Re: [homenet] Securing HNCP - comments?
Markus Stenberg <markus.stenberg@iki.fi> Mon, 30 June 2014 07:31 UTC
Return-Path: <markus.stenberg@iki.fi>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 313421A0198 for <homenet@ietfa.amsl.com>; Mon, 30 Jun 2014 00:31:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.579
X-Spam-Level: *
X-Spam-Status: No, score=1.579 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHFuEboxJSl0 for <homenet@ietfa.amsl.com>; Mon, 30 Jun 2014 00:31:07 -0700 (PDT)
Received: from jenni1.inet.fi (mta-out1.inet.fi [62.71.2.199]) by ietfa.amsl.com (Postfix) with ESMTP id E96131A0197 for <homenet@ietf.org>; Mon, 30 Jun 2014 00:31:06 -0700 (PDT)
Received: from poro.lan (84.248.74.106) by jenni1.inet.fi (8.5.140.03) (authenticated as stenma-47) id 53A17E3E00D9A34F; Mon, 30 Jun 2014 10:31:03 +0300
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <53AE7209.7080408@globis.net>
Date: Mon, 30 Jun 2014 10:31:04 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <6EF005E6-2DD6-4B64-904A-2D8F9F2150BC@iki.fi>
References: <54D995D5-6DC9-4AF6-98F9-42A6DC351CA5@iki.fi> <53AE7209.7080408@globis.net>
To: Ray Hunter <v6ops@globis.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/lujV0f_aVWcT2BLOQMrFMQ9Vmsc
Cc: "homenet@ietf.org Group" <homenet@ietf.org>, Markus Stenberg <markus.stenberg@iki.fi>
Subject: Re: [homenet] Securing HNCP - comments?
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jun 2014 07:31:09 -0000
On 28.6.2014, at 10.43, Ray Hunter <v6ops@globis.net> wrote: >> How could [4] be prevented then? In ascending order of complexity.. >> >> [S4-1] Manual configuration of categories overriding automated border discovery. Defining either in the actual router product, or via configuration which interfaces to talk HNCP (and RP) on, where potential upstream links may never be, can be or always are. >> >> [S4-2] Punt on security in HNCP, and just use e.g. IPsec with manual keying as currently specified in the draft. Setting up the shared PSK for the set of routers is left to the as manual configuration exercise for the owner of the devices. >> >> [S4-3] HNCP-level PSK shared among all routers. Same bootstrap issues as [S4-2], may be able to get rid of manually keyed IPsec dependency. >> >> [S4-4] Some public key cryptography solution operating with just raw keys (there is a draft in the works on how to do this in HNCP) >> >> [S4-5] Some public key cryptography solution with CA hierarchy (similar to behringer-bootstrap) >> >> The big question is, are the S4-3+ really worth it? And what is the sane way to do it if they are? Can we actually become RFC with just S4-1 and S4-2? In case we go for public key-cryptography: what do we do about routing protocols mostly relying on shared secrets for authentication? >> >> - Markus and Steven > Powerline Ethernet devices have built in encryption, so I think consumers do expect some level of protection from accidental neighbouring. I agree with you questioning whether this should be solved at L2 or L3 and above. Same thing with WPA* too of course. So I’m very tempted to assume L2 takes care of security.. ;) > Assuming the solution has to be defined at L3 and above, I think due to the lack of any hierarchy, or root node, that you're going to have to have individual keys/signatures per device, and that you cannot assume existence of a central keying repository. > > S4-1 could work but relies on consumers plugging in devices into the correct ports. S4-2 does not meet the requirement for auto-configuration. S4-3 could work if you could bootstrap it, but that is not trivial either because it is chicken/egg. I don’t see S5-5 flying: there is no natural root node or root CA. S4-2 and S4-3 have same characteristics in my view - they need some (consensus) way to generate PSK, that is then either a) fed to IPsec as manually keyed SA, or b) used to encrypt-authenticate content in the protocol. S4-[45] have built-in ways of bootstrapping that are absent from S4-2/S4-3 as I see them. > The problem seems to boil down to "how can we bootstrap the trust" regardless of the encryption technology. Assuming S4-3 or S4-4, when a new device is added to the network (as opposed to existing devices being replugged) you could check it against a (distributed) DB of existing pairing keys (via TBD service discovery technology). If a device hasn't paired to at least one other homenet device, HNCP messages from this device is ignored until it has. Initiating the pairing should be as simple for the end user as pressing a button on 2 connected devices (nearly) simultaneously (one new and one already in the web of trust) so that both devices go into pairing mode and learn a new HNCP pairing. Once homenet is (relatively) stable, you would also be able to flood the new pairing to all other devices in the web of trust for potential long term storage. At some point you might end up seeing old devices you've given to your neighbour, so there should also be a way of clearing the pairing DB for a specific device, or automatically flushing entries for devices that have not been seen since time X. Alternative is that you have to put all devices in homenet into pairing mode simultaneously, but that may become less practical as the number of routers increases. > IF you can establish trust using HNCP (an expensive operation), it could be the basis for all other trust in the Homenet, so it is potentially a big win. e.g. To negotiate any necessary shared key for routing or other common Homenet wide parameters: think election of the root bridge in 802.1 and then that root device chooses a common shared key. Obviously distribution of the resulting shared keys from the root is going to have to be encrypted. Yeah, I agree that this scheme (on high level) is what seems sensible _given_ the assumption you want to do the trust handling within HNCP. > I can certainly see this solution sketch requiring a lot of code. Indeed, and be also nontrivial to specify and interoperably implement. Sigh. So back to the original question, anyone have any idea if this stuff _must_ be implemented, really, beyond hand-wavy S4-1 and S4-2? Looking at Babel, the routing protocol spec is 45 pages, and draft specification of HMAC security scheme for it is 55 pages. I sense some slight imbalance somewhere. Cheers, -Markus
- [homenet] Securing HNCP - comments? Markus Stenberg
- Re: [homenet] Securing HNCP - comments? Dave Taht
- Re: [homenet] Securing HNCP - comments? Ray Hunter
- Re: [homenet] Securing HNCP - comments? Markus Stenberg
- Re: [homenet] Securing HNCP - comments? Juliusz Chroboczek
- Re: [homenet] Securing HNCP - comments? Michael Richardson
- Re: [homenet] Securing HNCP - comments? Ray Hunter