[Emu] About securing last exchange CoAP-EAP

Dan Garcia Carrillo <garciadan@uniovi.es> Sat, 14 August 2021 11:37 UTC

Return-Path: <garciadan@uniovi.es>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 100E43A07FB; Sat, 14 Aug 2021 04:37:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=unioviedo.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NstedCBkrLvZ; Sat, 14 Aug 2021 04:37:13 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2040.outbound.protection.outlook.com [40.107.22.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0C933A07F8; Sat, 14 Aug 2021 04:37:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A8On9/D+mKfi0Q/SF+VHDxdtyeBcuMsWoYUGXSUh5UPpcpw8BL0PktcuRb/sW7ZfELrShwPUUTQA3myxLQBzX87IgEKc2GX5VGXTAYlVS814PTzcaG3+ZpQrKu7l9ZeKmEXjfYwMB/zNCoHIwbVomTzMoRsIJFOcJhDWUavwIm0eqq5VyafL+DVbe4UDLzl4jc1Bd7QSokCO9hmt2aWEaI6wZG6U8lczXi/dRy8d7XLinPPzcr3g9CH3jma/haV8RscyllR/0WntRgxt1mHCyTce6NuXYgNURl6M3o4xZshehp1Sw4Ruzk6KKPiWTOYzYmYjdOoYoyzs9olABkru9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qYrbGYo6oloF4rKGG0mLYkdI/cjcy0M3Coa0cs+6lmU=; b=K0z4WTBOitER373tvIbmDRvrIA9Z3F1pjCo6Gy/c4n5avx1XjlL+RJYMlc7BZpdwYVVEqc1OIH79tfPOwP/7XMfMLPTJ1mwnEhrlZdoqMrgQcxtngCXWNWz1b8+PvsTds/QPwcdolhQ+XxmA0IvqRLq3KHVuKqTojEzDNa8+XTHRaTCGAKeTxe926yVPOX9QXBFJRrGX0Df0CKkHqPRuFQG71Bp8xxf3kkRcA6jk0qF5P+M9+mmzlW2bDSgkf0a6abG1qeS4OE9YbgL2UVJMe3MpET5IoU5PnosA4864lX2GDAjJQKBxngRexUr+hIYoQqCPDc4l12pdQMskr3y66Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uniovi.es; dmarc=pass action=none header.from=uniovi.es; dkim=pass header.d=uniovi.es; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unioviedo.onmicrosoft.com; s=selector2-unioviedo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qYrbGYo6oloF4rKGG0mLYkdI/cjcy0M3Coa0cs+6lmU=; b=OGuA+6RzRXSZeh46G97SBaYLKihRXq9Fq/qqMjn9ocjuvA4SgNW8kbD2P43hS6VKFgj4coKYZ2dd8eYlpACmcPBjyEWt27TOM1PgWSTMXKkVwDYZngLnZJM3c5hPFoKSeLmIvnydKWvypd2JSW1mvDKC895zpKq1HhHGQOqd/r8=
Authentication-Results: uniovi.es; dkim=none (message not signed) header.d=none;uniovi.es; dmarc=none action=none header.from=uniovi.es;
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9) by DB6PR0802MB2549.eurprd08.prod.outlook.com (2603:10a6:4:a0::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.15; Sat, 14 Aug 2021 11:37:08 +0000
Received: from DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::983d:2684:af23:a4c3]) by DBBPR08MB6202.eurprd08.prod.outlook.com ([fe80::983d:2684:af23:a4c3%8]) with mapi id 15.20.4415.021; Sat, 14 Aug 2021 11:37:08 +0000
From: Dan Garcia Carrillo <garciadan@uniovi.es>
To: EMU WG <emu@ietf.org>, "ace@ietf.org" <ace@ietf.org>
Message-ID: <07cd0942-9ee0-b124-b3a7-649f262d7c9e@uniovi.es>
Date: Sat, 14 Aug 2021 13:37:06 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
Content-Type: multipart/alternative; boundary="------------D3A76AE98E3FECF677309874"
Content-Language: en-GB
X-ClientProxiedBy: MR1P264CA0051.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:3e::26) To DBBPR08MB6202.eurprd08.prod.outlook.com (2603:10a6:10:209::9)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from DansMacBookPro.local (188.26.210.117) by MR1P264CA0051.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:3e::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.17 via Frontend Transport; Sat, 14 Aug 2021 11:37:07 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b943b4ca-3efc-48fc-6a00-08d95f17d935
X-MS-TrafficTypeDiagnostic: DB6PR0802MB2549:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <DB6PR0802MB2549AF39FA7F2984E8B490A3B4FB9@DB6PR0802MB2549.eurprd08.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 7iEJ57R7PiNp6Wz+nD9Nq0U4UOGW3R+KsdRs8VMaxJ+fhU50WkXZ6vz5+du0Bvhy6F2vciFFOhOymp9kmYvNeTocQOHGa2lD2B7el079wZ86yxI7ZSyxewWccTB/xuxb7g4GIMaMCrt86sZj2+4txKYOd/V8WZnL+4ExE73muox+3NC60Idqxt4CRyJExLNiTHoe+FZG3t6iEv29/vTO4nQ9GB5oUutHQxUVaK/NlgutPY9OVoolUqi7J86VbEAkNI/HQ0Hdyqn905xb1GXQmSvonyCE1TvqvQasSm7VP/4LI9cWVLOYTyJHb+N8BLs4Rn/EDq+tOSrK17wX6uG9WR1yhJubiAA9324NWO4/IXcgg/idaS07gHWii9sazZ8Ghoc7XSmTD2Y6vn7ojSYn6LtiTcN2do2rDIs7F36O47ykTcDZVw8zlf7hDq6NxfApBg5aRiL7aH1S2lK3T6ruq2zJUmGnhgSKz4vo2zttUzOLj9h3nceRuE08xGIsWt8pKqzXDFy10LPuTFjn5RTHY8wCjrwdVaRUigLjii7Cw77bcDMk0uabMdJJxoMcMy0GQsyKoBnWiSELzCXmk1DbqxtepLhG5pWi7GwPmrf3tGE3zSFr8lE0gHi97f0fJGudyGqegxa2kOhDg1NUhq/54HBN599WW3bCMvYkIl4Z2rZNqqb3CSaatSg5KsgedCHA/eFbVidSG2ZA9KDYCHq6bjGJue4BFFJmmamF+l+Ym/wWo8kMGaNd4RuLvCt6TQkm5lyOQ5YHGXPOjBJ+WDjktQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB6202.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(39840400004)(136003)(346002)(376002)(396003)(366004)(786003)(52116002)(450100002)(26005)(478600001)(33964004)(186003)(31696002)(316002)(110136005)(4326008)(36756003)(6506007)(31686004)(6512007)(107886003)(2906002)(2616005)(66556008)(83380400001)(86362001)(8936002)(5660300002)(6486002)(66476007)(38100700002)(38350700002)(956004)(66946007)(8676002)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cEFyMFJaa0ZwSm1oNURjMFQ5YXdYS1ZpMmF4V01NSjRDYVo0Tlllb0piZHVl?= =?utf-8?B?dUdMV0c3Q0ZsRWlQNTZuY0E0OU1oSm5lbmZjUXFiZVozcXdvNHM3aTJzTFlH?= =?utf-8?B?c0pZWXZvR3VHSlhibVdLMFRrTm91YmN5QWEwUFQzTmptdU9CUjRNZldRU2dV?= =?utf-8?B?U0cwaGUxNWtycEFzak92eHpqMW1KT2tuQXN0WXhaTXo4R1pOQlNYK1dpQ2pB?= =?utf-8?B?dlVwdllEc0MrVE9DZTFzMm1aWjAra1RudVZBRkIwWjk2T1NkbndvMC9NRmt1?= =?utf-8?B?TkorM0hSMXpmQjd3aWZSbitqZkRodmFYTGltb1IrZ0NwR1UvVmgwTnV4UFBB?= =?utf-8?B?TTg2R1ROR3FiTHIvcmRQWENrZExsWHZaVXA4T0NodW45VitDeHRwWFUvRWJR?= =?utf-8?B?M3cvYUFoTDQ5RHJRV2J6aUFrN0xpR1dJWTVNRmRRTmsrZ2x1SzJQcVFpclF4?= =?utf-8?B?WmtFb2ZqUjNvOEt2c1c1UUZ5MTNyOFpOVTNpeVAyazg1M3llZlZhd0MvcDFI?= =?utf-8?B?MUdNa2tOSGtjbHRLWjF1bCtHZU5xMklNNHh2TnpJZUJNVnV2YkVwVTc2YmxZ?= =?utf-8?B?MjUySGdqYmJrOGdtdnI0RVZEWWIwbW90R0E0WkNPOWRTNUhIUjg0WUIwVFg3?= =?utf-8?B?N2JzTktxV3JieXhKSjh2cnpMM3N5aHB1dGtlYmNQdDN4dzhIQ3lNdC9BSVhx?= =?utf-8?B?Q2grR2I3SXdvZlpJejZCeER1dlhZc0ljNVdVUWk2SHprMVJwc0l2b0s4RUdm?= =?utf-8?B?ZnQ4dDJmc3hNVjZoQXAwUW5hU3Z2akxOUCtQVmFyUis1dDg5M2VmMVpzd2dy?= =?utf-8?B?eHVJR1dlQnB6VG05WHcvazUyUWhpRmQxVmJqeDR3UHVueE5EeVF2RGVjZjRB?= =?utf-8?B?c0FVd2JOV2tWckpwbHQ4TlcrRDRFU2JDaFdQeHBhL0ZQWDY1Zkw3RWlvVllY?= =?utf-8?B?SjFHcC9pZ00vSFp4bE83cVdMNWlyazVEQ0dNbVFlcU1ZbHRVS2lzenQwTVRI?= =?utf-8?B?aFRNTUNuclJsTE9rUXhFWnRaMVQ4RW1LRzl3Ny9PWFpmdUlDVk9rd2lLSmNz?= =?utf-8?B?dDd2NUc1ZmZkRFV2RVNKS3VSQkVUdWg3ejh3cXU0Mm1ENFhSeW1XVkZFQUlY?= =?utf-8?B?NVJVUHNuMjZNaW5SVThNYURKbkUzOHdmL2twSDMrNWhxODVuZW9YMWJHZ2VZ?= =?utf-8?B?K0hiZitQL0JBNjEwWGg3V29zM052TVNlRmxBUGp0SjMvalZnTTZ4M1BKZ0p0?= =?utf-8?B?QjBtU2lOZjluRlYxSFdlMEcxTmJKR0JEcTNUdlA0Tm52QjNDWXRkbFZYdUs3?= =?utf-8?B?ekp2a3NlK3VQRmozOGl3ZnBESUhUVmdMWmR1c1pUNG1leEZBL2tvbGl3OWZj?= =?utf-8?B?andEd0hKQ1orS25lL3pnY2todzZwRGJwVXlDSkFZcjhBWnRZY04wdXk3bHhj?= =?utf-8?B?N3dmaWs1QVd0RXJqSmtDMWlLUXlVV2pFS2dJWUh1L1VXcGZUM1Z2cEZqNFlO?= =?utf-8?B?V08yUmFLVmpzeXVoRnEvQTF2K1FsTnc5RHNMaHBZYzNhOVJUSW5sQjF5cnRx?= =?utf-8?B?V0tuQjcwVWxpN0hUcWRLVU9HbmZmbFJ2bFZtWXYxRGQxb0hETEtSdUlqaTVn?= =?utf-8?B?UW5UVkxReUptK1BXSE5VMzAvSzVveHFrS3R0VkNFYVpGd3l3bVE4QUZEOGUy?= =?utf-8?B?ejZPUWtleTk2YnU1OFFYRElmdUE1dXBxeDhMcTIxSzd0Z1B1dS9Ld3pOajFy?= =?utf-8?Q?LVBxx6iWMw7uDrIBzDpjmZ1Y5QcB93Ihp0lsc2W?=
X-OriginatorOrg: uniovi.es
X-MS-Exchange-CrossTenant-Network-Message-Id: b943b4ca-3efc-48fc-6a00-08d95f17d935
X-MS-Exchange-CrossTenant-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Aug 2021 11:37:08.4331 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 05ea74a3-92c5-4c31-978a-925c3c799cd0
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 7jtEOSEpz3489uX7GvCdSf/rIuMNvPSHmY4d+/BAU1DS0woQjlbNvIffl/A81aWp2R9h+65uhjBJ3aDCIhltiA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2549
X-MS-Exchange-CrossPremises-AuthSource: DBBPR08MB6202.eurprd08.prod.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 06
X-MS-Exchange-CrossPremises-Mapi-Admin-Submission:
X-MS-Exchange-CrossPremises-MessageSource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 188.26.210.117
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: DB6PR0802MB2549.eurprd08.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/yV_iiyXhwlj4MN4XU3ShUU4i0e0>
Subject: [Emu] About securing last exchange CoAP-EAP
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Aug 2021 11:37:18 -0000

Dear ACE and EMU WG members,

In the last exchange of CoAP-EAP we intended to run OSCORE to achieve 
key confirmation, a protected EAP success and the establishment of the 
OSCORE security association. It was our understanding that only 
integrity protection was possible but it is not the case after 
consulting OSCORE authors. More specifically, the payload and URI-Path 
with OSCORE are class E they are ciphered (and integrity protected) and, 
as far as we understand, there is no option, currently, of using a NULL 
encryption suite to achieve only integrity.

              CoAP                                     CoAP
Sever                                    Client
                                ...
            5) |<----------------------------------------|
               | ACK [0x9869]                            |
               | Token (0xac)                            |
               | 2.01 Created Location-Path [/a/z]       | MSK
               | Payload EAP-X-Resp (n)                  |  |
            6) |---------------------------------------->|  v
               |                CON [0x7811] POST /a/z   |OSCORE
               |                  Token (0xac), OSCORE   |CONTEXT
     MSK       | Payload (EAP success||Session-Lifetime) |(*)
      |     7) |<----------------------------------------|
      v        | ACK [0x7811]                            |
    OSCORE  (*)| Token (0xac), OSCORE                    |
    CONTEXT 8) |---------------------------------------->|
               (*) Protected with OSCORE

As such, CoAP server (left side) could not see the content of the CoAP 
message (message 7) without deciphering it. Moreover, as the URI-path is 
also ciphered we cannot point to the right application to process the 
message to achieve an alternate indication of success.However, the MSK 
required to create the OSCORE context, which allows deciphering the 
message, is not available yet (even though eapKeyData variable has 
content). The reason is that, according to EAP state machine (RFC 4137) 
Figure 3, the MSK becomes available (eapKeyAvailable = TRUE) when EAP 
success (rxSuccess or altSuccess from the EAP lower layer) is sent to 
EAP state machine.

rxSuccess &&
     (reqId == lastId) &&
     (decision != FAIL)
              |
              V
  __________________________
|______SUCCESS_____________|
|if (eapKeyData != NONE)   |
| eapKeyAvailable = TRUE |
|eapSuccess = TRUE         |
|__________________________|
              ^
              |
(altAccept && decision != FAIL) ||
     (idleWhile == 0 &&
      decision == UNCOND_SUCC)


Our proposed solution is to generate an authentication tag in the form 
of a COSE object that will be used to integrity-protect the payload of 
message 7 and message 8, allowing the EAP peer to see the EAP success 
and sending it to the EAP state machine so that, after obtaining the 
MSK, verifying the authentication tag in message 7 (key confirmation). 
After message 7 is processed correctly, CoAP server will be able to 
generate the OSCORE security context and after processing message 8 CoAP 
client (right entity in the exchange) will create the OSCORE context. 
 From this point CoAP messages between both entities can be protected 
using OSCORE context.

              CoAP         CoAP
Sever                                    Client
            5) |<----------------------------------------|
               | ACK [0x9869]                            |
               | Token (0xac)                            |
               | 2.01 Created Location-Path [/a/z]       |
               | Payload EAP-X-Resp (n)                  |
            6) |---------------------------------------->|
               |                CON [0x7811] POST /a/z   |
               |                          Token (0xac)   |      MSK
               | Payload (EAP success||Session-Lifetime |     |  |
   MSK         |           || AuthenticationTag) |     v  |
   | |      7) |<----------------------------------------|AUTH_KEY|
| v         | ACK [0x7811]                            | |
|AUTH_KEY   | 2.01 Created Location-Path [/a/z1]      |        |
v           | Token (0xac)                            |        |
OSCORE Context| Payload(AuthenticationTag)              |        V
            8) |---------------------------------------->| OSCORE
Context




Best Regards.