08 July 2014 15:47 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A5D71B2B3C for <dtls-iot@ietfa.amsl.com>; Tue, 8 Jul 2014 08:47:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gyrE_JKQRebJ for <dtls-iot@ietfa.amsl.com>; Tue, 8 Jul 2014 08:47:39 -0700 (PDT)
Received: from mail-qc0-f169.google.com (mail-qc0-f169.google.com [209.85.216.169]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C3BE1B2B39 for <dtls-iot@ietf.org>; Tue, 8 Jul 2014 08:47:39 -0700 (PDT)
Received: by mail-qc0-f169.google.com with SMTP id i17so1174137qcy.14 for <dtls-iot@ietf.org>; Tue, 08 Jul 2014 08:47:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ghNRLHpKcCT/3bEPBppz7WFYNxdhLgNimLaV6MDnWzI=; b=XFSQVx8hoiQYb2iq/MR7lmGqJGbjfWFpYciN/Sggo4b9wKtXoK676d3KYY00RRdOpX 8kjIUKAlfZUP0eC8Si+JQvz7L+uTb44ytX2btc4UwBniN0OZ5a3V37CXSik+UNxYcmX9 rE/D8tufeOrrunVoaMCsLMgupxc1x5duDb8KTSmn3UtjpzbiasKARMG+kIP7WSN/RBlr 1FA3juvF9tp9WPjTFu+cn5RlAka8UbrriatBa0C9LynEStgHPbBbMao5333OI1Pzp6a7 jCKVJPY2vN+3oNuuOWFOHeGYq7zuShoTIJZWoAMw8kvDXnh1cDClMdH8iBk2SfoqzdPi MgeA==
X-Gm-Message-State: ALoCoQmB2qBw6dVRhcsN8EyDwsUIWO1yVXMC25U/iEn5eDnAAiJI1kJB55OyqmQAAwnoJaIiDsUH
X-Received: by 10.140.44.33 with SMTP id f30mr56930883qga.89.1404834458650; Tue, 08 Jul 2014 08:47:38 -0700 (PDT)
Received: from ?IPv6:2601:a:2a00:390:712e:cb82:d532:4307? ([2601:a:2a00:390:712e:cb82:d532:4307]) by mx.google.com with ESMTPSA id o111sm22958644qgo.44.2014.07.08.08.47.38 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 08 Jul 2014 08:47:38 -0700 (PDT)
Message-ID: <53BC12A1.7070602@nthpermutation.com>
Date: Tue, 08 Jul 2014 11:47:45 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Carsten Bormann <cabo@tzi.org>
References: <20140703125443.15822.61762.idtracker@ietfa.amsl.com> <BE6D13F6A4554947952B39008B0DC0153E7CB29C@DBXPRD9003MB059.MGDPHG.emi.philips.com> <53BAC656.7010008@nthpermutation.com> <BE6D13F6A4554947952B39008B0DC0153E7CF9CC@DBXPRD9003MB059.MGDPHG.emi.philips.com> <53BC051D.9000907@nthpermutation.com> <0D0BF288-244F-46A8-9BD3-53A79C7B9525@tzi.org>
In-Reply-To: <0D0BF288-244F-46A8-9BD3-53A79C7B9525@tzi.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/_LNvYT-pIVHw3aXAbs3mDQQRxCQ
Cc: "Kumar, Sandeep" <sandeep.kumar@philips.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Subject: Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 15:47:42 -0000
On 7/8/2014 11:08 AM, Carsten Bormann wrote: > On 08 Jul 2014, at 16:50, Michael StJohns <msj@nthpermutation.com> wrote: > >> 1) You can't do integrity protection without source authentication. > That depends on your attack model. > > Given that much of today’s IoT “security" is depending on a single WiFi key for a whole installation, application-based group keying is still significant progress for those cases where the attack model doesn’t rule out group keying. > > Grüße, Carsten > Hi Carsten - To get to a common point, what I mean by integrity at this point is: "A message can't be modified between a sender and receiver without detection by the receiver" - do you agree with this definition? Under that definition if I'm doing multicast symmetric key integrity protection, then a third party who holds that key can change the message without detection. If the key is only held by one other party, then I know the source as well as the integrity of the message. Likewise with public key - if I can verify the message with a public key, I know the holder of the private key is the originator. All of these guarantees break down if a) a symmetric key is shared between more than 2 parties, or b) a private key is shared between more than a single party. In the WiFi model, mostly the "mesh" is one deep. There's the access point and then there's everyone else. The size of the mesh is relatively small (~20 - 200 if you're talking about an IETF meeting!), and almost every device talks directly to the AP. Mostly the comm model for WiFi is that the wireless guys want something on the wired internet - they rarely need to talk to the other wireless devices. Some "IoT" approaches have reused WiFi security - and not in a good way considering the WiFi security protocol (802.1x) is such that it doesn't scale very well with depth of mesh or number of nodes. It also doesn't do a lot of packet level multicast for the normal designed-to case (e.g. internet access). > application-based group keying is still significant progress for those cases where the attack model doesn’t rule out group keying. The use cases where this works all seem to involve a secure processing element and that's not exactly within the DICE charter. The most successful group keying system I'm aware of is pay TV (either satellite or cable). Those systems - obviously - use a secure processing element (e.g. smart card or built in) to manage group keys and decryption based on credentials. I literally can't think of a use case without an SPE where the attack model doesn't rule out group keying for integrity protection and most attack models for most use cases rule it out for confidentiality. Mike
- [Dtls-iot] FW: New Version Notification for draft… Kumar, Sandeep
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Kumar, Sandeep
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Carsten Bormann
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Carsten Bormann
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Kumar, Sandeep
- Re: [Dtls-iot] FW: New Version Notification for d… Michael StJohns
- Re: [Dtls-iot] FW: New Version Notification for d… Kumar, Sandeep