IETF Logo Mail Archive

Re: [manet] draft-perkins-manet-aodv-e2esec-00

Christopher Dearlove <christopher.dearlove@gmail.com> Sat, 05 March 2016 12:36 UTC

Return-Path: <christopher.dearlove@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B0481B302F for <manet@ietfa.amsl.com>; Sat, 5 Mar 2016 04:36:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92jqF-NAaUlB for <manet@ietfa.amsl.com>; Sat, 5 Mar 2016 04:36:49 -0800 (PST)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A1EA1B302D for <manet@ietf.org>; Sat, 5 Mar 2016 04:36:49 -0800 (PST)
Received: by mail-wm0-x22d.google.com with SMTP id l68so25433143wml.0 for <manet@ietf.org>; Sat, 05 Mar 2016 04:36:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-transfer-encoding :message-id:cc:from:subject:date:to; bh=oJTf5jFylBVaVaqIDGsyaUevZ7DHsf5Nzcc48DJJ1rw=; b=nyE/b+4rSiZXRCgvsaAeoZH1sfvnaPe0195hHXPps5DZsL2/uI4EzVRg0JeGkFd7aG zDCrwgLTGoloViubKYvuIQklwysmO5H+Zj4LTeJAUcDfksuTRb0zVVAtYze6x6EYrThV Hjtsm3+0mCEJaydKqJvVQCkGnaQSbUlhOkBWxtTtDAnQ7Rb9gw2zveH+O97aGWtGzsUV 1qCOXuOm5UIw9lidAkGQ/QgHeTpeXgVEFT2QHU0IFZ8K1kJmQivvCZwNtpBhD0Qzccok 2GNHNAfPzCYFpnOJ5dI1ovgZzf/tGM3+uU3+4w4hi1hktqdfHmiRkaOOvzRfzDtnE3rL MRZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:references:mime-version:in-reply-to :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=oJTf5jFylBVaVaqIDGsyaUevZ7DHsf5Nzcc48DJJ1rw=; b=fUkReiiQarGwl9cnA5qhnawwnYdlJyjNiEYzA5hpwU+f5ZuBeTJlubV+awLkQsyru+ KC0uSkH2q3ojjIfkI0wDRnso6mKFfP4j18rZIlsrhVJh0Gz7y9HDOTy+021hr6xKrZEl rdDJf5oyQ3UAXeSBHs1pnOqscdoQrds+1K3BmRQDSjYGxZRLvNi9SFkwlkOLcvdm/a6E Vf6dQPzOgAa1bPOuYuCnDJmGWdZhm0d0qQubhWflpoW0dfHKxveA/FtafPEVebWDoedg lURA3Nb08t0sZYvionNI8yqeh3WIemTV/8AEK05udMIVEnSKHOur2KJQBDGcvnGUxFc2 e4/Q==
X-Gm-Message-State: AD7BkJIV0qZgDSvFidavNeYTXiqIx1N+CuZJCjNC13RjE0YACAjVtAf2bUf4Kpo17VT47w==
X-Received: by 10.28.146.209 with SMTP id u200mr3413851wmd.59.1457181407963; Sat, 05 Mar 2016 04:36:47 -0800 (PST)
Received: from [10.3.148.153] (dab-far1-h-72-1.dab.02.net. [82.132.220.204]) by smtp.gmail.com with ESMTPSA id lh1sm7959930wjb.20.2016.03.05.04.36.46 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 05 Mar 2016 04:36:46 -0800 (PST)
References: <56D8B980.7010705@earthlink.net> <CAL95ndLYjvjs25T0siVMqHrWmw5B0k6H2ntjhMZDKMREU9Fo5g@mail.gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <CAL95ndLYjvjs25T0siVMqHrWmw5B0k6H2ntjhMZDKMREU9Fo5g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-F09A64B6-8AA9-477A-BCE6-635CBFD16D40"
Content-Transfer-Encoding: 7bit
Message-Id: <3E84E2D1-2CF7-4F2B-80AD-98D1E37594E6@gmail.com>
X-Mailer: iPhone Mail (13C75)
From: Christopher Dearlove <christopher.dearlove@gmail.com>
Date: Sat, 05 Mar 2016 12:36:42 +0000
To: Anders Nilsson Plymoth <lanilsson@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/4Vd8Iq7OHMKLV6H8vulJHGqf8AA>
Cc: Charlie Perkins <charles.perkins@earthlink.net>, Mobile Ad Hoc Networks mailing list <manet@ietf.org>
Subject: Re: [manet] draft-perkins-manet-aodv-e2esec-00
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Mar 2016 12:36:52 -0000

Requiring a signature based approach is I think quite undesirable. That puts a serious key management load on what is an ad hoc network, some of which are intended to be lightweight.

Where are the certificates coming from? Note that you can't simply download them, until the routing protocol has done its job, you don't have any way to do that. Pre-loaded? But that's getting really into scalability issues if you have to preload certificates for anyone who might be in the network. I think it's actually particularly bad for an on-demand protocol.

It also precludes what may be better solutions in many cases, for example draft-ietf-manet-ibs. (How do you get those keys? Also an issue, but a scalable one, you only need your own information, so preloading for example may be practical.)

Of course I'm not saying this might not be a solution, just not the one and only solution, and not to exclude all others. If you do have to put key management in (and it's hard to talk the SEC ADs out of that, but it can be done) add many more months to your time to finish.

This also doesn't address the key issue of the end to end or hop by hop architecture. I have some comments to make on that - comments that recognise there's a real issue that there is no ideal solution to - but I want to formulate them more clearly.

--  
Christopher Dearlove
christopher.dearlove@gmail.com

> On 5 Mar 2016, at 11:59, Anders Nilsson Plymoth <lanilsson@gmail.com> wrote:
> 
> Hi Charlie,
> 
> I understand you are mainly addressing E2E protection here, with regards to RREQ and RREP, but I am of the strong opinion that AODVv2 should have a more integrated security model, rather than ad hoc.
>  
> The use of HMACs for message authentication is a well known and well used approach. However, the use of HMAC implies the use of symmetric keys, and the question is how this key distribution should take place. I have seen hints of the usage of a single shared key, but this seems a little naive to me.
> 
> I would instead argue for a signature based approach, i.e. the use of public keys and certificates. This is the approach that was proposed for the SAODV draft, and although that draft is clearly outdated, I think the general idea there is good.
> 
> Regarding RFC 7182 instead of RFC 4868? Yes, definitely. You already rely on RFC 7182 for the security considerations of the AODVv2 draft. However, in the AODVv2 draft you mainly consider integrity protection, and less that of authentication. Also, this draft, draft-perkins-manet-aodv-e2esec-00 seems to address integrity more than authentication.
> 
> In summary, what I personally would like to see is a stronger integration of RFC 7182 and its concepts into the AODVv2 protocol specification, that also addresses authentication and key management considerations. As it is, it would be very hard to read the AODVv2 and its security considerations and build an implementation that incorporates RFC 7182, and have different implementations inter-operable. 
> 
> Thanks,
> Anders
> 
> 
> 
> 
> 
>> On Thu, Mar 3, 2016 at 11:24 PM, Charlie Perkins <charles.perkins@earthlink.net> wrote:
>> 
>> Hello folks,
>> 
>> In order to promote useful discussion about the security model for AODVv2, I have submitted a new draft with an idea to enable the source and destination of a Route Discovery to verify that they were indeed the source and destination of the route that was discovered. This is not a guarantee of a useful route, because intermediate routers are not authenticated, only the endpoints.  Nevertheless the idea seems like a useful adjunct to the existing hop-by-hop security as currently specified in AODVv2.
>> 
>> It can use more work:
>> - Should RFC 7182 be specified instead of RFC 4868?  If so, what is the simplest way to make the conversion?
>> - Should other message types be covered as well?  This would be pretty simple; I just need to reword the section specifying the input data.
>> 
>> I only used RFC 4868 because it seemed very straightforward for me to understand.
>> 
>> Comments are solicited and welcome.  The content of the document may well belong in the upcoming revision of AODVv2 that will be provide resolutions for the many recent comments.
>> 
>> Regards,
>> Charlie P.
>> 
>> _______________________________________________
>> manet mailing list
>> manet@ietf.org
>> https://www.ietf.org/mailman/listinfo/manet
> 
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet

v2.23.0 | Report a Bug | By Email