IETF Logo Mail Archive

Re: [manet] AODVv2: Security considerations update

"Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com> Fri, 19 February 2016 15:52 UTC

Return-Path: <chris.dearlove@baesystems.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 994CB1AD080 for <manet@ietfa.amsl.com>; Fri, 19 Feb 2016 07:52:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.905
X-Spam-Level:
X-Spam-Status: No, score=-6.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CF5X1Oj7kQX8 for <manet@ietfa.amsl.com>; Fri, 19 Feb 2016 07:52:13 -0800 (PST)
Received: from ukmta2.baesystems.com (ukmta2.baesystems.com [20.133.0.56]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8DE1A9023 for <manet@ietf.org>; Fri, 19 Feb 2016 07:52:12 -0800 (PST)
X-IronPort-AV: E=Sophos; i="5.22,471,1449532800"; d="scan'208,217"; a="31342411"
Received: from unknown (HELO baemasmds016.greenlnk.net) ([10.15.207.101]) by ukmta2.baesystems.com with ESMTP; 19 Feb 2016 15:52:10 +0000
X-IronPort-AV: E=Sophos;i="5.22,471,1449532800"; d="scan'208,217";a="106944019"
Received: from glkxh0004v.greenlnk.net ([10.109.2.35]) by baemasmds016.greenlnk.net with ESMTP; 19 Feb 2016 15:52:10 +0000
Received: from GLKXM0002V.GREENLNK.net ([169.254.5.89]) by GLKXH0004V.GREENLNK.net ([10.109.2.35]) with mapi id 14.03.0248.002; Fri, 19 Feb 2016 15:52:11 +0000
From: "Dearlove, Christopher (UK)" <chris.dearlove@baesystems.com>
To: Lotte Steenbrink <lotte.steenbrink@fu-berlin.de>, "manet@ietf.org" <manet@ietf.org>
Thread-Topic: [manet] AODVv2: Security considerations update
Thread-Index: AQHRaycSXu8ve8QZcUyQTthv3yKKT58zgQlw
Date: Fri, 19 Feb 2016 15:52:09 +0000
Message-ID: <B31EEDDDB8ED7E4A93FDF12A4EECD30D8BFFFB72@GLKXM0002V.GREENLNK.net>
References: <F791BBC1-D673-4C80-944D-AE3447AEFCDD@fu-berlin.de>
In-Reply-To: <F791BBC1-D673-4C80-944D-AE3447AEFCDD@fu-berlin.de>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.109.62.6]
Content-Type: multipart/alternative; boundary="_000_B31EEDDDB8ED7E4A93FDF12A4EECD30D8BFFFB72GLKXM0002VGREEN_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/nIrHMoizpxIp2odbSZ1db8sLVhk>
Subject: Re: [manet] AODVv2: Security considerations update
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 15:52:17 -0000

I would say that in the interests of transparency, a lot more should appear on list. Of course there’s no need - until later stages - to discuss every editorial nit on list, but basic decisions should have been discussed here before now, and responses to comments received (I’ve never had responses to all my comments).

On this posting, it’s not exactly true that

   Encryption will not only make it more difficult for unauthorized devices to obtain
   information about network topology but will also ensure that only trusted
   routers participate in routing operations:

What ensure the latter is not encryption, but authentication. It is true that one should generally not use encryption without authentication, and there are some algorithms that do both together. Nevertheless I think it’s both useful and important to assign the right properties to each.

There’s then the practical issue that with a shared secret key, encryption and authentication are both (relatively) easy. But if you want a solution that isn’t that (because that has various drawbacks) then authentication is more manageable than encryption. For example draft-ietf-manet-ibs has a scheme (not of course the only possible one) for authentication. The equivalent for encryption that actually conceals network topology is hard (just revealing all addresses gives away quite a lot).

(Following the path of a signalling message is probably easier in a reactive network, because of the direct reaction.)

--
Christopher Dearlove
Senior Principal Engineer
BAE Systems Applied Intelligence Laboratories
__________________________________________________________________________

T:  +44 (0)1245 242194  |  E: chris.dearlove@baesystems.com<mailto:chris.dearlove@baesystems.com>

BAE Systems Applied Intelligence, Chelmsford Technology Park, Great Baddow, Chelmsford, Essex CM2 8HN.
www.baesystems.com/ai<http://www.baesystems.com/ai>
BAE Systems Applied Intelligence Limited
Registered in England & Wales No: 01337451
Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP

From: manet [mailto:manet-bounces@ietf.org] On Behalf Of Lotte Steenbrink
Sent: 19 February 2016 15:06
To: manet@ietf.org
Subject: [manet] AODVv2: Security considerations update

----------------------! WARNING ! ----------------------
This message originates from outside our organisation,
either from an external partner or from the internet.
Consider carefully whether you should click on any
links, open any attachments or reply.
Follow the 'Report Suspicious Emails' link on IT matters
for instructions on reporting suspicious email messages.
--------------------------------------------------------

*** WARNING ***
EXTERNAL EMAIL -- This message originates from outside our organization.


Hi all,
in the interest of transparency, we (the AODVv2 author team) want to send out more updates on what we've been doing, and this is the first of these e-mails. We've restructured (and sometimes rewritten) our security considerations a bit and added a subsection about the Trust Model, and we'd love to hear your opinions on those changes. You can find the result and a diff to the current considerations in the attachments. (the formatting was done manually, so it might be a bit wonky)

Some notes:
* This is all work in progress, so please poke holes into it where you can!
* While (afaik) the Availability/Confidentiality/Integrity model may be considered a bit dated, I thought it might be a good starting point.
* I was wondering if “Encryption will not only protect against unauthorized devices obtaining
   information about network topology” isn't a tad too short and bold– maybe we could add a clarification along the lines of:

   Encryption will not only make it more difficult for unauthorized devices to obtain
   information about network topology but will also ensure that only trusted
   routers participate in routing operations: When messages are encrypted,
   a malicious observer would have to monitor the entire network to understand
   its topology and traffic flow. And even then, due to the hop by hop
   nature of the protocol and the fact that messages are regenerated rather
   than forwarded (resulting in a different payload every time),
   following the path of a message would be hard if its transmission is not
   the only encrypted traffic produced by the network.

Regards,
Lotte
_______________________________________________
manet mailing list
manet@ietf.org<mailto:manet@ietf.org>
https://www.ietf.org/mailman/listinfo/manet
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

v2.23.0 | Report a Bug | By Email