IETF Logo Mail Archive

Re: [homenet] Securing HNCP - comments?

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 30 June 2014 16:23 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0D011A03AB for <homenet@ietfa.amsl.com>; Mon, 30 Jun 2014 09:23:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.643
X-Spam-Level:
X-Spam-Status: No, score=-0.643 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zIQX77Avtx9 for <homenet@ietfa.amsl.com>; Mon, 30 Jun 2014 09:23:43 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78D601A0392 for <homenet@ietf.org>; Mon, 30 Jun 2014 09:23:37 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E184020028 for <homenet@ietf.org>; Mon, 30 Jun 2014 12:23:59 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 4DEE463B0E; Mon, 30 Jun 2014 12:23:36 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 37F4363B09 for <homenet@ietf.org>; Mon, 30 Jun 2014 12:23:36 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "homenet@ietf.org Group" <homenet@ietf.org>
In-Reply-To: <87egy6brdp.wl%jch@pps.univ-paris-diderot.fr>
References: <54D995D5-6DC9-4AF6-98F9-42A6DC351CA5@iki.fi> <53AE7209.7080408@globis.net> <6EF005E6-2DD6-4B64-904A-2D8F9F2150BC@iki.fi> <87egy6brdp.wl%jch@pps.univ-paris-diderot.fr>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Mon, 30 Jun 2014 12:23:36 -0400
Message-ID: <3683.1404145416@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/K8WQJopa9d_VGUlDTC7BnK9TCvA
Subject: Re: [homenet] Securing HNCP - comments?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jun 2014 16:23:47 -0000

Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr> wrote:
    >> just use e.g. IPsec with manual keying

    > Vulnerable to replay if done naively.  Not sure about the configuration
    > protocol, but definitely an issue for a routing protocol -- just capture
    > a default route announcement with a low metric, and you've won.

If one goes with 64-bit replay counters, and enable the replay protection,
and we have a relatively low data rate, we can get some protection, but we
have to plan that we eventually rekey.

    >> [S4-3] HNCP-level PSK shared among all routers. Same bootstrap issues as
    >> [S4-2], may be able to get rid of manually keyed IPsec dependency.

    > It appears that you are only looking at hop-to-hop security.

    > I'm speaking off the top of my head here, so I'm probably saying something
    > stupid.  What about end-to-end solutions, where only routers with
    > a trusted key can originate configuration information?  This could perhaps
    > be combined with a leap-of-faith model (a la ssh).

Yes, it's a very good idea, if you use authentication mode only.

There are two points:
      1) 4301 and previous did not say what to do with an AH header with an
      unrecognized SPI.  This is why SEND doesn't use it.
      If we can say that the correct answer is to skip the AH, and pretend
      it wasn't there at all, then new routers can join as leafs, insecurely,
      and then join the group (symmetric) key.

      2) and/or we can define an assymetric method for AH.

    >> Looking at Babel, the routing protocol spec is 45 pages, and draft
    >> specification of HMAC security scheme for it is 55 pages.

    > Yeah, wouldn't it be nice if we had a common layer 3 security protocol?
    > (We would make sure that it's actually usable before standardisation, of
    > course.)

I think that we could use IPsec, and yes, even manually keyed, and maybe even
insist on sane definition of unknown AH SPI, given that the set of devices
that we are dealing with does not need to interop with anything already
deployed, and that these are custom function devices.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email