Re: [manet] AODVv2: Security considerations update
Ulrich Herberg <ulrich@herberg.name> Sat, 20 February 2016 16:41 UTC
Return-Path: <ulrich@herberg.name>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 376881A0155 for <manet@ietfa.amsl.com>; Sat, 20 Feb 2016 08:41:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QdY8yqFKl6t0 for <manet@ietfa.amsl.com>; Sat, 20 Feb 2016 08:41:20 -0800 (PST)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FE601A007A for <manet@ietf.org>; Sat, 20 Feb 2016 08:41:20 -0800 (PST)
Received: by mail-vk0-x233.google.com with SMTP id e6so99063023vkh.2 for <manet@ietf.org>; Sat, 20 Feb 2016 08:41:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herberg.name; s=dkim; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=HtGVm9BzoYpGwk0IwLyOVd/75xOVwBHIscB5sxqc+mw=; b=ju8lT/XmtlXwZYYXi1JDJ5OfYYTp6hqov0jcop6/7sBpCuGtfanEhNvkAeOV5JzAH3 2vzNFHF5HFMoopwxHWi+aM/cFRdNTIofwQ2Qrm8lr1ozdy59sCLAIEH8mTZKlXZCY3N5 bsZasmMEZwNMmDTDp3pYDwNV2RMQfCDvicyWw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=HtGVm9BzoYpGwk0IwLyOVd/75xOVwBHIscB5sxqc+mw=; b=h10rQOVDLekWFrT3BNaO4Pc3NJX3SNDGDA5qdo8F7inARwesn2jQAEo8yoMTzj+cER pFyPz8XbvAS7XrD2eLyiI2D/5i28W5iEQMhEDjHGc3Qwt7Ixjt4EMdGDrQIEgBwdOOfb zMQ2i9vQis4BFuHBNV9YqrHgIYw2B6Syds5/UROhsst797Z/BzBtm4XTTva6adcb6cb+ UUcz4R/wLJcdYdcfr6GM/cBDziANglFeW0lRpJfTkvQO0jSO9YpJMsxYSTB8NLe0Aw/9 NY0d3mVM7uW0KC50uN7ynMoN9N39a6jKopXWfNALNWjoiqWWYkJZxgbfu5BNoLWcaI/w yjSg==
X-Gm-Message-State: AG10YOQovJGZOe9Hz3C3/+39NEreuIDgG+iRP+tI2E/Z5k6A2XfCthONshhsqLSwG1YQgfxP3sCoZgMtYaVwaA==
MIME-Version: 1.0
X-Received: by 10.31.58.193 with SMTP id h184mr16233154vka.111.1455986478907; Sat, 20 Feb 2016 08:41:18 -0800 (PST)
Received: by 10.31.97.65 with HTTP; Sat, 20 Feb 2016 08:41:18 -0800 (PST)
In-Reply-To: <B31EEDDDB8ED7E4A93FDF12A4EECD30D8BFFFB72@GLKXM0002V.GREENLNK.net>
References: <F791BBC1-D673-4C80-944D-AE3447AEFCDD@fu-berlin.de> <B31EEDDDB8ED7E4A93FDF12A4EECD30D8BFFFB72@GLKXM0002V.GREENLNK.net>
Date: Sat, 20 Feb 2016 08:41:18 -0800
Message-ID: <CAK=bVC91q=Sy_erO1bEvqUzcPKTCSUhG6S=EZ8Kqj=1sQJVQ-w@mail.gmail.com>
From: Ulrich Herberg <ulrich@herberg.name>
To: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/4tfGyRzUyKEY6Z-xtpHWC7rt53s>
Cc: "manet@ietf.org" <manet@ietf.org>
Subject: Re: [manet] AODVv2: Security considerations update
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2016 16:41:22 -0000
Hi Lotte,
I agree with what Chris said.
Can you clarify what you mean in your email by:
"[...] (afaik) the Availability/Confidentiality/Integrity model may be
considered a bit dated [...]"?
I have a few concerns with the proposed security considerations section:
- BCP72 specifies:
===================
"Authors MUST describe
1. which attacks are out of scope (and why!)
2. which attacks are in-scope
2.1 and the protocol is susceptible to
2.2 and the protocol protects against
At least the following forms of attack MUST be considered:
eavesdropping, replay, message insertion, deletion, modification, and
man-in-the-middle. Potential denial of service attacks MUST be
identified as well. If the protocol incorporates cryptographic
protection mechanisms, it should be clearly indicated which portions
of the data are protected and what the protections are (i.e.,
integrity only, confidentiality, and/or endpoint authentication,
etc.). Some indication should also be given to what sorts of attacks
the cryptographic protection is susceptible. Data which should be
held secret (keying material, random seeds, etc.) should be clearly
labeled.
"
===================
I don't think all of the above MUSTs are addressed in the proposed
text (see also below).
- I think the chain-of-trust model that doesn't allow end-to-end
integrity protection is problematic in an entirely distributed and
untrusted network environment. It's a bit like saying that you trust
that an email sent to someone else is integrity protected because the
step-wise SMTP between various mail servers along the path uses TLS.
This brings me to the deeper issue of why messages are regenerated
instead of forwarded. I have not understood why this is necessary in
the first place (and I argued this in an email to the list at
https://www.ietf.org/mail-archive/web/manet/current/msg18081.html)
- The text in section 13.3.1 is hard to interpret as implementer,
since it mixes a security evaluation with the actual specifications of
how to protect the messages. I think it would be better to have
separate sections for these two parts. Also, as a stylistic
recommendation, I always had a hard time reading the continuous text
as opposed to bullet points as we applied in OLSRv2.
- I have some doubts that the Security ADs will agree with the terms
"recommendations" in the title of the section together with a lot of
SHOULDs and MAYs in the text, which seems to imply that usage of the
integrity protection is not mandatory. When specifying OLSRv2, we were
clearly told that we require a "MUST-implement/SHOULD use until you
have something more better".
- The Sec ADs required us for OLSRv2 to argue (in the spec) why we
don't need to specify automatic key management as per BCP107. I don't
see a similar section in AODVv2. Have you confirmed with the Sec ADs
that their requirements have been relaxed?
- The biggest issue I have with the proposed security consideration
text is that there is no detailed specification of how to sign and
validate messages, similar to what we were required to do by the Sec
ADs in RFC7183. I doubt that two AODVv2 implementations by different
programmers would be interoperable just using the current text. You
mention the functions specified in RFC7182; but really these are just
the containers for the actual information. RFC7182 does not mandate
how to use them (such as we do in RFC7183).
Best regards
Ulrich
On Fri, Feb 19, 2016 at 7:52 AM, Dearlove, Christopher (UK)
<chris.dearlove@baesystems.com> wrote:
> I would say that in the interests of transparency, a lot more should appear
> on list. Of course there’s no need - until later stages - to discuss every
> editorial nit on list, but basic decisions should have been discussed here
> before now, and responses to comments received (I’ve never had responses to
> all my comments).
>
>
>
> On this posting, it’s not exactly true that
>
>
>
> Encryption will not only make it more difficult for unauthorized devices
> to obtain
> information about network topology but will also ensure that only trusted
> routers participate in routing operations:
>
>
>
> What ensure the latter is not encryption, but authentication. It is true
> that one should generally not use encryption without authentication, and
> there are some algorithms that do both together. Nevertheless I think it’s
> both useful and important to assign the right properties to each.
>
>
>
> There’s then the practical issue that with a shared secret key, encryption
> and authentication are both (relatively) easy. But if you want a solution
> that isn’t that (because that has various drawbacks) then authentication is
> more manageable than encryption. For example draft-ietf-manet-ibs has a
> scheme (not of course the only possible one) for authentication. The
> equivalent for encryption that actually conceals network topology is hard
> (just revealing all addresses gives away quite a lot).
>
>
>
> (Following the path of a signalling message is probably easier in a reactive
> network, because of the direct reaction.)
>
>
>
> --
>
> Christopher Dearlove
> Senior Principal Engineer
> BAE Systems Applied Intelligence Laboratories
> __________________________________________________________________________
>
> T: +44 (0)1245 242194 | E: chris.dearlove@baesystems.com
>
> BAE Systems Applied Intelligence, Chelmsford Technology Park, Great Baddow,
> Chelmsford, Essex CM2 8HN.
> www.baesystems.com/ai
>
> BAE Systems Applied Intelligence Limited
> Registered in England & Wales No: 01337451
>
> Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP
>
>
>
> From: manet [mailto:manet-bounces@ietf.org] On Behalf Of Lotte Steenbrink
> Sent: 19 February 2016 15:06
> To: manet@ietf.org
> Subject: [manet] AODVv2: Security considerations update
>
>
>
> ----------------------! WARNING ! ----------------------
> This message originates from outside our organisation,
> either from an external partner or from the internet.
> Consider carefully whether you should click on any
> links, open any attachments or reply.
> Follow the 'Report Suspicious Emails' link on IT matters
> for instructions on reporting suspicious email messages.
> --------------------------------------------------------
>
> *** WARNING ***
> EXTERNAL EMAIL -- This message originates from outside our organization.
>
>
>
>
> Hi all,
> in the interest of transparency, we (the AODVv2 author team) want to send
> out more updates on what we've been doing, and this is the first of these
> e-mails. We've restructured (and sometimes rewritten) our security
> considerations a bit and added a subsection about the Trust Model, and we'd
> love to hear your opinions on those changes. You can find the result and a
> diff to the current considerations in the attachments. (the formatting was
> done manually, so it might be a bit wonky)
>
> Some notes:
> * This is all work in progress, so please poke holes into it where you can!
> * While (afaik) the Availability/Confidentiality/Integrity model may be
> considered a bit dated, I thought it might be a good starting point.
> * I was wondering if “Encryption will not only protect against unauthorized
> devices obtaining
> information about network topology” isn't a tad too short and bold– maybe
> we could add a clarification along the lines of:
>
> Encryption will not only make it more difficult for unauthorized devices
> to obtain
> information about network topology but will also ensure that only trusted
> routers participate in routing operations: When messages are encrypted,
> a malicious observer would have to monitor the entire network to
> understand
> its topology and traffic flow. And even then, due to the hop by hop
> nature of the protocol and the fact that messages are regenerated rather
> than forwarded (resulting in a different payload every time),
> following the path of a message would be hard if its transmission is not
> the only encrypted traffic produced by the network.
>
> Regards,
> Lotte
>
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet
>
> ********************************************************************
> This email and any attachments are confidential to the intended
> recipient and may also be privileged. If you are not the intended
> recipient please delete it from your system and notify the sender.
> You should not copy it or use it for any purpose nor disclose or
> distribute its contents to any other person.
> ********************************************************************
>
>
> _______________________________________________
> manet mailing list
> manet@ietf.org
> https://www.ietf.org/mailman/listinfo/manet
>
- [manet] AODVv2: Security considerations update Lotte Steenbrink
- Re: [manet] AODVv2: Security considerations update Dearlove, Christopher (UK)
- Re: [manet] AODVv2: Security considerations update Ulrich Herberg
- Re: [manet] AODVv2: Security considerations update Abdussalam Baryun
- Re: [manet] AODVv2: Security considerations update Jiazi YI
- Re: [manet] AODVv2: Security considerations update Lotte Steenbrink