IETF Logo Mail Archive

Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt

Michael StJohns <msj@nthpermutation.com> Tue, 08 July 2014 14:50 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA7F1B2AC8 for <dtls-iot@ietfa.amsl.com>; Tue, 8 Jul 2014 07:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xrqN650Jz_Jb for <dtls-iot@ietfa.amsl.com>; Tue, 8 Jul 2014 07:50:00 -0700 (PDT)
Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA2921A00F6 for <dtls-iot@ietf.org>; Tue, 8 Jul 2014 07:49:59 -0700 (PDT)
Received: by mail-qa0-f42.google.com with SMTP id dc16so4949393qab.15 for <dtls-iot@ietf.org>; Tue, 08 Jul 2014 07:49:58 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=vsvG3p+if4aHzKzxAfhqCt1q2Jq0oSJCdNMPbwb371c=; b=mQwG2vtaJq+lHBAX+nN8U5A+UPFoXAf89jdmqKEQEW5t7zfWrCfMP4LSOFgzFwI7v8 HeoMqXtOIgqwkpi+umtbs7bHL+qQNgfwyJCFxkWEO93+/4Gn7C5ysJmb/uOkJmzVQU+G Cxnf5MjFPvdU1xDbZNLZCwyktGD0mem0uww3V0qFHm0xI/vbPbC15DCiHv6RPeDk9zg1 16E+Ph6+IWv0uFI0uOLUnp3NIiPio7dwweTSXxCiRvOew0JPOmUUpKUnB0i4o02NwqPm uGstmem7H6GHrcJNZGz87UkD1y4shClHaJI0XoyV8EcYsqp9HeJnxmfbedylZyuTyww1 FnXQ==
X-Gm-Message-State: ALoCoQnwhRyVaZruth6XgsAKXwp3tZGl8+aAVLVhPcryCoRCbp/St7lrWcrnwOcotqKTfBLas+gu
X-Received: by 10.224.172.201 with SMTP id m9mr60557165qaz.32.1404830998774; Tue, 08 Jul 2014 07:49:58 -0700 (PDT)
Received: from ?IPv6:2601:a:2a00:390:712e:cb82:d532:4307? ([2601:a:2a00:390:712e:cb82:d532:4307]) by mx.google.com with ESMTPSA id p12sm11174791qga.0.2014.07.08.07.49.57 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 08 Jul 2014 07:49:58 -0700 (PDT)
Message-ID: <53BC051D.9000907@nthpermutation.com>
Date: Tue, 08 Jul 2014 10:50:05 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "Kumar, Sandeep" <sandeep.kumar@philips.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
References: <20140703125443.15822.61762.idtracker@ietfa.amsl.com> <BE6D13F6A4554947952B39008B0DC0153E7CB29C@DBXPRD9003MB059.MGDPHG.emi.philips.com> <53BAC656.7010008@nthpermutation.com> <BE6D13F6A4554947952B39008B0DC0153E7CF9CC@DBXPRD9003MB059.MGDPHG.emi.philips.com>
In-Reply-To: <BE6D13F6A4554947952B39008B0DC0153E7CF9CC@DBXPRD9003MB059.MGDPHG.emi.philips.com>
Content-Type: multipart/alternative; boundary="------------030902020701080100010900"
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/tjIy9MsiG8wSzbT645IMTU2L8yM
Subject: Re: [Dtls-iot] FW: New Version Notification for draft-keoh-dice-multicast-security-08.txt
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 14:50:04 -0000

On 7/8/2014 8:26 AM, Kumar, Sandeep wrote:
> [SK] I am afraid you have the wrong conclusions from the London meeting.
> The DICE WG reporthttp://www.ietf.org/mail-archive/web/dtls-iot/current/msg00200.html
> " In the meeting there was good agreement that draft-keoh-dice-multicast-security-05 is a reasonable
> solution for what we were chartered to do, and we should not try to add source authentication to the
> DTLS record layer. It was agreed to encourage a straw-man draft to be written exploring if an alternative
> approach would make sense doing this in CoAP including source authentication. This is not in our charter,
> but the draft is meant to help us determine how to proceed."


I'm going to hit this one separately and first.    In a private message 
to Zach I disagreed that there was "good agreement" and disagreed there 
was consensus that the draft was a "reasonable solution".  Neither of 
the comments in the meeting report appeared to me to be supported by the 
discussion at the meeting.

The actual working group minutes with the transcript are

>     
>            3) Multicast draft [Sandeep Kumar]
>            draft-keoh-dice-multicast-security-05  <http://tools.ietf.org/html?draft=draft-keoh-dice-multicast-security-05>
>            
>            - Sandeep - Goes over motivating use cases and requirements
>            - Sandeep - Goes over proposed solution (use DTLS rcord layer to protect
>            CoAP group comm messages; out of band setup of Group Security Association)
>            - Sandeep - DTLS record layer adaptation, and DTLS recrd layer processing
>            remains nearly unchanged
>            - Stephen Farrell - Just skip to open questions as we already discussed
>            this previously
>            
>            - Zach - We are chartered for this approach as described by Sandeep.
>            Now we have suggestions by Mike and others to go beyond this solution
>            which is a good discussion.  Like requiring source authentication.
>            As a WG do we need to support this?
>            - Eker - You should abandon DTLS record layer to support multicast [if
>            you want to support source authentication].  Source authentication is
>            really required for many IoT use cases.
>            - Zach - Should we try to extend CoAP to do this (instead of DTLS
>            record layer)?
>            - Carsten - Want to avoid complicated re-design.  Don't know what
>            component we could use for source authentication?
>            - MikeStJohn - Public key integrity can be done in several ways
>            - Eker - There may be problems with this depending on what layers you
>            are doing this
>            
>            - Zach - We have a solution that fits the charter but may need to support
>            source authenticaton.  We need to have complementary drafts looking at
>            alternate solutions
>            - Stepehen Farrell - Sounds like a potentially huge increase in scope
>            - Zach - Yes, we need if weto decide  really want to expand the scope
>            - Stephen Farrell - So we should hold this draft until the complementary
>            drafts are written
>            - Zach - Yes

1) You can't do integrity protection without source authentication.
2) You can't do source authentication with symmetric key systems 
(without the caveats I've listed multiple multiple times)
3) You can't use secure multicast for control systems without some form 
of integrity protection and source authentication and that was the only 
use case that has been proposed so far.

The fact that DTLS multicast security is part of the charter does not 
mean that the group is going to actually be able to produce something 
that works.  There are reasons why multicast security even at other 
layers is not widespread.

> This straw-man draft is meant for the*WG*  to decide if public-key based solution is the way to go forward with the associated
> changes required at CoAP layer, handling group/unicast communication differently and with the added
> computational load of public key signature per message. It may be a good solution on paper but I myself doubt
> its practicality.

In most ways, this should actually be a CoAP WG issue and not a DTLS WG 
issue.  I was surprised when the suggestion was made that the charter 
might be expanded.

>
> Additionally draft-keoh-dice-multicast-security can be moved to Informational since we all agree that it does
> solve a practical problem in the Lighting domain.

My definition of "solve" is probably a bit more rigorous than yours in 
this case.  My analysis is that multicast security (as you're defining 
it) for your lighting domain problem provides little or no protection to 
active attacks.  If a hacker wants to control your lights, he will grab 
one of them, extract the keys and start blinking SOS (or perhaps 
something more rude).  This will take about 5 minutes.

That said, if you're going to remove this from the WG and submit it as 
an informational RFC describing how your company does lighting multicast 
security, I have no further objections (and that's what I thought you 
were going to do post London).

My objection to draft-keoh-dice-multicast-security is as a WG, general 
solution for DTLS multicast and the possibility that it would be 
published as a IETF standard.   The implementation constraints necessary 
for your approach to ensure even minimal protection do not map well to 
an IOT of 10's of 1000's of cheap devices.  Publishing a DTLS multicast 
security standard "for constrained devices" is supposed to be a profile 
of DTLS multicast security which implies that DTLS multicast security 
needs to work for more than just the DICE cases (or can be constrained 
in the protocol so it *only* works for the DICE cases and can't be used 
as a general DTLS multicast solution).


Mike

v2.23.0 | Report a Bug | By Email