IETF Logo Mail Archive

Re: [lp-wan] IID computation for SCHC over LoRaWAN

Olivier Gimenez <ogimenez@semtech.com> Mon, 24 February 2020 08:18 UTC

Return-Path: <ogimenez@semtech.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23D53A0870 for <lp-wan@ietfa.amsl.com>; Mon, 24 Feb 2020 00:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFyX2xtuYjRB for <lp-wan@ietfa.amsl.com>; Mon, 24 Feb 2020 00:18:14 -0800 (PST)
Received: from mail1.bemta24.messagelabs.com (mail1.bemta24.messagelabs.com [67.219.250.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1D313A0872 for <lp-wan@ietf.org>; Mon, 24 Feb 2020 00:18:13 -0800 (PST)
Received: from [100.112.131.44] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta.az-a.us-west-2.aws.symcld.net id 88/A6-12164-FB6835E5; Mon, 24 Feb 2020 08:18:07 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrHJsWRWlGSWpSXmKPExsXiofbjue7+tuA 4g0/r2S2mdP9ktDj4+zS7xZtZ9hYzprxjdGDxmLF+PbPHlN8bWT2WLPnJ5NHy7CRbAEsUa2Ze Un5FAmvGkYn7mQqWP2GpWLR6M1sD4/kzLF2MnBxCAo8YJb4vUu1i5AKyXzBKzGldxQrh7GSUO N+2jxGkik1AR+L/81lACXYOEQEZifW1ICXMAtMYJWY/fg00iINDWMBaYsfcYJBqEQEbie89vY wQdpTE1y8zwHaxCKhKHHm2jBnE5hWwkjjQupARYtUtZomdq5azgyQ4geZ8ePQDrIFRQEzi+6k 1TCA2s4C4xK0n88FsCQERiYcXT7NB2KISLx//A7tZQmAas8SCG3dYIRL8EvMOX4eyFSQuTtvC CDGoRuL3qpWsEFcISpyc+QQaEooSrdMWMk9gFJ+FZN8sJC2zkLRAxBMlVr18BGXrSCzY/YkNw taWWLbwNTOMfebAYyZMcR2J39+6oOoVJW5fnQo0HxSoSxgl3rYeZocp6nx1gAmmaEr3Q/YFjL yrGC2SijLTM0pyEzNzdA0NDHQNDY10DY0sdQ3NjfQSq3QT9UqLdctTi0t0gdzyYr3iytzknBS 9vNSSTYzAxJRS0LhmB+Pu5e/1DjFKcjApifImRwXHCfEl5adUZiQWZ8QXleakFh9ilOHgUJLg 3dsClBMsSk1PrUjLzAEmSZi0BAePkgjv9kagNG9xQWJucWY6ROoUozfHhJdzFzFzHDw6D0h+b 14IJN/9XAwkP65aAhIBkUIsefl5qVLivEGtQCMEQEZklObBLYAl+0uMslLCvIwMDAxCPAWpRb mZJajyrxjFORiVhHkfNAFN4cnMK4G74xXQiUxAJypzBICcWJKIkJJqYJI96cgUNeU/g7yRyfH QG04HTC5XFcieaz3DwBM482tFds8My69vmT4u+bLn5EmfBr4Fra8+ijjZcL3K4g/s4Fv7+XXB jWSlhbPfbww3yleoNJFN7f4vvbjrFfv7+0rTO1ZHq5bf+CdwxdL/0e3C0/9Npl6qsRLiMbur9 7Zt7+mPlz/VcC7g6DvzZ/+sEl3dWVcaXxSYLpJbWDtFOknSbPHioMZ75xh1Fv8Wm8JlenpvxH WWCXq/t/zm/BD+a6UB6z81tu59k7YxObEbX9/S4Oo58XZmowrz+pLv2gvf3VLRj156Z4KGN98 rsZf1WQvb7JO2G3KuUEp5vybPpnHbhvrr/f+5WPvYOs6Jte07wanEUpyRaKjFXFScCAB+YTtX cQQAAA==
X-Env-Sender: ogimenez@semtech.com
X-Msg-Ref: server-9.tower-334.messagelabs.com!1582532285!120916!1
X-Originating-IP: [72.38.248.231]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received:
X-StarScan-Version: 9.50.1; banners=semtech.com,-,-
X-VirusChecked: Checked
Received: (qmail 10999 invoked from network); 24 Feb 2020 08:18:06 -0000
Received: from s72-38-248-231.static.datacom.cgocable.net (HELO ca01exedge1.semnet.dom) (72.38.248.231) by server-9.tower-334.messagelabs.com with ECDHE-RSA-AES256-SHA384 encrypted SMTP; 24 Feb 2020 08:18:06 -0000
Received: from CA01MAIL1.semnet.dom (10.2.50.40) by ca01exedge1.semnet.dom (192.168.34.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1034.26; Mon, 24 Feb 2020 03:18:00 -0500
Received: from ca01mail2.semnet.dom (10.2.50.41) by CA01MAIL1.semnet.dom (10.2.50.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.26; Mon, 24 Feb 2020 03:18:04 -0500
Received: from ca01mail2.semnet.dom ([fe80::fdc8:c457:b09e:605d]) by ca01mail2.semnet.dom ([fe80::fdc8:c457:b09e:605d%22]) with mapi id 15.01.1034.026; Mon, 24 Feb 2020 03:18:04 -0500
From: Olivier Gimenez <ogimenez@semtech.com>
To: lp-wan <lp-wan@ietf.org>
CC: "dominique.barthel@orange.com" <dominique.barthel@orange.com>, Ivaylo Petrov <ivaylo@ackl.io>, "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Thread-Topic: [lp-wan] IID computation for SCHC over LoRaWAN
Thread-Index: AQHVxwCYJQu0prjDVk6FFGBv03UPPKfidDIAgAAAYACAEmKf8IAAk6uAgAjkeoiAGFrSnYATmnEw
Date: Mon, 24 Feb 2020 08:18:04 +0000
Message-ID: <28f5d940a6314769a4e7ee6b3f008574@semtech.com>
References: <11567_1578583345_5E174531_11567_198_1_DA3D02FA.6E7E3%dominique.barthel@orange.com> <11889_1578583565_5E17460D_11889_448_5_DA3D0478.6E7F1%dominique.barthel@orange.com> <MN2PR11MB35653D0A24CAE9BB7C8A6B1ED8390@MN2PR11MB3565.namprd11.prod.outlook.com> <e3a0968b393740ac9dc290175d5073a9@semtech.com>, <CAJFkdRyRsuNtC_AZkgqy2APJ_W503MkHCO6JdtF_+9DZKjaYpg@mail.gmail.com>, <087f048de6394ac6828e66291bc1c608@semtech.com> <018abc75e8d94f8684e19c3891aa7cf1@semtech.com>
In-Reply-To: <018abc75e8d94f8684e19c3891aa7cf1@semtech.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5Lmh0bWwiIHA9ImM6XHVzZXJzXG9naW1lbmV6XGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctMmIxZjY5MDMtNTZkZS0xMWVhLWI2OWYtZTRiMzE4NjYzZWUxXGFtZS10ZXN0XDJiMWY2OTA1LTU2ZGUtMTFlYS1iNjlmLWU0YjMxODY2M2VlMWJvZHkuaHRtbCIgc3o9IjIwNDY0IiB0PSIxMzIyNzAwNTg4MDQ1NzYzMDIiIGg9Ik8xWFFDTUdWS3daRk1WUzdLdTVBRWYvQTJqaz0iIGlkPSIiIGJsPSIwIiBibz0iMSIvPjwvbWV0YT4=
x-dg-rorf: true
x-originating-ip: [10.144.16.38]
Content-Type: multipart/related; boundary="_004_28f5d940a6314769a4e7ee6b3f008574semtechcom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/Gvw1rgwxj1zIo6NPdrOnEBHlqDA>
Subject: Re: [lp-wan] IID computation for SCHC over LoRaWAN
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 08:18:16 -0000

Dear,

As last interim has been cancelled here is the proposition I wanted to make:

Keep as explained in the document, derive IID from AppSKey and DevEUI, then add
"There is a small probability of IID collision in a network, if such event occur the IID can be changed by rekeying the device (ie: rejoin). The way the device is rekeyed is out of scope of this document and left to the implementation."

But I also wonder if we can allow a ruleID for that: Ex: If a message is delivered with ruleId XXX, device must rejoin.
If not it seems reasonable to me that implementation has to define a port for rejoining. What are your thoughts ?

We might even go a step further and use this port for configuration:

*         Rejoin command

*         Network prefix

*         Rules, in few years :)


Thank you
Olivier



From: Olivier Gimenez
Sent: 11 February 2020 21:58
To: lp-wan <lp-wan@ietf.org>
Cc: dominique.barthel@orange.com; Ivaylo Petrov <ivaylo@ackl.io>; Pascal Thubert (pthubert) <pthubert@cisco.com>
Subject: Re: [lp-wan] IID computation for SCHC over LoRaWAN


Hi,



Following last interim meeting I tried to weight both approaches I presented.



1. NAT like - Devices does not know its public IP address

Pros:

* Easy to implement

* Conflicts are resolved by the gateway itself

* No need to share the network 64 bits prefix beforehand

Cons:

* Some upper layer might require to know their public address. FTP and Skype might not be a real concern for LPWAN but it is an issue for DLMS, so it is a no go for me.



2. Derive IID from AppSKey and DevEUI

Pros:

* Device has access to its public IP, no "NAT"

* Conflicts can be resolved by changing AppSKey with new join

Cons:

* Need to share network 64bits prefix beforehand. Mitigated as the rules also need to be shared so it can be part of the same mechanism

* Need to define a way to create a new join



So, as discussed in the interim I think that the proposition to recommend a new join if the implementer find the conflict probability too high, without specifying how, is the way to go.

Do you agree with it ? Any other last minute idea ?



Thank you

Best regards

________________________________
From: Olivier Gimenez
Sent: Monday, January 27, 2020 10:38:22 AM
To: lp-wan
Cc: dominique.barthel@orange.com<mailto:dominique.barthel@orange.com>; Ivaylo Petrov; Pascal Thubert (pthubert)
Subject: Re: [lp-wan] IID computation for SCHC over LoRaWAN


Hi,



According to Wikipedia<https://en.wikipedia.org/wiki/Birthday_problem#Probability_table> for 64 bits IID:

  *   when 190 000 devices are in the network, collision probability is one out of a billion
  *   when 6 100 000 devices are in the network, collision probability is one out of a million

I am still convinced that we should not add any specification/code complexity with such low numbers, anyway we wonder if another approach can be used:

Please see attached picture, the gateway can be seen as a NAT router: the device is able to compute its IP address based on devEUI or whatever we find relevant, which will be unique inside an IPv6 network (but will not change over time or be obfuscated), then IP used outside LoRaWAN network is computed in the SCHC gateway, this way an address collision is detected in the gateway and a new IP can be generated.
Another pro is there is no more need to provision the network prefix into the device

Any thoughts ?

Thank you
Olivier

[cid:image001.png@01D5EAF2.228EB260]

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

v2.23.0 | Report a Bug | By Email