Re: [manet] DLEP-18 Security Considerations

Henning Rogge <hrogge@gmail.com> Sun, 07 February 2016 11:55 UTC

Return-Path: <hrogge@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C0C41B3992 for <manet@ietfa.amsl.com>; Sun, 7 Feb 2016 03:55:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8DHr-TkEaNr for <manet@ietfa.amsl.com>; Sun, 7 Feb 2016 03:55:07 -0800 (PST)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C6391B3993 for <manet@ietf.org>; Sun, 7 Feb 2016 03:55:07 -0800 (PST)
Received: by mail-lf0-x22c.google.com with SMTP id j78so81074097lfb.1 for <manet@ietf.org>; Sun, 07 Feb 2016 03:55:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=LsagOi3YhV0R/kVF5wak34210r7hbWX3J2ELUY52aAw=; b=Y/Wr9VktzEwhiZ8D0jNWORhz4RtCHEnsn2xLOrRYMv62Ki6eIXMtCsrq56OzC+D5K0 plrUOQBL4pt/MDtk7ehytPBTeJbgIR0gT61obmKLa0/lR4xsP/7g42buCYef5f/zy37H R2uOQrlRkQxI+T6BU3ibqUkESMRdphswAhO5a8EAC8+CEgy4ns2wdP4UFYnxMKPNP+dJ 5y1k40NR5njaGr5IcVMtcFNUspx7Wh2UiDyZ7A5e6MpfYDySSp8Se/UjSl5URPbZqBJe YQROQTu2nxa1wD8Uuy3Ngmqbjf4Ohgl99rKy6eMjjkxe76zxAGfu/2LXSxFY3SsG+5Qn jmoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=LsagOi3YhV0R/kVF5wak34210r7hbWX3J2ELUY52aAw=; b=ZioWv1EV1sJX3AjVvV4MnhlSNR4Iwnz2gi+5y7/xGsu0U5fkupY/LCx1ENFyeMit5d aBP9Zjn5BhmBLtjvHrMiPqUek3rIHA7zJ64lGPYEaKHfh+d5BekLysJD2uz9+NCYjJzE 2pkxl2mW5yrLwsFxFumnS9mIRxRmm4/AOVacuR1LmvZuH0DdoqQJhv8Q0sNFzfqZtJ8s 1oZvOwD0WGUbYHcvAVuLNrPRQUAf4664uafXTxVr0YAHuD0pRlfEuCpp6f4GNjp1hKyR Sq7VOElKs/1gxZwlsNWcSxtwIFulHGwQJdh7qzNrELfRm6BkSobMOrJrVwrK5zn0qVJ/ 6B4A==
X-Gm-Message-State: AG10YOTUzJ9biFWvUt8ybaOE7OWcutp3LWyh9QascQJIAqmtAV5V90fGhO3pGGfzhpnxUG+lsLUpDbC1jS2+tQ==
X-Received: by 10.25.169.74 with SMTP id s71mr8450233lfe.128.1454846105304; Sun, 07 Feb 2016 03:55:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.161.77 with HTTP; Sun, 7 Feb 2016 03:54:35 -0800 (PST)
In-Reply-To: <D2DBAA65.10DB40%aretana@cisco.com>
References: <CALtoyo=6zEWqj8kC=JHb1=6sKD+ktCOWmnU+rzbNGhrkAwMfzQ@mail.gmail.com> <D2DBAA65.10DB40%aretana@cisco.com>
From: Henning Rogge <hrogge@gmail.com>
Date: Sun, 7 Feb 2016 12:54:35 +0100
Message-ID: <CAGnRvur=CMe7YwudtYJmbO_fOPh2n3Vch5z1AkzawFe1gULgjQ@mail.gmail.com>
To: "Alvaro Retana (aretana)" <aretana@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/_tXZ4UYB3T1L7GcdhtwA1zgYn0E>
Cc: MANET IETF <manet@ietf.org>
Subject: Re: [manet] DLEP-18 Security Considerations
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2016 11:55:09 -0000

On Sat, Feb 6, 2016 at 11:22 PM, Alvaro Retana (aretana)
<aretana@cisco.com> wrote:
> On 1/18/16, 7:51 PM, "manet on behalf of Stan Ratliff"
> <manet-bounces@ietf.org on behalf of ratliffstan@gmail.com> wrote:
>
> Stan:
>
> Hi!
>
> You'll need references for L2 security.
>
> The main problem I see with the text below is that it is based on
> assumptions — even though you do say that "DLEP is restricted to…a single
> (possibly logical) hop at layer 2", it is based on the deployment
> assumptions.  What happens if it isn't deployed that way?

It will not work because the user traffic will not reach the
destination. DLEP is the model of a "external radio" which acts as a
bridge (as in "layer-2 bridge") between the connection to the router
and the radio network.

If you are more than 1 IP-hop away you will not get the user traffic.

> What about confidentiality of the data?  What about exposing information
> about users (privacy)?

if you have one IP-hop between radio and router linklayer/MAC security
takes care of this. If not you are outside the specification of the
protocol and do something strange to the traffic anyways... so it
should not be DLEP's problem.

>  I know that the assumed deployment model makes it
> very hard to look at the data in flight between and the physical and L2
> security may well be enough.  However, what if DLEP is not used as expected?

If you break the basic assumptions of the protocol, you should not
expect its security considerations to be secure in your situation.

> IMO, you should describe the expected operating environment (or point to the
> assumptions) and any security mechanisms that should be included there (L2,
> physical assumptions), and explain why confidentiality and privacy are not a
> concern…

http://tools.ietf.org/html/draft-ietf-manet-dlep-18#section-2.1

> but then you should also say something like: "if DLEP is used in an
> environment other then the expected one, then xx, yy and zz MUST/SHOULD be
> implemented".   I think that this way we would be covering the normal case,
> but also providing an answer to what if without making mandatory mechanisms
> that may be superfluous.

There is no guarantee that xx/yy/zz will give you any kind of security
in an unspecified environment.

Henning Rogge