IETF Logo Mail Archive

Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-vehicular-networking-29: (with DISCUSS and COMMENT)

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Fri, 23 September 2022 16:20 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: its@ietfa.amsl.com
Delivered-To: its@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E47C14F726; Fri, 23 Sep 2022 09:20:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.097
X-Spam-Level:
X-Spam-Status: No, score=-0.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.997] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yurbrPSOPBpH; Fri, 23 Sep 2022 09:20:15 -0700 (PDT)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89B7BC14CE2E; Fri, 23 Sep 2022 09:20:12 -0700 (PDT)
Received: by mail-pj1-x102a.google.com with SMTP id q9-20020a17090a178900b0020265d92ae3so6312927pja.5; Fri, 23 Sep 2022 09:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=9fm3YqVzwSYg552Dq4fTPk/CppC/G6kqM6vpVefcw2s=; b=bEJbL4D3msRIRQetHI0UIzmqpNiBuZhQ3McoMnOCe5QIxnkBrZfz838UbuF7Q4pdli hXwbNvl7VNASXOv06unIM/6Bo2q1ujlv6MWPo4at0cn/aHVUgWokGWB1lXhYjGQpjkfm 6ccSWdDGqeW/klCNamFMOvqfrujFbmRsh9MN0DYZ9G22l2UrMxdWkAaivdpHn6fHcIgU wzo9b3bO0FNhp3CYNsnUOmndaZkKGG3Ks99xv3dFTIm6NBYPP3bRNS5XLWbliWoMf2NJ +UwJYu8EF/Qz5wian3+PHecgEABGMeZmFnk0E4Kms9wg0pDHz5+ctR4odsc04Y8Sf4On grOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=9fm3YqVzwSYg552Dq4fTPk/CppC/G6kqM6vpVefcw2s=; b=TfVmeAk5jjOpnZPz4pQvbuVCE60eiRVD18mGz6naosroKyfEg7lVr0f3LUJdKUoOpO HaYZN870yiE+LiiVW0fdZsjwWAFcm184c1hFed0pQYrxnIXFWewbsh7f4OxFpExnvNOL gEl0qU1KSm7himFQJyMpqXlNrAeBvi7L0NfCQcNyPR7b1+0QmW9O09sBoTzSO5ZACSAc Q78xzq+ooHWozQzPJlPPfaqSgKHX+2atA6/pn3dEFZ3OsFxYSyyFEreHoQmecCKZXI95 Z/eJDig+23Yarzqf+djFVVLQ6c0kwU+WnQabdcjCZwnwoFKKora918kV6vvUWXv3COr6 zKTQ==
X-Gm-Message-State: ACrzQf2QaPOwBW3Cfctp82W6sczpQ4+aBM1RBs5GIqnYTd1pWPI9npcE 9brUwg5uNhsg3oRdZC8RXIAW6yVfGTm4L+X1Ht8=
X-Google-Smtp-Source: AMsMyM510r0JvbqWtWiCXcjNeHa4q+pJNJt81SGV3Sc5nK5J6+TLSyttAVZQfq6BrIB02xXTfp8apaluBxcB2J8CelU=
X-Received: by 2002:a17:90b:33d2:b0:203:15e7:1571 with SMTP id lk18-20020a17090b33d200b0020315e71571mr21966645pjb.186.1663950011552; Fri, 23 Sep 2022 09:20:11 -0700 (PDT)
MIME-Version: 1.0
References: <166394909530.62950.16481124958317213050@ietfa.amsl.com>
In-Reply-To: <166394909530.62950.16481124958317213050@ietfa.amsl.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Sat, 24 Sep 2022 01:20:00 +0900
Message-ID: <CAPK2Dezq+u-XP+1qipv0=uEjHbOr7Qf65G7rS4b_2Xy2W3YT3w@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: Carlos Bernardos <cjbc@it.uc3m.es>, The IESG <iesg@ietf.org>, draft-ietf-ipwave-vehicular-networking@ietf.org, ipwave-chairs@ietf.org, its@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005cdb4705e95a8d89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/its/pDXfH1W-EKSkHim2N6xXFad831c>
Subject: Re: [ipwave] Roman Danyliw's Discuss on draft-ietf-ipwave-vehicular-networking-29: (with DISCUSS and COMMENT)
X-BeenThere: its@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IPWAVE - IP Wireless Access in Vehicular Environments WG at IETF <its.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/its>, <mailto:its-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/its/>
List-Post: <mailto:its@ietf.org>
List-Help: <mailto:its-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/its>, <mailto:its-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 16:20:19 -0000

Hi Roman,
Your addictional comments and questions look good to me.
We authors will try to address yours as soon as possible.

Thanks.

Best Regards,
Paul

2022년 9월 24일 (토) 오전 1:05, Roman Danyliw via Datatracker <noreply@ietf.org>님이
작성:

> Roman Danyliw has entered the following ballot position for
> draft-ietf-ipwave-vehicular-networking-29: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ipwave-vehicular-networking/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> Thanks for all of the changes in -29 to address the DISCUSS points noted
> for
> -28.  To help us talk these through the remaining issues, I have updated my
> ballot to remove issues that have already been resolved.  I have also
> provided
> feedback on the new text in -29 intended to resolve the original DISCUSS
> points.
>
> (1) The Privacy Considerations are under-specified:
>
> (1.a) [per -28] Section 6.3 suggests the needs for logging, “To deal with
> this
> kind of security issue, for monitoring suspicious behaviors, vehicles'
> communication activities can be recorded in either a central way through a
> logging server (e.g., TCC) in the vehicular cloud or a distributed way
> (e.g.,
> blockchain [Bitcoin]) along with other vehicles or infrastructure.  To
> solve
> the issue ultimately, we need a solution where, without    privacy
> breakage,
> …”.  Some discussion on the “privacy breakage” is needed.  What exactly
> would
> be the trade offs between a centralized vs. distributed log?  Who would
> get to
> see this information?  What is sensitive about this information?
>
> >From -29:
>    Alternatively, for
>    completely secure vehicular networks, we shall embrace the concept of
>    "zero-trust" for vehicles in which no vehicle is trustable and
>    verifying every message (such as IPv6 control messages including ND,
>    DAD, NUD, and application layer messages) is necessary.  In this way,
>    a failure to prevent a cyberattack shall never happen on a vehicular
>    network.  Thus, we need to have an efficient zero-trust framework or
>    mechanism for vehicular networks.
>
> I’m speculating that the second from last sentence, “[i]n this way, a
> failure
> to prevent a cyberattack shall never happen on a vehicular network” was
> added
> to partially respond to the above feedback.  Saying that an attack will
> “never”
> success due to a zero-trust framework is not plausible.  Could this please
> rephrased.
>
> (1.b) [per -28] Section 3.3 notes a V2P use case where the pedestrian’s
> smart-phone is sharing unspecified information.  Does that include location
> information?  Who gets it?  What kind of identifiers are shared?
>
> Thanks for adding the following text -29:
>
>    The location information of a VRU from a smart device is multicasted
>    only to the nearby vehicles.  The true identifiers of a VRU's
>    smartphone shall be protected, and only the type of the VRU, such as
>    pedestrian, cyclist, and scooter, is disclosed to the nearby
>    vehicles.
>
> To clarify, this “multicasted” in the IPv6 sense?  The VRU’s smartphone is
> using some kind of “fake identifier” (source address?) to announce its
> presence
> so as not to reveal its “true identifier”?  Is there a security
> consideration
> (attack) that these “fake identifiers” multicasting to nearby vehicles
> could
> convince that vehicle that they are surrounded by pedestrians (e.g.,
> roughly
>
> https://www.abc.net.au/news/2020-02-04/man-creates-fake-traffic-jam-on-google-maps-by-carting-99-phones/11929136
> )?
>
> Can we state the security properties or provide a reference to handle this
> issue.  I see the following text later in the section:
>
>    To support applications of these V2X use cases, the required
>    functions of IPv6 include IPv6-based packet exchange, transport-layer
>    session continuity, and secure, safe communication between a vehicle
>    and a pedestrian either directly or indirectly via an IP-RSU.
>
> I don’t recognize the desired properties of protecting identifiers as being
> congruent with the above text.
>
> (2) Section 4.2
>
>    Note that it is dangerous if the
>    internal network of a vehicle is controlled by a malicious party.  To
>    minimize this kind of risk, an reinforced identification and
>    verification protocol shall be implemented.
>
> -- [per -28] Who are the parties in this verification protocol?  What
> security
> properties is this verification providing?
>
> [new per -29] Thanks for adding this new text in -29 in response:
>
>    To minimize this kind of risk,
>    an augmented identification and verification protocol with extra
>    means shall be implemented.  These extra means can be certificate-
>    based, biometric, credit-based, and one-time passcode (OTP)
>    approaches in addition to a used approach [RFC8002].  The
>    verification shall provide security properties such as
>    confidentiality, integrity, authentication, authorization, and
>    accounting [RFC7427].
>
> I’m having trouble understanding this guidance.  The architecture is
> suggesting
> “augmented identification and verification with extra means.”  I don’t
> follow
> what “augmented means” or “extra” -- augmented or extra from what
> baseline?
> The security properties this provides is “confidentiality, integrity,
> authentication, authorization and accounting” don’t seem to match
> authentication and identity topics.
>
> To the specific examples, how does “credit-based” provide the stated
> security
> properties?   I have the same question for the others.
>
> ** [per -28 and same for -29] The need for safety properties (very
> helpful) is
> asserted multiple times but not further discussed in the Security
> Considerations:
>
> -- Section 3:
>        In addition, IPv6
>       security needs to be extended to support those V2V use cases in a
>       safe, secure, privacy-preserving way.
>
> -- Section 3.1:
>       To support applications of these V2V use cases, the required
>      functions of IPv6 include IPv6-based packet exchange and secure,
>      safe communication between two vehicles.
>
> -- Section 3.3:
>    To support applications of these V2X use cases, the required
>    functions of IPv6 include IPv6-based packet exchange, transport-layer
>    session continuity, and secure, safe communication between a vehicle
>    and a pedestrian either directly or indirectly via an IP-RSU.
>
> The explanation from the authors noted that the following text was added to
> Section 4.2 -29:
>
> “A malicious party can be a group of hackers, a criminal group, and a
> competitor for industrial espionage or sabotage.”
>
> “The verification shall provide security properties such as
> confidentiality,
> integrity, authentication, authorization, and accounting [RFC7427].”
>
> I’m having trouble understanding how this text addresses the safety
> properties.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you to Daniel Migault for the SECDIR review.
>
> Thanks for addressing the other COMMENTs in -29.
>
> ** Section 6.3.  Per the proposed use of blockchain for "IPv6 transaction",
> thanks for making a few edits per the more granular feedback on -28.  I
> leave
> it to the WG, but I think this guidance seems speculative,
> under-specified, and
> one of only a number of candidate architectures.  It seems misplaced to be
> calling it out here.
>
>
>
> _______________________________________________
> its mailing list
> its@ietf.org
> https://www.ietf.org/mailman/listinfo/its
>
-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department Head
Department of Computer Science and Engineering
Sungkyunkwan University
Office: +82-31-299-4957
Email: pauljeong@skku.edu, jaehoon.paul@gmail.com
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.23.0 | Report a Bug | By Email