Re: [Roll] security solutions for ROLL
Levente Buttyan <buttyan@crysys.hu> Fri, 24 February 2012 07:36 UTC
Return-Path: <buttyan@crysys.hu>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB2821F86EF for <roll@ietfa.amsl.com>; Thu, 23 Feb 2012 23:36:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.639
X-Spam-Level: *
X-Spam-Status: No, score=1.639 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_HU=1.35, HOST_EQ_HU=1.245, RCVD_IN_NJABL_PROXY=1.643]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uj0fU-z5-SQr for <roll@ietfa.amsl.com>; Thu, 23 Feb 2012 23:36:07 -0800 (PST)
Received: from shamir.crysys.hit.bme.hu (shamir.crysys.hit.bme.hu [152.66.249.135]) by ietfa.amsl.com (Postfix) with ESMTP id D12C321F86DA for <roll@ietf.org>; Thu, 23 Feb 2012 23:36:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crysys.hu; s=shamir; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=733YANQaRoe6bTNhRUhDrMbOqp74ZRdgcaEI0RsO5bo=; b=mcjr+G8fcOieEr+yU2kJBb7JVJO1GtB+9T/2jihsaExH7m54OVSZ6hJPhgHtZNIYzrb8Wr68/rB8GjrgbyX7p7RmRz0jcUwXxJ08OtO7lBTu9DXxM6YMRt6ShInOju5zbxO/mGLPmxGmgIZOt2RnzdvxlFmJGHogXVon6OWi8bw=;
Received: from ip10-105-55.ebizlab.hit.bme.hu ([10.105.1.55] helo=localhost ident=amavis) by shamir.crysys.hit.bme.hu with esmtp (Exim 4.72) (envelope-from <buttyan@crysys.hu>) id 1S0pe3-0006kR-9h for roll@ietf.org; Fri, 24 Feb 2012 08:32:47 +0100
X-Virus-Scanned: by amavis-dc
Received: from shamir.crysys.hit.bme.hu ([10.105.1.254]) by localhost (seeve.etl.hu [10.105.1.55]) (amavisd-new, port 10023) with ESMTP id czMt4Nd3cpFJ for <roll@ietf.org>; Fri, 24 Feb 2012 08:32:40 +0100 (CET)
Received: from dsl51b6181c.pool.t-online.hu ([81.182.24.28] helo=[10.7.1.104]) by shamir.crysys.hit.bme.hu with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <buttyan@crysys.hu>) id 1S0pdw-0006k9-Bl for roll@ietf.org; Fri, 24 Feb 2012 08:32:40 +0100
Message-ID: <4F473D0E.9020407@crysys.hu>
Date: Fri, 24 Feb 2012 08:32:30 +0100
From: Levente Buttyan <buttyan@crysys.hu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: roll@ietf.org
References: <30931.1330033889@marajade.sandelman.ca>
In-Reply-To: <30931.1330033889@marajade.sandelman.ca>
X-Enigmail-Version: 1.3.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Subject: Re: [Roll] security solutions for ROLL
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2012 07:36:08 -0000
Dear Michael, Our work on version number and rank authentication addresses some layer-3 security issues that is not addressed by layer-2 security mechanisms. In particular, layer-2 protection does not prevent a malfunctioning or misbehaving (compromised) node from initiating the reconstruction of the DODAG with itself as the root. Also manipulating the rank value in DIO messages may result in the distortion of the topolgy, i.e., a misbehaving node can appear to be closer to the root than it really is. The mechanisms that we proposed try to prevent these misdeeds. They are also lightweight, using hash functions and symmetric key crypto as much as possible. Our draft is available at: http://tools.ietf.org/html/draft-dvir-roll-security-authentication-01 We also have an implementation (on both TinyOS and Linux) of RPL and the version number authentication mechanisms that we plan to make available soon. My colleague, Amit Dvir will be in Paris for the IETF meeting to present this work and to discuss it further. Best regards, Levente Buttyan 2012.02.23. 22:51 keltezéssel, Michael Richardson írta: > > 1) there is an Security AD DISCUSS from Stephen Farrell/Tim Polk. > http://datatracker.ietf.org/doc/draft-ietf-roll-security-framework/ballot/#stephen-farrell > It has been there for 9 months, and we need to act on it, because > this DISCUSS is keeping draft-ietf-roll-of0-20 from advancing, > and that will keep draft-ietf-roll-rpl-19 from being published. > > So to be clear, this chain of dependancies/references means that while > rpl-19 has been done for some time, it won't get published until we do > something. > > Stephen Farrell will lift his DISCUSS on this and let us proceed if he > sees some credible plan to get useable security into the layer-3 of > RPL. > > For a lot of you, you have assumed security at layer-2 is enough, and > you may never care about this mechanism, but I still need your > participation here. > > 2) We will need to provide, in the draft-ietf-roll-security-framework, > a clear set of security related *questions* that each applicability > statement will need to answer. In esssence, this is a template > that needs to be filled out. > > 3) A proposal for moving forward is to adopt/adapt MIKEY > (RFC3830) for our uses. > This has been proposed in: > draft-alexander-roll-mikey-lln-key-mgmt > > This draft needs to be resubmitted for the WG to consider it. > (A rumour is that it can be found at: > http://tools.ietf.org/id/draft-alexander-roll-mikey-lln-key-mgmt-02.txt > ) > > The WG is open to other proposals, but they need to come in quickly. > We do not need to complete the work, but we do need to know what work > we need to do, and we need to update our milestones to include that work > in order that we can progress. > > > > > _______________________________________________ > Roll mailing list > Roll@ietf.org > https://www.ietf.org/mailman/listinfo/roll -- Dr. Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Department of Telecommunications Budapest University of Technology and Economics (BME) URL: http://www.crysys.hu/
- [Roll] security solutions for ROLL Michael Richardson
- Re: [Roll] security solutions for ROLL Levente Buttyan
- Re: [Roll] security solutions for ROLL Tsao, Tzeta
- Re: [Roll] security solutions for ROLL Michael Richardson
- Re: [Roll] security solutions for ROLL Michael Richardson