IETF Logo Mail Archive

Re: [manet] draft-perkins-manet-aodv-e2esec-00

Christopher Dearlove <christopher.dearlove@gmail.com> Sun, 06 March 2016 10:18 UTC

Return-Path: <christopher.dearlove@gmail.com>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D610C1A87CC for <manet@ietfa.amsl.com>; Sun, 6 Mar 2016 02:18:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ka9GsOYLecf6 for <manet@ietfa.amsl.com>; Sun, 6 Mar 2016 02:18:31 -0800 (PST)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDFCB1A87C4 for <manet@ietf.org>; Sun, 6 Mar 2016 02:18:30 -0800 (PST)
Received: by mail-wm0-x231.google.com with SMTP id l68so47512600wml.0 for <manet@ietf.org>; Sun, 06 Mar 2016 02:18:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-transfer-encoding :message-id:cc:from:subject:date:to; bh=pYvzE6U7UuaTrdx8WX8p5m8v2eTRoUmdzCS+QD1n5gk=; b=nDry67AD9fOE/0u7F3M9LdNsz1gHIKTtwWUYYH729SxxKBwQuOwDfw/nqQ3QEPK0Id T9xffzPkKS/0I8Nr+48BxjQrNHplyTy+CKnB3+tiMafit6iMKV4GlaBBKtvg4B1vnmAo i6GXi6hpye0gU6Do8PULblD3IXo3iDjqz3qQb186uDX8HrtJ9sPpPrduy3Im/SIFbdPI +Rgxyx2vBZqsToI0avXv5V7QQwLm4yBX7QXzf7juDLbVXCtktpUg3bEgpy3U5g5Z32rz lxP+Dvn+fK8TPg+XF+qtpSEzBmzrKNHHzcZ5q5uaC4frPrDlmfBvQl+0fnzGAwg4Z+OL j3eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:references:mime-version:in-reply-to :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=pYvzE6U7UuaTrdx8WX8p5m8v2eTRoUmdzCS+QD1n5gk=; b=hP/NzLzHb6Iq4wkVxSS8e6CpxTcbxpEca5pFPWzQiom9X5kVrNOlY0gB3VNowN8la2 sG3c6DSp8LhJrjmenJZoaw1nOsvJziPLvos236RuTqXqeO42c67yUZ9xamOJplQVx6Ee LprkOcFNbRAM2IQrkZQqNFmqn+XrHwByq/jynAecxz39Ka52V6yEBrOls4XFWcEc8ZOP Ta3y7JjipRoIs7DgMTLoD44B38rfQ9Fl3VllDXQlFTLXw+qczgzT1cWgC+1srBdtjZM6 C3v42oWeh40vyxJTNdjwXyvcI77RuTXQeRd5Shx5uccsVZ5604jVnuCjKoZl6+U+WMR/ 0wXg==
X-Gm-Message-State: AD7BkJJ60+N6bv0nxAiZ+dK3TRdNVMF6882scT53uUWDSaN8Ew1KPwmyBRFf8BONssCSrg==
X-Received: by 10.28.145.9 with SMTP id t9mr7633309wmd.54.1457259509364; Sun, 06 Mar 2016 02:18:29 -0800 (PST)
Received: from [10.1.66.31] (82-132-219-100.dab.02.net. [82.132.219.100]) by smtp.gmail.com with ESMTPSA id k4sm7953737wmc.12.2016.03.06.02.18.28 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 06 Mar 2016 02:18:28 -0800 (PST)
References: <56D8B980.7010705@earthlink.net> <CAL95ndLYjvjs25T0siVMqHrWmw5B0k6H2ntjhMZDKMREU9Fo5g@mail.gmail.com> <3E84E2D1-2CF7-4F2B-80AD-98D1E37594E6@gmail.com> <CAL95ndJB-Zt8ipHB8dNFTmnNguxr_f6G9Du9tsL=bzLQ_1otgg@mail.gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <CAL95ndJB-Zt8ipHB8dNFTmnNguxr_f6G9Du9tsL=bzLQ_1otgg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-005A4B64-22BB-4612-8687-D8571824A73E"
Content-Transfer-Encoding: 7bit
Message-Id: <6D29B75B-4680-45D1-A769-D3BDB76F5372@gmail.com>
X-Mailer: iPhone Mail (13C75)
From: Christopher Dearlove <christopher.dearlove@gmail.com>
Date: Sun, 06 Mar 2016 10:18:20 +0000
To: Anders Nilsson Plymoth <lanilsson@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/vWJlo8xabhE3eudJMVQWoZzKLCk>
Cc: Charlie Perkins <charles.perkins@earthlink.net>, Christopher Dearlove <christopher.dearlove@gmail.com>, Mobile Ad Hoc Networks mailing list <manet@ietf.org>
Subject: Re: [manet] draft-perkins-manet-aodv-e2esec-00
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Mar 2016 10:18:35 -0000

Note that for OLSRv2 there is 7183 as well as 7182. AODVv2 needs its 7183 equivalent, though of course it doesn't have to be a separate draft.

In terms of what you say, I completely disagree that if you have an IP address it's just as easy to have a certificate.

Transferring certificates in TC or RREQ messages is a serious overhead. Just in HELLO messages is bad enough, but inadequate for end to end authentication. Alternatively they need pre-distribution.

Addresses on the other hand have neither of those disadvantages. They are small. They are being included in messages anyway. But also, you learn IP addresses during routing (including neighbour discovery). I can and have implemented OLSRv2 with IBS without any prior knowledge of any other participant in the network.

Also note in particular that as far as I'm concerned other nodes aren't just destinations, many are relays. I might need prior knowledge of actual traffic destinations if I'm the traffic source. But not of relays. And if I'm a relay, not even that. (That's especially true for AODVv2 that just gets an IP packet to deliver out of the blue.)

More, even there, the final destination in routing protocol terms is a router, not a host. For encrypted comms it's a host I want to communicate with, have certificate of etc. And actually I can do that without a certificate too by using identity based mechanisms. Which is also something we're able to do.

Yes, we're both saying no single solution. But I think you're downplaying the complications of what you're suggesting. Mostly that doesn't matter, but it is an additional reason I don't think this (in the AODVv2 draft, or its 7183 equivalent) is the right place.

The right place is a draft how to use the approach you favour within a 7182 framework. Which then AODVv2 (or even OLSRv2) could then adopt as required. Similar approach to the IBS draft. People can then take it or leave it. (I'm not claiming IBS is perfect either, it's not very low processing power friendly for one. I'd also object if that were pushed as the primary approach.)

--  
Christopher Dearlove
christopher.dearlove@gmail.com (iPhone)
chris@mnemosyne.demon.co.uk (home)

> On 6 Mar 2016, at 00:16, Anders Nilsson Plymoth <lanilsson@gmail.com> wrote:
> 
> Hi Christopher,
> 
> My point wasn't that a signature based approach should be the only solution, but that I think that signatures are preferable over HMAC based E2E authentication approaches. My point was also that I would like to see a tighter integration of the methods in RFC 7182 into the AODVv2 draft describing the protocol operation rather than just as security considerations. Maybe this is deemed not necessary, but I find that when using the current draft in combination with RFC 7182, it is hard to make an implementation that would be inter-operable. From my reading of RFC 7182 signatures should be supported, but is unclear how. I also see authentication as desirable which was also indicated by Charlie.
> 
> Even so, I regard a signature based approach as highly desirable, draft-ietf-manet-ibs is one example, but I don't see the big issue with certificates. Each node would need a certificate before joining the network. This is similar to the keys in draft-ietf-manet-ibs. The node would also need to have the certificate for the destination node in order to setup the route. How would have the node have this certificate? How would the node know the IP address of the destination? If a node knows the IP address of a destination and would like to exchange encrypted data, it would also have the certificate. How about authenticating routing messages? Certificates of neighboring nodes can easily be exchanged by a local protocol, e.g. NHDP. I have manet type network running with this approach and it works well. It also enables TLS/DTLS when desirable. 
> Another approach as taken by SAODV was to include public keys, signatures and hashes into routing messages.  
> 
> And to quote you, I am saying not this is the one and only solution, but one that I think shouldn't be excluded.
> 
> Thanks,
> Anders
> 
> 
> 
> 
>> On Sat, Mar 5, 2016 at 1:36 PM, Christopher Dearlove <christopher.dearlove@gmail.com> wrote:
>> Requiring a signature based approach is I think quite undesirable. That puts a serious key management load on what is an ad hoc network, some of which are intended to be lightweight.
>> 
>> Where are the certificates coming from? Note that you can't simply download them, until the routing protocol has done its job, you don't have any way to do that. Pre-loaded? But that's getting really into scalability issues if you have to preload certificates for anyone who might be in the network. I think it's actually particularly bad for an on-demand protocol.
>> 
>> It also precludes what may be better solutions in many cases, for example draft-ietf-manet-ibs. (How do you get those keys? Also an issue, but a scalable one, you only need your own information, so preloading for example may be practical.)
>> 
>> Of course I'm not saying this might not be a solution, just not the one and only solution, and not to exclude all others. If you do have to put key management in (and it's hard to talk the SEC ADs out of that, but it can be done) add many more months to your time to finish.
>> 
>> This also doesn't address the key issue of the end to end or hop by hop architecture. I have some comments to make on that - comments that recognise there's a real issue that there is no ideal solution to - but I want to formulate them more clearly.
>> 
>> --  
>> Christopher Dearlove
>> christopher.dearlove@gmail.com
>> 
>>> On 5 Mar 2016, at 11:59, Anders Nilsson Plymoth <lanilsson@gmail.com> wrote:
>>> 
>>> Hi Charlie,
>>> 
>>> I understand you are mainly addressing E2E protection here, with regards to RREQ and RREP, but I am of the strong opinion that AODVv2 should have a more integrated security model, rather than ad hoc.
>>>  
>>> The use of HMACs for message authentication is a well known and well used approach. However, the use of HMAC implies the use of symmetric keys, and the question is how this key distribution should take place. I have seen hints of the usage of a single shared key, but this seems a little naive to me.
>>> 
>>> I would instead argue for a signature based approach, i.e. the use of public keys and certificates. This is the approach that was proposed for the SAODV draft, and although that draft is clearly outdated, I think the general idea there is good.
>>> 
>>> Regarding RFC 7182 instead of RFC 4868? Yes, definitely. You already rely on RFC 7182 for the security considerations of the AODVv2 draft. However, in the AODVv2 draft you mainly consider integrity protection, and less that of authentication. Also, this draft, draft-perkins-manet-aodv-e2esec-00 seems to address integrity more than authentication.
>>> 
>>> In summary, what I personally would like to see is a stronger integration of RFC 7182 and its concepts into the AODVv2 protocol specification, that also addresses authentication and key management considerations. As it is, it would be very hard to read the AODVv2 and its security considerations and build an implementation that incorporates RFC 7182, and have different implementations inter-operable. 
>>> 
>>> Thanks,
>>> Anders
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On Thu, Mar 3, 2016 at 11:24 PM, Charlie Perkins <charles.perkins@earthlink.net> wrote:
>>>> 
>>>> Hello folks,
>>>> 
>>>> In order to promote useful discussion about the security model for AODVv2, I have submitted a new draft with an idea to enable the source and destination of a Route Discovery to verify that they were indeed the source and destination of the route that was discovered. This is not a guarantee of a useful route, because intermediate routers are not authenticated, only the endpoints.  Nevertheless the idea seems like a useful adjunct to the existing hop-by-hop security as currently specified in AODVv2.
>>>> 
>>>> It can use more work:
>>>> - Should RFC 7182 be specified instead of RFC 4868?  If so, what is the simplest way to make the conversion?
>>>> - Should other message types be covered as well?  This would be pretty simple; I just need to reword the section specifying the input data.
>>>> 
>>>> I only used RFC 4868 because it seemed very straightforward for me to understand.
>>>> 
>>>> Comments are solicited and welcome.  The content of the document may well belong in the upcoming revision of AODVv2 that will be provide resolutions for the many recent comments.
>>>> 
>>>> Regards,
>>>> Charlie P.
>>>> 
>>>> _______________________________________________
>>>> manet mailing list
>>>> manet@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/manet
>>> 
>>> _______________________________________________
>>> manet mailing list
>>> manet@ietf.org
>>> https://www.ietf.org/mailman/listinfo/manet
>

v2.23.0 | Report a Bug | By Email