Re: [lp-wan] IID computation for SCHC over LoRaWAN
Ivaylo Petrov <ivaylo@ackl.io> Fri, 10 January 2020 08:15 UTC
Return-Path: <ivaylo@ackl.io>
X-Original-To: lp-wan@ietfa.amsl.com
Delivered-To: lp-wan@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD93A120899 for <lp-wan@ietfa.amsl.com>; Fri, 10 Jan 2020 00:15:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ackl-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g18pedV2CDHB for <lp-wan@ietfa.amsl.com>; Fri, 10 Jan 2020 00:15:28 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69BA1120897 for <lp-wan@ietf.org>; Fri, 10 Jan 2020 00:15:28 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id b6so902038wrq.0 for <lp-wan@ietf.org>; Fri, 10 Jan 2020 00:15:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ackl-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Dqyaoj8rr1uSjALj+zWtr6bm4QWcLXh4uEq3DW5Orq8=; b=H4gGdfZhaSuRzpzvHzpkZsOilAisCC1pThRwD3YPnx4IMf8kmuSlqEI7Q/tW4v/Uq3 ewj9AloBWmypeaOhTpag+vgshBCM9KavxKQx3wPCP/wG6UZ0iLrZNRzOMGWxOBO2sPQ5 +9re2tr6oAzqDc8gjTR11Ed+HBuOp+9WVqDF7ST3fluA+/JZLamRp63jr2zE3IOwhHZR qih4FAMrOITg6Vo4ealVv3QWHrBZdbHgbyf4bTonzdeewbU/uO58Deu2QJ12VfTK/Q88 t5TDcRTZMuhRRkZ6FpPt9ZRVuR/pPXleqs/7EJPks2CSz42UJ26cqocPASwOK8Gpskiw aYDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Dqyaoj8rr1uSjALj+zWtr6bm4QWcLXh4uEq3DW5Orq8=; b=i+xzWjhO23IeZ99qgQtij07mx66HI29lgnjpxZSKw1qg7ME+Ex3yy1FLpeylCr8Dxk JxiBv4pDlZfiPF8M4V7wgX5lvop8PGdkXOAtnIm/ks2otc8UTvvBN0mAt+4ymN8NPurp lfzEAMmNLIlnPtRSVH7WWdFKaF0TNWOmevoks3Agf1CQC3iMztxo6V1nNgyPHY8ZP/RS 5ZhfZFPFn+NVQVekRlCz5dgfjQc3VKRfcL85ehMiEimu99eQ8fW7dyrM1qm4G40Q0snP UE9diCKzay5NvH3VMhcNl6RGPReHqlvCSP1Z2l3/pDD5Meja7rw4eTormqLR1KTKWgbE Ez1w==
X-Gm-Message-State: APjAAAXC86ti7tiw2m7qToLeRuZqVV30/9QC/W8X2RGlQeqTrFrUTmXB 5Yk0vrSYr4VvkcKmucSNXPsWxZwltK8sevKbFenyMw==
X-Google-Smtp-Source: APXvYqzTnY22AzrAFVNAXJedDsEKRnnPbi4RWY5oi3UBJtQWl1cOJRSEQZm3n+27xuL6Jxg+TRBroh2YARt2W2Q4oOw=
X-Received: by 2002:adf:f850:: with SMTP id d16mr2079615wrq.161.1578644126239; Fri, 10 Jan 2020 00:15:26 -0800 (PST)
MIME-Version: 1.0
References: <11567_1578583345_5E174531_11567_198_1_DA3D02FA.6E7E3%dominique.barthel@orange.com> <11889_1578583565_5E17460D_11889_448_5_DA3D0478.6E7F1%dominique.barthel@orange.com> <MN2PR11MB35653D0A24CAE9BB7C8A6B1ED8390@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB35653D0A24CAE9BB7C8A6B1ED8390@MN2PR11MB3565.namprd11.prod.outlook.com>
From: Ivaylo Petrov <ivaylo@ackl.io>
Date: Fri, 10 Jan 2020 09:14:59 +0100
Message-ID: <CAJFkdRyyvqBnseT=bCbQ24oUxrhJddQhwN49Bi8ehtPoHQjfjQ@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: "dominique.barthel@orange.com" <dominique.barthel@orange.com>, Olivier Gimenez <ogimenez@semtech.com>, lp-wan <lp-wan@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005f2234059bc4bad4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lp-wan/nu495N7pCEF8COiWUMia8h-01Z0>
Subject: Re: [lp-wan] IID computation for SCHC over LoRaWAN
X-BeenThere: lp-wan@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Low-Power Wide Area Networking \(LP-WAN\), also known as LPWA or Low-Rate WAN \(LR-WAN\)" <lp-wan.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lp-wan/>
List-Post: <mailto:lp-wan@ietf.org>
List-Help: <mailto:lp-wan-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lp-wan>, <mailto:lp-wan-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 08:15:32 -0000
Hello, For me rekeying sounds as the simplest solution, even though I am wondering how it would work. The straightforward way that I can think of might not work - the SCHC gateway detects the IID conflict and then it needs to tell the NGW - hey, could you ask this device to rekey. The problem for me is that the rekeying operation is not supported by lorawan versions below 1.1 if I am not mistaken and we are considering lorawan 1.0.3. Furthermore I am not sure there is an API that the SCHC gateway could use to request the rekeying from the NGW. Best regards, Ivaylo On Thu, Jan 9, 2020 at 4:30 PM Pascal Thubert (pthubert) <pthubert@cisco.com> wrote: > We need to rekey the second guy. I hope it’s not too much effort for > something that never happens! > > > > *From:* lp-wan <lp-wan-bounces@ietf.org> *On Behalf Of * > dominique.barthel@orange.com > *Sent:* jeudi 9 janvier 2020 16:26 > *To:* Olivier Gimenez <ogimenez@semtech.com>; lp-wan <lp-wan@ietf.org> > *Subject:* Re: [lp-wan] IID computation for SCHC over LoRaWAN > > > > Oops, I forgot one point. > > How high is the risk of IID collision? Different AppSKey, different > devEUI, yet same IID. > > What do we do if this unlikely event happens? > > > > Dominique > > > > *De : *lp-wan <lp-wan-bounces@ietf.org> on behalf of Dominique Barthel < > dominique.barthel@orange.com> > *Date : *Thursday 9 January 2020 16:22 > *À : *Olivier Gimenez <ogimenez@semtech.com>, lp-wan <lp-wan@ietf.org> > *Objet : *Re: [lp-wan] IID computation for SCHC over LoRaWAN > > > > Hello all, > > > > I like the approach Olivier proposes. > > It uses a shared secret that is readily available at both ends of the > LoRaWAN link and seems to meet all required properties of 8064 and 8065. > > Snooping on the LoRa Alliance mailing list, it looks there's no opposition > and one approval, so far. Let's give them a fews days and make a decision. > > Best regards > > > > Dominique > > > > *De : *lp-wan <lp-wan-bounces@ietf.org> on behalf of Olivier Gimenez < > ogimenez@semtech.com> > *Date : *Wednesday 8 January 2020 19:03 > *À : *lp-wan <lp-wan@ietf.org> > *Objet : *[lp-wan] IID computation for SCHC over LoRaWAN > > > > Dear, > > > > As discussed at the end of today’s interim meeting the preferred solution > for the IID computation algorithm is the one currently proposed in the > draft: > > > > 5.3. IID computation > > > > In order to mitigate risks described in [RFC8064] and [RFC8065] IID > > MUST be created regarding the following algorithm: > > > > 1. key = LoRaWAN AppSKey > > 2. cmac = aes128_cmac(key, devEui) > > 3. IID = cmac[0..7] > > > > aes128_cmac algorithm is described in [RFC4493]. It has been chosen > > as it is already used by devices for LoRaWAN protocol. > > > > As AppSKey is renewed each time a device joins or rejoins a network, > > the IID will change over time; this mitigates privacy, location > > tracking and correlation over time risks. Rejoin periodicity is > > defined at the application level. > > > > Address scan risk is mitigated thanks to AES-128, which provides > > enough entropy bits of the IID. > > > > Using this algorithm will also ensure that there is no correlation > > between the hardware identifier (IEEE-64 devEUI) and the IID, so an > > attacker cannot use manufacturer OUI to target devices. > > > > Example with: > > o devEui: 0x1122334455667788 > > o appSKey: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB > > > > 1. key: 0x00AABBCCDDEEFF00AABBCCDDEEFFAABB > > 2. cmac: 0x4E822D9775B2649928F82066AF804FEC > > 3. IID: 0x28F82066AF804FEC > > > > I asked security working group of the LoRa Alliance for their agreement to > use the AppSKey for this purpose. If not the other option is to use the > algorithm proposed in RFC7217: > > RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key), where > Net_Iface can be DevEUI and Network_ID the LoRaWAN netid. > > > > Unless one of you have another algorithm to propose, which respect > recommendations of RFC8065 > > > > Best regards > > Olivier > > > > > > > > > To view our privacy policy, including the types of personal information we > collect, process and share, and the rights and options you have in this > respect, see www.semtech.com/legal. > > _________________________________________________________________________________________________________________________ > > > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > > > This message and its attachments may contain confidential or privileged information that may be protected by law; > > they should not be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender and delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > > Thank you. > > _________________________________________________________________________________________________________________________ > > > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > > > This message and its attachments may contain confidential or privileged information that may be protected by law; > > they should not be distributed, used or copied without authorisation. > > If you have received this email in error, please notify the sender and delete this message and its attachments. > > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > > Thank you. > > _______________________________________________ > lp-wan mailing list > lp-wan@ietf.org > https://www.ietf.org/mailman/listinfo/lp-wan >
- [lp-wan] IID computation for SCHC over LoRaWAN Olivier Gimenez
- Re: [lp-wan] IID computation for SCHC over LoRaWAN dominique.barthel
- Re: [lp-wan] IID computation for SCHC over LoRaWAN dominique.barthel
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Pascal Thubert (pthubert)
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Ivaylo Petrov
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Olivier Gimenez
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Ivaylo Petrov
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Olivier Gimenez
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Olivier Gimenez
- Re: [lp-wan] IID computation for SCHC over LoRaWAN Olivier Gimenez