IETF Logo Mail Archive

[lp-wan] IID computation for SCHC over LoRaWAN

Olivier Gimenez <ogimenez@semtech.com> Wed, 08 January 2020 18:03 UTC

Return-Path: <ogimenez@semtech.com>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CC311201EF for <lp-wan@ietfa.amsl.com>; Wed, 8 Jan 2020 10:03:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e5RlEpXqTpJx for <lp-wan@ietfa.amsl.com>; Wed, 8 Jan 2020 10:03:08 -0800 (PST)
Received: from mail1.bemta24.messagelabs.com (mail1.bemta24.messagelabs.com [67.219.250.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BB23120059 for <lp-wan@ietf.org>; Wed, 8 Jan 2020 10:03:08 -0800 (PST)
Received: from [67.219.250.206] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta.az-b.us-west-2.aws.symcld.net id 1C/53-12378-B59161E5; Wed, 08 Jan 2020 18:03:07 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrNKsWRWlGSWpSXmKPExsXiofbjuW6UpFi cwfkPlhZvZtk7MHosWfKTKYAxijUzLym/IoE14/+MgoKd0RXzvj5jamB8EdzFyMUhJPCQUeL1 osNMEM5zRolVC/ezdjFyAjk7GCXeLrUDsdkEdCT+P58FFGfnEBGQkVhfCxIVFtCTuNV7AqxaR MBYYt6vTWwQtp7Eta47QCM5OFgEVCR+n8wDCfMKWElsaNjDDGIzCohJfD+1hgnEZhYQl7j1ZD 6YLSEgILFkz3lmCFtU4uXjf6wgl0kITGOW6OxfxwKRUJCYtGsfI0RzosSVqYtYIBYISpyc+YQ F4npFidZpC5knMArPQrJjFpKWWUhaIOI6Egt2f2KDsLUlli18zQxjnznwmAlZfAEj+ypG86Si zPSMktzEzBxdQwMDXUNDI11DY2NdU3O9xCrdJL3SYt3y1OISXSO9xPJiveLK3OScFL281JJNj MD4SilotdzB2PXprd4hRkkOJiVR3hh+sTghvqT8lMqMxOKM+KLSnNTiQ4wyHBxKErzsokA5wa LU9NSKtMwcYKzDpCU4eJREeGeIA6V5iwsSc4sz0yFSpxhdOSa8nLuImePg0XlA8nvzQiD5cdU SEBtECrHk5eelSonz5ksANQuANGeU5sGNhqWpS4yyUsK8jAwMDEI8BalFuZklqPKvGMU5GJWE eVeAnMCTmVcCd8EroOOYgI67c0cU5LiSRISUVAPT7EdPwq7P97vv/dflQP2NWY/kfEsUjDLnb JonmBzqatJZVz1tT4aYiknHIj8joSVpV9TfLP6usN/z2+FJ6bXJTgErU1K+9q1e1mHg18x7b1 XjYTnWydrfeC1K983NU+Swt9gaeMZzxqNv18MlbO8/L5xUa+8tscZKb8f9uNO+O7LeL3ya/Hw Pp/zf7Flz14dmX22fbNWZGrFHcuWiT5F5e1Y1cBjudLgccPPen99C3o8+zJnBufDqxf6W/ydO HilmXSw9STFOdNvf3xOFeKb33t1c+M5ekbG9YXlr4x3u/EKBwp8dU8+/Zjc79UbJpkJR1szU+ MUN2bhkA9sCthttP9NtnDN4Jss+DPO0ZklXYinOSDTUYi4qTgQAAkA0Cc4DAAA=
X-Env-Sender: ogimenez@semtech.com
X-Msg-Ref: server-4.tower-354.messagelabs.com!1578506585!1577784!1
X-Originating-IP: [72.38.248.231]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received:
X-StarScan-Version: 9.44.22; banners=semtech.com,-,-
X-VirusChecked: Checked
Received: (qmail 25313 invoked from network); 8 Jan 2020 18:03:06 -0000
Received: from s72-38-248-231.static.datacom.cgocable.net (HELO ca01exedge1.semnet.dom) (72.38.248.231) by server-4.tower-354.messagelabs.com with ECDHE-RSA-AES256-SHA384 encrypted SMTP; 8 Jan 2020 18:03:06 -0000
Received: from CA01MAIL1.semnet.dom (10.2.50.40) by ca01exedge1.semnet.dom (192.168.34.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1034.26; Wed, 8 Jan 2020 13:03:04 -0500
Received: from ca01mail2.semnet.dom (10.2.50.41) by CA01MAIL1.semnet.dom (10.2.50.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.26; Wed, 8 Jan 2020 13:03:04 -0500
Received: from ca01mail2.semnet.dom ([fe80::fdc8:c457:b09e:605d]) by ca01mail2.semnet.dom ([fe80::fdc8:c457:b09e:605d%22]) with mapi id 15.01.1034.026; Wed, 8 Jan 2020 13:03:04 -0500
From: Olivier Gimenez <ogimenez@semtech.com>
To: lp-wan <lp-wan@ietf.org>
Thread-Topic: IID computation for SCHC over LoRaWAN
Thread-Index: AdXGTMtXaVVTWbPuQmSkKQnGKwiw9Q==
Date: Wed, 08 Jan 2020 18:03:04 +0000
Message-ID: <a47b7a639eff47289c7eac61d7e354fb@semtech.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5Lmh0bWwiIHA9ImM6XHVzZXJzXG9naW1lbmV6XGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctMWI5N2Y2NmYtMzI0MS0xMWVhLWI2NjYtZTRiMzE4NjYzZWUxXGFtZS10ZXN0XDFiOTdmNjcxLTMyNDEtMTFlYS1iNjY2LWU0YjMxODY2M2VlMWJvZHkuaHRtbCIgc3o9IjkxNDQiIHQ9IjEzMjIyOTgwMTgxNTU3OTIzOCIgaD0ia09TYWhZS2F4ejZWQ05DOHVKY2hYTHZOY2R3PSIgaWQ9IiIgYmw9IjAiIGJvPSIxIi8+PC9tZXRhPg==
x-originating-ip: [10.144.80.28]
Content-Type: multipart/alternative; boundary="_000_a47b7a639eff47289c7eac61d7e354fbsemtechcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/dIGBVxujQDpYmvHI0zmcs2SdGSc>
Subject: [lp-wan] IID computation for SCHC over LoRaWAN
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2020 18:03:10 -0000

Dear,

As discussed at the end of today's interim meeting the preferred solution for the IID computation algorithm is the one currently proposed in the draft:

5.3.  IID computation

   In order to mitigate risks described in [RFC8064] and [RFC8065] IID
   MUST be created regarding the following algorithm:

   1.  key = LoRaWAN AppSKey
   2.  cmac = aes128_cmac(key, devEui)
   3.  IID = cmac[0..7]

   aes128_cmac algorithm is described in [RFC4493].  It has been chosen
   as it is already used by devices for LoRaWAN protocol.

   As AppSKey is renewed each time a device joins or rejoins a network,
   the IID will change over time; this mitigates privacy, location
   tracking and correlation over time risks.  Rejoin periodicity is
   defined at the application level.

   Address scan risk is mitigated thanks to AES-128, which provides
   enough entropy bits of the IID.

   Using this algorithm will also ensure that there is no correlation
   between the hardware identifier (IEEE-64 devEUI) and the IID, so an
   attacker cannot use manufacturer OUI to target devices.

   Example with:
   o  devEui: 0x1122334455667788
   o  appSKey: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB

   1. key: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB
   2. cmac: 0x4E822D9775B2649928F82066AF804FEC
   3. IID: 0x28F82066AF804FEC

I asked security working group of the LoRa Alliance for their agreement to use the AppSKey for this purpose. If not the other option is to use the algorithm proposed in RFC7217:

RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key), where Net_Iface can be DevEUI and Network_ID the LoRaWAN netid.

Unless one of you have another algorithm to propose, which respect recommendations of RFC8065

Best regards
Olivier




To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

v2.23.0 | Report a Bug | By Email