IETF Logo Mail Archive

[Roll] [roll] #156: draft-ietf-roll-security-threats-06 - RPL control message are broadcast

"roll issue tracker" <trac+roll@trac.tools.ietf.org> Sun, 23 February 2014 20:22 UTC

Return-Path: <trac+roll@trac.tools.ietf.org>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD261A06F2 for <roll@ietfa.amsl.com>; Sun, 23 Feb 2014 12:22:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.548
X-Spam-Level:
X-Spam-Status: No, score=-0.548 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6JCcoumQK8Hu for <roll@ietfa.amsl.com>; Sun, 23 Feb 2014 12:22:13 -0800 (PST)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [IPv6:2a01:3f0:1:2::30]) by ietfa.amsl.com (Postfix) with ESMTP id 9387D1A06F0 for <roll@ietf.org>; Sun, 23 Feb 2014 12:22:13 -0800 (PST)
Received: from localhost ([127.0.0.1]:49609 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.80) (envelope-from <trac+roll@trac.tools.ietf.org>) id 1WHfYm-000249-MP; Sun, 23 Feb 2014 21:22:00 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: roll issue tracker <trac+roll@trac.tools.ietf.org>
X-Trac-Version: 0.12.3
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.3, by Edgewall Software
To: draft-ietf-roll-security-threats@tools.ietf.org, mariainesrobles@gmail.com
X-Trac-Project: roll
Date: Sun, 23 Feb 2014 20:22:00 -0000
X-URL: http://tools.ietf.org/wg/roll/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/roll/trac/ticket/156
Message-ID: <067.c601d465cb4dd279e545d31290863daf@trac.tools.ietf.org>
X-Trac-Ticket-ID: 156
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-roll-security-threats@tools.ietf.org, mariainesrobles@gmail.com, robert.cragie@gridmerge.com, roll@ietf.org
X-SA-Exim-Mail-From: trac+roll@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: angel.lozano@upf.edu, mcr+ietf@sandelman.ca, mischa.dohler@cttc.es, roger.alexander@cooperindustries.com, tzeta.tsao@cooperindustries.com, vanesa.daza@upf.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/roll/6Ay4x8zCFZoUd2R8neVhqRqGmkI
Cc: roll@ietf.org
Subject: [Roll] [roll] #156: draft-ietf-roll-security-threats-06 - RPL control message are broadcast
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: roll@ietf.org
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Feb 2014 20:22:16 -0000

#156: draft-ietf-roll-security-threats-06 - RPL control message are broadcast

 Reported by Robert Cragie - 02/17/2014

 7.2.  Integrity Features

    The integrity of routing information provides the basis for ensuring
 that the function of the routing protocol is achieved and maintained. To
 protect integrity, RPL must either run using only the Secure versions of
 the messages, or must run over a layer-2 that uses  channel binding
 between node identity and transmissions. (i.e.: a layer-2 which has an
 identical network-wide transmission key can not defend against many
 attacks)

 <rcc>
 So how do we fix the conundrum that many significant RPL control messages
 (e.g DIO) are broadcast, which in link layer terms typically means they
 are transmitted using LL broadcast address without acknowledgements? We
 can't use pairwise link keys. Saying a network wide key "cannot defend
 against many attacks" is a poor generalization without any real analysis
 behind it.

 If a network-wide key has been distributed in a secure fashion and the
 confidentiality of the key on every node can be guaranteed, then it is a
 perfectly legitimate way to provide confidentiality, data origin
 authentication and integrity protection, especially for broadcast
 messages.
 </rcc>

-- 
-------------------------------------+-------------------------------------
 Reporter:                           |      Owner:  draft-ietf-roll-
  mariainesrobles@gmail.com          |  security-threats@tools.ietf.org
     Type:  defect                   |     Status:  new
 Priority:  major                    |  Milestone:
Component:  security-threats         |    Version:
 Severity:  In WG Last Call          |   Keywords:
-------------------------------------+-------------------------------------

Ticket URL: <http://trac.tools.ietf.org/wg/roll/trac/ticket/156>
roll <http://tools.ietf.org/wg/roll/>

v2.23.0 | Report a Bug | By Email