IETF Logo Mail Archive

Re: [lp-wan] IID computation for SCHC over LoRaWAN

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 09 January 2020 15:29 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5B4B1201CE for <lp-wan@ietfa.amsl.com>; Thu, 9 Jan 2020 07:29:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=X/aeWZUR; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ll/eDQAt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wtrs3wVNdAL9 for <lp-wan@ietfa.amsl.com>; Thu, 9 Jan 2020 07:29:38 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D47112023E for <lp-wan@ietf.org>; Thu, 9 Jan 2020 07:29:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=33168; q=dns/txt; s=iport; t=1578583778; x=1579793378; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=/27UlyHx4np8ldNO1sSBCs8zHm05THFsmtjPPm3hYBk=; b=X/aeWZURxliyZkyqEDE5TzZe9imOOqz+RcPvTLvuRfLrrJhjZ3ORoAGN 1wVgDJP/gCbVuyzEsuRByJ00NmUVBh5KShyQ50o1MfRmBSTlKlBuPz8eS o9AbvGYa4+N900aY4UGtFctiivYsNRtbr6T13ULkhxNTll9+hOOPb3eZn w=;
IronPort-PHdr: 9a23:NbdesRJ6lnjuwDMNctmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXFXnLOPgYjYmNM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AgCwCTRhde/49dJa1lHAEBAQEBBwEBEQEEBAEBgXyBJS8pJwVsWCAECyoKg3+DRgOKf06CEYEBlwyBQoEQA1QJAQEBDAEBHw4CAQGEQAIXgVckOBMCAw0BAQQBAQECAQUEbYU3DIVeAQEBAQMSEQoTAQEHJQwPAgEIEQQBASEHAwICAjAUCQgCBAESCBMHgjlMgX1NAy4BAgGgMgKBOIhhdYEygn4BAQWFFxiCDAmBNoUdhnwagUE/gRFHghc1PoJZgTgFARIBGwYVFQqCWjKCLI06BiwZgkKFV4FoiACPKgqCNox6gnSGVIJHh36QH4p5g1+Nd4FLiyoCBAIEBQIOAQEFgWkiZ3FwFTuCbAlHGA2NEgwXg1CKU3SBKI07gSIBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.69,414,1571702400"; d="scan'208,217";a="400629014"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Jan 2020 15:29:37 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 009FTbLX014264 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 9 Jan 2020 15:29:37 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 9 Jan 2020 09:29:36 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 9 Jan 2020 09:29:35 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 9 Jan 2020 09:29:35 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ye456jPk1yDd10rIMzF6aoyvyFhd/DzL1R7scOZfxoA4/QSMkF9WxZ/kkAo/eHf9JgPiGGkj5riwNy4b1e3ghkj8d+Q+5HanvJak91bH0WMVXQqW9GoNROzvuy5Cge1feXyavGzsbMLUuPsSFol2SyF47rRPZfB6xSZIntpqqZzyLYIET2Z82Ib3JrHgx5J58+TzP23xj2ve16JpWhXqOkaQZelTZIXqgEr92o+kEoP6sCMVml3xI2nM3Z0ClLmadzDDh0v+fAB5EaG9fsQ0Z1o+FEInysbkN+4/PuY2kK89r/5j9sMFHNWQNxPGyNSNIdz3EBhv+N4RF5tvM8EF0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/27UlyHx4np8ldNO1sSBCs8zHm05THFsmtjPPm3hYBk=; b=H+3iLLO9GRhIFPrw3Miot/xFUWV3TSeDhvq7nNoZOpVbzeQQseszweq/+WC0hjxQgqRDUKPuFUNvt4LA4affsEJSFgn1jYmKXmUEiiguDX3qDvgkpMxNml0ouEyxDgQlV+ECVGUzJK294uBgc/o2xs6PI2a2gSibpZ8zON3ddUOXDtRIS5DecW8X31/pM+rej1FhWRvQCDfOYoQKG3DsuBWabvXp+tjzln8rpWuNwPd7o+Bo1KMIK7fyoVWF2FMWNHy2g/rsXrV2Nktb4Q6RRgQEy6InwyHHX7p6YPAn8x3OqcwSDgQY0iv813xJ6Wi8r6ZkAUot3k4Sb+MOqabjbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/27UlyHx4np8ldNO1sSBCs8zHm05THFsmtjPPm3hYBk=; b=ll/eDQAt3+H9cx39LAJqLTcxi30IijhYmxboScrVvc8ZRYn2cTJKHwr6VMRJggXOG0Wv9VdmdmcKn4CL9mm7K0IEd86bUtVHQZoQRKeJqGxn5RwO+Zibql41dvRn6PEcPhSaEVLF9YGwTF79BKBzcEk6WQxpknGfmzQ0cotBQEM=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3951.namprd11.prod.outlook.com (20.179.151.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.8; Thu, 9 Jan 2020 15:29:34 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::fd76:1534:4f9a:452a%3]) with mapi id 15.20.2623.010; Thu, 9 Jan 2020 15:29:34 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "dominique.barthel@orange.com" <dominique.barthel@orange.com>, Olivier Gimenez <ogimenez@semtech.com>, lp-wan <lp-wan@ietf.org>
Thread-Topic: [lp-wan] IID computation for SCHC over LoRaWAN
Thread-Index: AQHVxwCYJQu0prjDVk6FFGBv03UPPKfidDIAgAAAYAA=
Date: Thu, 09 Jan 2020 15:29:08 +0000
Deferred-Delivery: Thu, 9 Jan 2020 15:28:59 +0000
Message-ID: <MN2PR11MB35653D0A24CAE9BB7C8A6B1ED8390@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <11567_1578583345_5E174531_11567_198_1_DA3D02FA.6E7E3%dominique.barthel@orange.com> <11889_1578583565_5E17460D_11889_448_5_DA3D0478.6E7F1%dominique.barthel@orange.com>
In-Reply-To: <11889_1578583565_5E17460D_11889_448_5_DA3D0478.6E7F1%dominique.barthel@orange.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [84.14.139.6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 69e19767-52a3-4067-988e-08d79518bb0c
x-ms-traffictypediagnostic: MN2PR11MB3951:
x-microsoft-antispam-prvs: <MN2PR11MB3951C9C2ECF789ADADCDCA58D8390@MN2PR11MB3951.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02778BF158
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6029001)(376002)(396003)(39860400002)(366004)(346002)(136003)(189003)(199004)(53754006)(53546011)(6506007)(81156014)(71200400001)(110136005)(5660300002)(186003)(8936002)(8676002)(26005)(81166006)(55236004)(52536014)(6666004)(86362001)(478600001)(9686003)(55016002)(7696005)(2906002)(76116006)(33656002)(64756008)(66476007)(316002)(66946007)(66446008)(66556008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3951; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kbmJrVbZu4WkE+dtgKwccUr8GlDqU6kn60e+PWCKI3eQbbEviJt4zlt7pZHS69nCec+zjXvL4LFUEFwPmocIvNj97Jzi/vRWKPO/Yf1Kecu/9x0MJc7ouF0j1NrA4ZhydKzXyBRUWQokg8ghMmRP+7mZsLPhmbBSuAHKYTMlR1J6bmiavljWovViXy4G4N9wYnAbFpq77nopdZpAqk8IJseffJV+b61OLfOgEwv8M1ds3B2ac1kSokLqbdH6vv8epYg8GGmQcVLPQ7VoMffe1vWoBjh2iY0ygF0YwZUkE1v7qUSNi+/VLgZN9LMV0JvEo5OVuMu9ZpDFCW55mYXTf1jvu2+PcvDtQBprMVbz2sNrE9HvqYJZvYBT1DbbiSr6ciJaJwHihli332Y8uHIKRq7PG+M6r5pIYjPQeP0MGFB3SIwV5AcBQiopKZbGMGl/EKyWfvgK+4RBhxp+j2Pe1AS7Il3U2blX7Z36LUy2mR0L4r68ZEFxPbwF0EuhPw4MY9Shm/XW3JepY3EYKVEDvD5NHD9NNfPCx/cwlIHHKGKs4xIsiiZxXqcwAkIuV36V
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB35653D0A24CAE9BB7C8A6B1ED8390MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 69e19767-52a3-4067-988e-08d79518bb0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jan 2020 15:29:34.1435 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7F5SuL7vhlBwMUXZKW5o1RZvsqMlubnEQ3CuqSsEHbBF5hO6NJJV2pAYiI3Nov6RUzhterCZereCg5tmQf/aZQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3951
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.18, xch-aln-008.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/0ANxL-VyCXIJGe-A2IECQ2vBS8w>
Subject: Re: [lp-wan] IID computation for SCHC over LoRaWAN
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 15:29:45 -0000

We need to rekey the second guy. I hope it’s not too much effort for something that never happens!

From: lp-wan <lp-wan-bounces@ietf.org> On Behalf Of dominique.barthel@orange.com
Sent: jeudi 9 janvier 2020 16:26
To: Olivier Gimenez <ogimenez@semtech.com>; lp-wan <lp-wan@ietf.org>
Subject: Re: [lp-wan] IID computation for SCHC over LoRaWAN

Oops, I forgot one point.
How high is the risk of IID collision? Different AppSKey, different devEUI, yet same IID.
What do we do if this unlikely event happens?

Dominique

De : lp-wan <lp-wan-bounces@ietf.org<mailto:lp-wan-bounces@ietf.org>> on behalf of Dominique Barthel <dominique.barthel@orange.com<mailto:dominique.barthel@orange.com>>
Date : Thursday 9 January 2020 16:22
À : Olivier Gimenez <ogimenez@semtech.com<mailto:ogimenez@semtech.com>>, lp-wan <lp-wan@ietf.org<mailto:lp-wan@ietf.org>>
Objet : Re: [lp-wan] IID computation for SCHC over LoRaWAN

Hello all,

I like the approach Olivier proposes.
It uses a shared secret that is readily available at both ends of the LoRaWAN link and seems to meet all required properties of 8064 and 8065.
Snooping on the LoRa Alliance mailing list, it looks there's no opposition and one approval, so far. Let's give them a fews days and make a decision.
Best regards

Dominique

De : lp-wan <lp-wan-bounces@ietf.org<mailto:lp-wan-bounces@ietf.org>> on behalf of Olivier Gimenez <ogimenez@semtech.com<mailto:ogimenez@semtech.com>>
Date : Wednesday 8 January 2020 19:03
À : lp-wan <lp-wan@ietf.org<mailto:lp-wan@ietf.org>>
Objet : [lp-wan] IID computation for SCHC over LoRaWAN

Dear,

As discussed at the end of today’s interim meeting the preferred solution for the IID computation algorithm is the one currently proposed in the draft:

5.3.  IID computation

   In order to mitigate risks described in [RFC8064] and [RFC8065] IID
   MUST be created regarding the following algorithm:

   1.  key = LoRaWAN AppSKey
   2.  cmac = aes128_cmac(key, devEui)
   3.  IID = cmac[0..7]

   aes128_cmac algorithm is described in [RFC4493].  It has been chosen
   as it is already used by devices for LoRaWAN protocol.

   As AppSKey is renewed each time a device joins or rejoins a network,
   the IID will change over time; this mitigates privacy, location
   tracking and correlation over time risks.  Rejoin periodicity is
   defined at the application level.

   Address scan risk is mitigated thanks to AES-128, which provides
   enough entropy bits of the IID.

   Using this algorithm will also ensure that there is no correlation
   between the hardware identifier (IEEE-64 devEUI) and the IID, so an
   attacker cannot use manufacturer OUI to target devices.

   Example with:
   o  devEui: 0x1122334455667788
   o  appSKey: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB

   1. key: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB
   2. cmac: 0x4E822D9775B2649928F82066AF804FEC
   3. IID: 0x28F82066AF804FEC

I asked security working group of the LoRa Alliance for their agreement to use the AppSKey for this purpose. If not the other option is to use the algorithm proposed in RFC7217:

RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key), where Net_Iface can be DevEUI and Network_ID the LoRaWAN netid.

Unless one of you have another algorithm to propose, which respect recommendations of RFC8065

Best regards
Olivier




To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal<http://www.semtech.com/legal>.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

v2.23.0 | Report a Bug | By Email