IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 28 June 2019 11:00 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54981120179; Fri, 28 Jun 2019 04:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Y2utBbP4; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=HIlSzWTs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARtH4ymYFc_r; Fri, 28 Jun 2019 04:00:05 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8776312014A; Fri, 28 Jun 2019 04:00:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2822; q=dns/txt; s=iport; t=1561719604; x=1562929204; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=KoJCIeqsJ7Qg6eWPC2eamSxsIRX26LOJlr4E64NFwS4=; b=Y2utBbP48W4lr1pxlaoPB6vrOh5/lHikjqSlNxxmjKl078+CrHUVyhSZ YpIYqOAMNtNSbcUgRBCi4vDY0h3ooum0qGDTOS/AWn/kuvLzumc2GoHVO Bwn+5hmDh09maOWbpPphs0xGId8uB4wqXzuEq6MXYSVrXWrzmcvjYtzxM E=;
IronPort-PHdr: 9a23:RhGWcBQU5LQFLuPWCwOwHt5XYNpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQmHNlIWUV513q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AnAADj8hVd/4oNJK1lGgEBAQEBAgEBAQEHAgEBAQGBVgIBAQEBCwGBQ1ADgT8gBAsoh2MDjlyCW5dEglIDVAkBAQEMAQEtAgEBgUuCdQKDACM3Bg4BAwEBBAEBAgEFbYo3DIVKAQEBBBIuAQE3AQsEAgEIEQEDAQEBLjIXBggCBA4FCBEFBIRrAx0BApwdAoE4iGCCI4J5AQEFhQ8YghEJgTQBhHGGbReBQD+BV4FOfj6ERoM6giaOMJt9CQKCFpQTgiuHGI4ejSmXIwIEAgQFAg4BAQWBZiKBWHAVgyeCQQkDF4NOilNygSmMNiuCJQEB
X-IronPort-AV: E=Sophos;i="5.63,427,1557187200"; d="scan'208";a="572248186"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Jun 2019 10:59:33 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id x5SAxXb9006752 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 28 Jun 2019 10:59:33 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 28 Jun 2019 05:59:33 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 28 Jun 2019 06:59:32 -0400
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 28 Jun 2019 05:59:32 -0500
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=Rl7PQV+hHCtEQgWLwiXeVNhJWJ4p2K4Z+g+5BajUiD1JAXxnfA2LwYDWLN8AfwuAy90a2uPIIrG6+dDNdhn4q6Wh/TSlRJGpWhOyKrKw9y6mf79RAqjOxVsqzUkdPVM/xloYRVw6GRB67MZ3H1VR6BBWFskiuNneotTRvI3OWrs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1MCQzkEZ95o5ptn+RcFQCTSb+eZ1yw8yEBlUcyq80Xg=; b=UKEcWRq6VJf4dNK0vlLVp4uGpt3R9cBr55sCnDY6DU+hY12x7qkTa1Y3c0djiQS2/7NxlxBdGNlUmDmcs9d4hclhsp7FDgmnCYTtH2NMct4yGMoSgr22de58Htvs0LvIdI7qGJUceVWE+VAAvPSp3gXoDH/owNmyxNlLg0bazBU=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none;dkim=none;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1MCQzkEZ95o5ptn+RcFQCTSb+eZ1yw8yEBlUcyq80Xg=; b=HIlSzWTsr1aAhn9Y658njaqfBcSidtOzfn03fNCo8z6JjbFD8T0tRQc+hekVTJ7OIJT5796ma9tepYypbeXswzLz9Q2u9/BkjqV1gUPnOBQThdGba42SuuXk34o+RVEiYgbIqpeb8Nr2InK5RWSBAoMxR3xq7OHqutTt5eUD330=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3933.namprd11.prod.outlook.com (10.255.180.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.16; Fri, 28 Jun 2019 10:59:31 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a%6]) with mapi id 15.20.2008.018; Fri, 28 Jun 2019 10:59:31 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: David Mandelberg <david@mandelberg.org>
CC: Tero Kivinen <kivinen@iki.fi>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-6tisch-architecture.all@ietf.org" <draft-ietf-6tisch-architecture.all@ietf.org>, Thomas Watteyne <thomas.watteyne@inria.fr>, Mališa Vučinić <malisav@ac.me>, Michael Richardson <mcr+ietf@sandelman.ca>
Thread-Topic: [secdir] secdir review of draft-ietf-6tisch-architecture-21
Thread-Index: AQHVKitVZAMqDsUZHEuS/CYS/vDUhKaqVH6wgAEk6YCAAHyKMIAAjgwAgAFa8pCAADuNAIAC0WVQ
Date: Fri, 28 Jun 2019 10:59:08 +0000
Deferred-Delivery: Fri, 28 Jun 2019 10:58:55 +0000
Message-ID: <MN2PR11MB356522D2D3C8E73A7AECF930D8FC0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <2cced16c-d1df-88c2-eb21-7452b42f081a@mandelberg.org> <MN2PR11MB35651735463F27A247B4B0F0D8E00@MN2PR11MB3565.namprd11.prod.outlook.com> <23825.24715.882644.180316@fireball.acr.fi> <MN2PR11MB35655F77D328CD9B27029413D8E30@MN2PR11MB3565.namprd11.prod.outlook.com> <28910.1561477164@localhost> <MN2PR11MB356523D951AF96FF31143F34D8E20@MN2PR11MB3565.namprd11.prod.outlook.com> <17322.1561564458@localhost>
In-Reply-To: <17322.1561564458@localhost>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1005::2c6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 46c80c97-71a5-4034-f083-08d6fbb7b270
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3933;
x-ms-traffictypediagnostic: MN2PR11MB3933:
x-microsoft-antispam-prvs: <MN2PR11MB39331301413AFCFF2A2562B0D8FC0@MN2PR11MB3933.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 00826B6158
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(136003)(396003)(376002)(39860400002)(51444003)(13464003)(199004)(189003)(102836004)(71200400001)(6436002)(52536014)(8936002)(74316002)(256004)(186003)(446003)(305945005)(486006)(8676002)(229853002)(7736002)(14444005)(81166006)(476003)(53546011)(81156014)(53936002)(4326008)(9686003)(25786009)(6666004)(46003)(99286004)(6506007)(5660300002)(55016002)(11346002)(86362001)(76176011)(6246003)(2906002)(54906003)(7696005)(316002)(66476007)(33656002)(6116002)(71190400001)(73956011)(6916009)(66946007)(478600001)(64756008)(66446008)(66556008)(14454004)(76116006)(68736007); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3933; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 5Ju9DTWK7/6uXk34dhASpIdlb+dx6aSMGP0/PMBaP4PSAXHaHgDQL3J33NtEmHTn9p34ankI97pGq5UTvDJpOr8S9arlYx8fDjmjTsJ6D1cc3yfVZxVbYxsXgQu1Bcf+b+hW792X/Ixxp6z5l0J0otag3t0ijezxbT1ZD3NK7ezCwPfghdCi+P0HwuN8atnI/VzaEp4w1a8r4uv+PLX2YZ1b4w6MOk8t+bAstaEd7u9vOlmqF+R6julXLhNUpv1aaDp5GreN3StBMCZQOB0a/gYVBctHmBXl/wYmqjBHx9MfpEUu62mGj2DIkIlgP9ekIrLXisYyB1b0VAfEcHK85Vq5x2dl4xvf8zpW0kRUWrsGzldFrYJ9rQazTjFTBL2RHQtu5RriPdlhCPVT+f98nLze95NlTEoVtjIxbU1ZNvw=
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 46c80c97-71a5-4034-f083-08d6fbb7b270
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2019 10:59:30.8897 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3933
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/5VKJD2JKY0Lm03xYInt-TWlK814>
Subject: Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 11:00:08 -0000

Hello David

Many thanks again. Your comments steered great discussions that led to improvements in both this draft and minimal security.
I posted -23 in the hope that it satisfies all your comments. Please let us know is there is any additional issue we need to look at.
 
All the best,
 
Pascal

> -----Original Message-----
> From: Michael Richardson <mcr+ietf@sandelman.ca>
> Sent: mercredi 26 juin 2019 17:54
> To: Pascal Thubert (pthubert) <pthubert@cisco.com>
> Cc: Tero Kivinen <kivinen@iki.fi>; David Mandelberg
> <david@mandelberg.org>; secdir@ietf.org; iesg@ietf.org; draft-ietf-6tisch-
> architecture.all@ietf.org; Thomas Watteyne <thomas.watteyne@inria.fr>;
> =?iso-8859-2?Q?Mali=B9a_Vu=E8ini=E6?= <malisav@ac.me>
> Subject: Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21
> 
> 
> Pascal Thubert (pthubert) <pthubert@cisco.com> wrote:
>     >> Tero:
>     >> >> Note, that attacker might be able to replay valid ACKs for the frame
>     >> >> sent by the JN, provided that the JRC (or whoever JN sent the message
>     >> >> to) happened to ack message using the same ASN attacker faked for
> JN.
>     >>
>     >> Pascal Thubert (pthubert) <pthubert@cisco.com> wrote:
>     >> > Your mean that the faked ASN is only slightly in the future, so the
>     >> > attacker can repeat messages from the pledge after that delay?
>     >>
>     >> The faked ASN is always in the past.
> 
>     > Do you mean the replayed ones? When the pledge does not have the keys,
>     > the attacker can forge the beacon with any ASN, and place random bytes
>     > in the MIC, can't it?
> 
> Yes, the replayed one has a "fake" ASN that is in the past.
> 
>     > If the attacker fakes an ASN that is tomorrow and intercepts a join
>     > request, it could make the pledge seem to appear now on the network
>     > tomorrow even if the real pledge is long gone.
> 
> But that one won't validate.
> 
>     >> So the L2-ACKs can be faked, was the point.
> 
>     > I can see that an ACK can be replayed. But the ACK that was stored in
>     > advance can only work if the attacked node speaks on the very ASN for
>     > which the attacker intercepted an ACK in the past. The attacker is not
>     > in control of that and that makes its life harder.
> 
> When I said faked, I should have said replayed.
> 
> I think that we don't need to do this: just wait for a beacon.  If the attacker can
> block and replay them all, then they absolutely win, and the network can not
> form.  Such an attacker probably can also put faraday cages around all the
> nodes.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -
> = IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email