IETF Logo Mail Archive

Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21

David Mandelberg <david@mandelberg.org> Tue, 25 June 2019 00:31 UTC

Return-Path: <david@mandelberg.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE5611201EC for <secdir@ietfa.amsl.com>; Mon, 24 Jun 2019 17:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mandelberg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IG6422dT3Eic for <secdir@ietfa.amsl.com>; Mon, 24 Jun 2019 17:31:23 -0700 (PDT)
Received: from smtp.rcn.com (smtp.rcn.com [69.168.97.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B82BC1201F2 for <secdir@ietf.org>; Mon, 24 Jun 2019 17:31:21 -0700 (PDT)
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.2 cv=aKGykv1m c=1 sm=1 tr=0 a=OXtaa+9CFT7WVSERtyqzJw==:117 a=OXtaa+9CFT7WVSERtyqzJw==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=NTnny0joGdQA:10 a=dq6fvYVFJ5YA:10 a=bmmO2AaSJ7QA:10 a=BTUBnpS-AAAA:8 a=48vgC7mUAAAA:8 a=vwySBmwHaG1wzrNIqKwA:9 a=QEXdDO2ut3YA:10 a=pblkFgjdBCuYZ9-HdJ6i:22 a=w1C3t2QeGrPiZgrLijVG:22
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHNlb21uQHJjbi5jb20=
Authentication-Results: smtp03.rcn.cmh.synacor.com header.from=david@mandelberg.org; sender-id=softfail
Authentication-Results: smtp03.rcn.cmh.synacor.com smtp.mail=david@mandelberg.org; spf=softfail; sender-id=softfail
Authentication-Results: smtp03.rcn.cmh.synacor.com header.DKIM-Signature=@mandelberg.org; dkim=pass
Authentication-Results: smtp03.rcn.cmh.synacor.com smtp.user=dseomn@rcn.com; auth=pass (LOGIN)
Received: from [209.6.43.168] ([209.6.43.168:57966] helo=uriel.mandelberg.org) by smtp.rcn.com (envelope-from <david@mandelberg.org>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTPSA (cipher=DHE-RSA-AES256-GCM-SHA384) id CE/35-13517-75B611D5; Mon, 24 Jun 2019 20:31:19 -0400
Received: from [192.168.1.152] (DD-WRT [192.168.1.1]) by uriel.mandelberg.org (Postfix) with ESMTPSA id 3B0B21C6033; Mon, 24 Jun 2019 20:31:19 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mandelberg.org; s=201903; t=1561422679; bh=feiuZd2h+wr8Z9AWKBJETKF0Wbbt2djMCh4oyJ7+Xj0=; h=Subject:To:References:From:Date:In-Reply-To:From; b=p97J6yRbMV2DaeB8jvTvy8liL7xT6H0oz2cIFawomAJb9Hyp1x7tChThWpibHu1O2 npb9Fpaa8fWTcdyawRQGsydjnSwRpd+40J8b3uOfhFj+sa0hte1g5djyaBtRLnQvfI gfITAevt2QFsTTgCemxXBy7K0D7NL+XsdlN6RwEVTPdnwQr7TIFwIfbGk5bEv6E0U2 3p8HcVnCrWpTiYsokppgjuTQ6OBe+Zoa5gEsNZ3DK76COaVZq3INi4uSLGfzizgEjH 3+eJs2x58wf0pc2ufIHKt5ZODfZ43l6ktMAKuohrg9wXErE0vcHaVJyF6CNd7vdceS JrH5CS/qoaoEA==
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>, "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-6tisch-architecture.all@ietf.org" <draft-ietf-6tisch-architecture.all@ietf.org>, Thomas Watteyne <thomas.watteyne@inria.fr>, Michael Richardson <mcr+ietf@sandelman.ca>, Mališa Vučini ć <malisav@ac.me>
References: <2cced16c-d1df-88c2-eb21-7452b42f081a@mandelberg.org> <MN2PR11MB35651735463F27A247B4B0F0D8E00@MN2PR11MB3565.namprd11.prod.outlook.com>
From: David Mandelberg <david@mandelberg.org>
Message-ID: <e35488ba-c30c-7d32-5edb-4887436984a8@mandelberg.org>
Date: Mon, 24 Jun 2019 20:31:17 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <MN2PR11MB35651735463F27A247B4B0F0D8E00@MN2PR11MB3565.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/dTNUDdLbNyhnDmhguic2RFFSaIo>
Subject: Re: [secdir] secdir review of draft-ietf-6tisch-architecture-21
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 00:31:25 -0000


On 6/24/19 4:20 AM, Pascal Thubert (pthubert) wrote:
> Hello David:
> 
> Many thanks for your review. I do hope that you found it interesting.
> 
>> Sections 4.2.1 and 4.3.4 talk about the security of joining a network, and time
>> synchronization, respectively. Do any of the security mechanisms in 4.2.1 rely
>> on having an accurate clock? (E.g., to distrust old/expired keys.) Is time
>> synchronization done before the join process, and is there any way to exploit
>> time synchronization in order to cause a node to join a malicious network?
> 
> This is really a MAC layer question for IEEE. I'm cc'ing Thomas who was one of the inventors of TSCH, as well as Michael and Malisa who led the join process study.
> 
> Time synchronization (date):
> --------------------------------------
> For all I know, the time sync is about giving a epoch time from which an Absolute Slot Number (ASN, expressed in slot duration e.g., 10ms) is derived.
> ASN plays a key role as it is used in NONCE. An attack that one could think of would be to fool the new node into thinking that ASN is earlier. This could happen before the keys are exchanged, or if an authorized peer is compromised.
> For the former, I'll defer to the others to answer fully how we protect the new comer.
> For the latter, 6TiSCH provides an additional protection since we derive time from a RPL parent. RPL has its own protections, some of them in the standard itself, some of them in zerotrust papers that need publishing.
> 
> Time synthonization (precise tic, hourless)
> --------------------------------------------------------
> This is the process whereby a node corrects its tic to realign with the parent. ASN is not changed but the drift of crystals is compensated.
> An attacker could try to inject a sense of time that it slightly shifted to the point that the node lose sync with the rest of the network (the guard time is like an event horizon). Then again, RPL provides an additional protection on top of the MAC provisions.
> 
> 
> In the meantime your remark reserves some text. Note that the dependency on time is inherited from DetNet and TSN, and DetNet has text about it that we can reference.
> 
> In conjunction with Andrew's review I'd propose:
> "
>      The operation of 6TiSCH Tracks inherits its high level operation from DetNet
>      and is subject to the observations in section 5 of [ietf-detnet-architecture].
>      As discussed there, measures  must be taken to protect the time
>      synchronization, and for 6TiSCH this includes ensuring that the ASN, which is
>      used for the computation of NONCE, is not compromised. Also, the installation
>      and maintenance of 6TiSCH Tracks depends in the availability of a controller
>      with a PCE to compute and push them in the network. When that connectivity
>      is lost, existing Tracks may continue to operate until the end of their
>      lifetime, but cannot be removed or updated, and new Tracks cannot be
>      installed. As with DetNet in general, the communication with the PCE must be
>      secured and should be protected against DoS attacks, and the discussion on
>      the security considerations defined for Abstraction and Control of Traffic
>      Engineered Networks (ACTN) applies equally to 6TiSCH.
> "
> 
> Does that sound good?

Yup, sounds good to me.

> Pascal
> 
>> -----Original Message-----
>> From: David Mandelberg <david@mandelberg.org>
>> Sent: lundi 24 juin 2019 03:22
>> To: secdir@ietf.org; iesg@ietf.org; draft-ietf-6tisch-architecture.all@ietf.org
>> Subject: secdir review of draft-ietf-6tisch-architecture-21
>>
>> I have reviewed this document as part of the security directorate's ongoing
>> effort to review all IETF documents being processed by the IESG.  These
>> comments were written primarily for the benefit of the security area directors.
>> Document editors and WG chairs should treat these comments just like any
>> other last call comments.
>>
>> The summary of the review is Ready with nits.
>>
>> The review deadline for this was really short, so I didn't have a chance to read
>> this as closely as I would have liked. That said, from skimming the document
>> and reading the sections that looked most interesting, it looks pretty good. The
>> security considerations section covers what I expected it to. I have only one
>> question/concern:
>>
>> Sections 4.2.1 and 4.3.4 talk about the security of joining a network, and time
>> synchronization, respectively. Do any of the security mechanisms in 4.2.1 rely
>> on having an accurate clock? (E.g., to distrust old/expired keys.) Is time
>> synchronization done before the join process, and is there any way to exploit
>> time synchronization in order to cause a node to join a malicious network?

v2.23.0 | Report a Bug | By Email