Re: [homenet] HNCP Security & Trust Draft
Steven Barth <cyrus@openwrt.org> Mon, 06 October 2014 11:04 UTC
Return-Path: <cyrus@openwrt.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14761A1BAA for <homenet@ietfa.amsl.com>; Mon, 6 Oct 2014 04:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzEkRgZtwk8d for <homenet@ietfa.amsl.com>; Mon, 6 Oct 2014 04:04:52 -0700 (PDT)
Received: from chi.subsignal.org (cxd-2-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:ed::2]) by ietfa.amsl.com (Postfix) with ESMTP id 9B0681A1BB4 for <homenet@ietf.org>; Mon, 6 Oct 2014 04:04:51 -0700 (PDT)
Received: from [192.168.178.66] (55d44d5f.access.ecotel.net [85.212.77.95]) by chi.subsignal.org (Postfix) with ESMTPSA id 2CCAE126095; Mon, 6 Oct 2014 13:04:55 +0200 (CEST)
Message-ID: <54327751.8090800@openwrt.org>
Date: Mon, 06 Oct 2014 13:04:49 +0200
From: Steven Barth <cyrus@openwrt.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Mikael Abrahamsson <swmike@swm.pp.se>
References: <542EED2F.6000501@openwrt.org> <alpine.DEB.2.02.1410061209570.14735@uplift.swm.pp.se>
In-Reply-To: <alpine.DEB.2.02.1410061209570.14735@uplift.swm.pp.se>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/MzCfEUSDcsm6SOUmia3vgrG1VtA
Cc: "homenet@ietf.org Group" <homenet@ietf.org>
Subject: Re: [homenet] HNCP Security & Trust Draft
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 11:04:54 -0000
Hi Mikael, thanks for your feedback. > Being a crypto novice, let me write some text and please tell me if it > makes sense in the context of your draft (thanks for writing it, it > looks like a good summary). I do not consider myself to be a crypto expert either which is one of the reasons I'd try to offload the actual crypto to something well-known. Also this probably means that what I drafted might not be 100% accurate but I hope some of the actual expert will review it. > > I like SSH. SSH generates its own public/private key, there are > fingerprints I can put in SSHFP DNSSEC secured posts, etc. Are the > public/private keys considered to be similar to self-signed > "certificates"? I'll answer this in the context of the consensus based trust-scheme I added in addition to the PSK and PKI-based trust scheme. Yes, using self-signed certs here is possible since it's simply X.509. > > Anyhow, let me propose a scenario: > > I get my first homenet router and power it up. It comes with a QR code > on it, and it has a button (or NFC, similar principle). I scan the QR > code on my smartphone (with a special homenet-control-app) which gives > it enough information to connect to the wifi of the router, then I am > asked to press a button on the router to allow my phone to become the > administration device. The QR code contains wifi information and key > fingerprint ID so my phone can decide that it's speaking to the > correct device. Right that would be possible and the QR-code would be an additional "trust bootstrap ceremony" in that context. I actually had a phone / homenet-app scenario in mind when drafting this. So I was thinking about two possible cases. Case #1: The app is bound to the router itself via some kind of vendor-specific RPC so it can control its configuration directly. That RPC allows the app to read / receive fingerprints and names when a new device attempts to join the homenet and allows the user to give a verdict (trusted / untrusted) which is then announced by the router itself and not the phone. Case #1 is pretty obvious because it isn't really problematic and not bound to the phone itself and you could probably do the using some kind of webinterface on such a router. Case #2: The app itself speaks HNCP, i.e. the base state synchronization part (not the routing, addressing, SD whatever). It is standalone (i.e. doesn't depend on a specific router, just has to peered with any HNCP router once so it is trusted) from then on it can itself announce trust verdicts about other routers. > > Now, after this, my phone app can speak to the router, and when I hook > up another device to that router, it detects the new device, > fingerprint ID etc, and asks me before it's allowed. After I ACK that > it's allowed to talk to my homenet (which previously only consisted of > a single router), they exchange session keys (or something) for > management, so they can continue to talk. In Case #1 above it could tell the router to announce a trust verdict (trusted / untrusted) or in Case #2 it would do so by itself. The session key exchange would then be done by the underlying protocol i.e. DTLS, IPsec/IKE, ... The only real addition here should be that this underlying protocol (or its implementation) needs to allow a custom verification hook (i.e. notifies the HNCP daemon that there is a an unknown certificate and allows it to be accepted or not). For DTLS e.g. this shouldn't be problematic since most libraries seem to support such a callback. > Just like with SSH allowing key based login, the management of homenet > devices would rely on the public key for each accepted device being > known to all the other devices, and this is how things authenticate. > This would be the "anchor" that everything else relies on when it > comes to security. Yes, each device would announce the fingerprints of the certificates or public keys (details TBD) that it trusts in its HNCP-state. > > Now, the problem is what to do when I lose my phone and don't have any > backup, so perhaps I need a user/password based login to add new > administration devices, it seems hard to work around. Each device may announce verdicts about public keys / certificates and verdicts of device which are absent are cached by other HNCP routers so your case and Case #2 above would work without the app/phone always being there. > > If someone gets the private key of any of the accepted homenet > devices, of course everything falls down, but I don't see any way > around it apart from having TPM etc. Yeah that's also the downside here. It's even more apparent if anyone can say someone else is trusted or not. But I guess ultimately its the same issue and once you are actually a trusted homenet router you can do more nasty things like messing with routing etc. than actually attacking the trust system itself, especially since most of the algorithms / applications run over HNCP are distributed / consensus based anyway. Cheers, Steven
- [homenet] HNCP Security & Trust Draft Steven Barth
- Re: [homenet] HNCP Security & Trust Draft Mikael Abrahamsson
- Re: [homenet] HNCP Security & Trust Draft Steven Barth
- Re: [homenet] HNCP Security & Trust Draft Steven Barth
- Re: [homenet] HNCP Security & Trust Draft Michael Thomas