Re: [Dtls-iot] DTLS multicast security
"Kumar, Sandeep" <sandeep.kumar@philips.com> Tue, 23 September 2014 19:37 UTC
Return-Path: <sandeep.kumar@philips.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C691A1AE7 for <dtls-iot@ietfa.amsl.com>; Tue, 23 Sep 2014 12:37:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.919
X-Spam-Level:
X-Spam-Status: No, score=-0.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqdg3hMwl9-O for <dtls-iot@ietfa.amsl.com>; Tue, 23 Sep 2014 12:36:59 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0771.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::771]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C60E21A1AE1 for <dtls-iot@ietf.org>; Tue, 23 Sep 2014 12:36:58 -0700 (PDT)
Received: from DB4PR04CA0035.eurprd04.prod.outlook.com (25.160.41.45) by DB4PR04MB0637.eurprd04.prod.outlook.com (10.242.221.15) with Microsoft SMTP Server (TLS) id 15.0.1034.13; Tue, 23 Sep 2014 19:36:35 +0000
Received: from AM1FFO11FD041.protection.gbl (2a01:111:f400:7e00::105) by DB4PR04CA0035.outlook.office365.com (2a01:111:e400:9852::45) with Microsoft SMTP Server (TLS) id 15.0.1034.13 via Frontend Transport; Tue, 23 Sep 2014 19:36:34 +0000
Received: from mail.philips.com (206.191.240.52) by AM1FFO11FD041.mail.protection.outlook.com (10.174.64.230) with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Tue, 23 Sep 2014 19:36:34 +0000
Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.201]) by DBXPRD9003HT002.MGDPHG.emi.philips.com ([141.251.25.207]) with mapi id 14.16.0469.000; Tue, 23 Sep 2014 19:36:34 +0000
From: "Kumar, Sandeep" <sandeep.kumar@philips.com>
To: Michael StJohns <msj@nthpermutation.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Thread-Topic: [Dtls-iot] DTLS multicast security
Thread-Index: AQHP04DrqofHcYLhrUe3gH/qVs6rT5wIA2cAgABPEQCAADuTgIAADC6AgAAEjQCAAATOAIAABM8AgAAGcQCAAA05gIAEpV2AgAAR7wCAAN+dgIAAPd2ggACQFYCAAANzAA==
Date: Tue, 23 Sep 2014 19:36:34 +0000
Message-ID: <BE6D13F6A4554947952B39008B0DC0153E871F24@DBXPRD9003MB059.MGDPHG.emi.philips.com>
References: <6D27AD8D-3B90-4100-9440-3375946F420B@gmail.com> <541BD0E0.1090409@sics.se> <36F5869FE31AB24485E5E3222C288E1FFAFA@NABESITE.InterDigital.com> <541C452D.9090302@nthpermutation.com> <EBE85F86-00E2-40F8-9205-1B6AE20CAAE9@tzi.org> <541C5336.9040406@nthpermutation.com> <394E30E1-378D-4F37-B86D-F05297A2D8B6@tzi.org> <541C5B46.8060406@nthpermutation.com> <2819E45A-6B1B-4B14-8A7E-3B9358AA3B12@tzi.org> <541C6BC5.7070308@nthpermutation.com> <5420517B.60502@tzi.de> <54206086.1040707@nthpermutation.com> <54211C1B.6000509@sics.se> <BE6D13F6A4554947952B39008B0DC0153E86F614@DBXPRD9003MB059.MGDPHG.emi.philips.com>, <5421C8DD.5000400@nthpermutation.com>
In-Reply-To: <5421C8DD.5000400@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_BE6D13F6A4554947952B39008B0DC0153E871F24DBXPRD9003MB059_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(428002)(199003)(374574003)(377454003)(479174003)(189002)(51704005)(55904004)(85714005)(13464003)(24454002)(101416001)(104016003)(2656002)(55846006)(4396001)(87936001)(68736004)(16236675004)(16601075003)(83322001)(31966008)(84676001)(19580405001)(92566001)(19580395003)(50986999)(15202345003)(84326002)(120916001)(6806004)(85852003)(10300001)(83072002)(106466001)(99396002)(19625215002)(21056001)(81156004)(74502003)(81542003)(105586002)(80022003)(107886001)(512874002)(79102003)(86362001)(90102001)(46102003)(77982003)(95666004)(81342003)(107046002)(74662003)(54356999)(69596002)(93886004)(92726001)(44976005)(77096002)(76176999)(33656002)(76482002)(85306004)(106116001)(20776003)(64706001)(15975445006)(71186001)(97736003)(567094001)(19607625011); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR04MB0637; H:mail.philips.com; FPR:; MLV:sfv; PTR:ErrorRetry; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DB4PR04MB0637;
X-Forefront-PRVS: 0343AC1D30
Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts)
Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com;
X-OriginatorOrg: philips.com
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/w_743ZV_27bwCyHiHnR0piLQ5dM
Subject: Re: [Dtls-iot] DTLS multicast security
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 19:37:01 -0000
Maybe I was not clear about what I meant by “all nodes are equal”. I am talking of a scenario where every lamp in a room has a presence sensor and if any lamp detects presence it can switch on all lamps in that room or the group. The reason why the upstairs room will not be switched on due to a basement sensor is because they are two different groups (unless one wishes to achieve that particular behavior and puts them in the same group). I am not looking for any cross domain group of devices, they have to be exactly the same kind of devices with exactly the same actions. Sent from Windows Mail From: Michael StJohns<mailto:msj@nthpermutation.com> Sent: Tuesday, September 23, 2014 9:24 PM To: dtls-iot@ietf.org<mailto:dtls-iot@ietf.org> Your email about the security considerations section made me go back and look. Sorry I missed responding to this before. On 9/23/2014 7:08 AM, Kumar, Sandeep wrote: > I think there is more to it > A) only confidentiality > B) Integrity Not integrity, but authentication. Integrity is a service where data isn't changed without detection between sender and receiver, not that you know who the sender and receiver are. > B.1) All devices are equal in the group (all members are senders and receivers) Can you describe a scenario where all devices in a group both send and receive control messages AND where the identity of a sender is in all circumstances irrelevant to the security of the system? In prior messages, you've mentioned a system where a sensor is incorporated within a light and/or lightswitch. I'm pretty sure that I care to know the identity of a sensor that fired, I'd be pretty stupid to turn the heat on upstairs if the sensor that fired was in the basement. I might also not want to increase the supply water pressure to a house if the sensor that fired was actually a gas sensor. The multicast security argument is not about who sends or receives, but whether a receiver can make useful and reliable deductions about the security environment applicable to action it should take on a received message. The "all nodes are equal so we can use the same key" argument makes sense in so few domains that the only one I can consistently come up with is a moving swarm of sensors with a very short key life and an ability to identify and heal immediately loss of nodes and communication compromises. Either that or all of them have SPEs making the capture of the multicast key effectively impossible during the life of the mesh. Most of the argument on the list has been about trying to fit a solution to a set of problems. Multicast security is *very* limited in its applicability and in most cases requires additional mitigation in the form of SPEs, physical separation and physical security to get past the realities of the problem. > B.2) There is an asymmetric relation in the devices of the group (only some members are senders) > > For A and B.1 symmetric crypto would be sufficient > B.2 requires asymmetric crypto to perform authorizations. > > If there is no bar to stupidity then independent of whichever crypto primitive one chooses, one can always implement things insecurely. > Implementers can even share the same public-private key pairs on different devices(certificates are expensive) or just put the private key everywhere although the implementer should have only put the public-keys. And these kind of artificial arguments can be constructed not just for multicast security but for any protocol in IETF. Except that BCP guidance is that symmetric keys are shared by only two, asymmetric private keys are never shared. Having someone pass out the same key pairs does happen, but it's a failure of operation, not a failure of protocol design - the protocols are designed for 2 party symmetric not N party unlike draft-keoh which advocates N-party. For draft-keoh, I can't say that the guidance given there is sufficient to protect the purpose of a mesh if the mesh includes a function that requires knowledge of the identity of a sender. E.g. control of a physical device. I can't say the guidance given there is sufficient to prevent implementers from adopting it past a small mesh (say 10) of identical devices that are all equal (e.g. where's the security break point between 5 equal nodes, 50 equal nodes and 500 equal nodes? At which point do you say - oops, too many and how is that enforced??) I keep asking one thing in lots of different ways: "How do you constrain the protocol so it only applies to the domains to which we can all agree are safe enough given the security limitations?" The answer is you can't which continues to suggest that letting this out in the wild is a bad idea. I've made whatever points I'm going to make. Later, Mike > > I think B.2 should be resolved as part of ACE. DICE can still work on A and B.1 (with or without DTLS). > > Regards > Sandeep > >> -----Original Message----- >> From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Ludwig Seitz >> Sent: Tuesday, September 23, 2014 9:07 AM >> To: dtls-iot@ietf.org >> Subject: Re: [Dtls-iot] DTLS multicast security >> >> On 09/22/2014 07:46 PM, Michael StJohns wrote: >> .... >>> If you use multicast symmetric key systems only for confidentiality, >>> breaking in to a node to extract the key doesn't give you much more >>> than you already had - the multicast traffic destined for the node you >>> just hacked. So things like multicast audio aren't necessarily >>> identity-important cases. >>> >> Aha! >> >> So would it be acceptable to separate the problem? >> >> A.) A protocol for multicast confidentiality in CoRE (with or without DTLS, I >> don't care) >> >> B.) A protocol for authorizing control messages (whether they are >> multicasted or not) >> >> Where this work would be done is another question, B. seems like a task for >> ACE. >> >> Would A.) alone be beneficial enough to justify working on it? >> >> /Ludwig >> >> >> >> >> >> -- >> Ludwig Seitz, PhD >> SICS Swedish ICT AB >> Ideon Science Park >> Building Beta 2 >> Scheelevägen 17 >> SE-223 70 Lund >> >> Phone +46(0)70-349 92 51 >> http://www.sics.se > > ________________________________ > The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. > > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot > _______________________________________________ dtls-iot mailing list dtls-iot@ietf.org https://www.ietf.org/mailman/listinfo/dtls-iot
- [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Ludwig Seitz
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Nelson B Bolyard
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security peter van der Stok
- Re: [Dtls-iot] DTLS multicast security Stefanie Gerdes
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Ludwig Seitz
- Re: [Dtls-iot] DTLS multicast security Stefanie Gerdes
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Dorothy Gellert
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Michael StJohns
- Re: [Dtls-iot] DTLS multicast security Kumar, Sandeep
- Re: [Dtls-iot] DTLS multicast security Ludwig Seitz
- Re: [Dtls-iot] DTLS multicast security Rahman, Akbar
- Re: [Dtls-iot] DTLS multicast security Carsten Bormann
- Re: [Dtls-iot] DTLS multicast security Sye Loong Keoh
- Re: [Dtls-iot] DTLS multicast security Robert Cragie
- [Dtls-iot] Further analysis of the problem space … Rene Struik
- Re: [Dtls-iot] Further analysis of the problem sp… Michael StJohns
- Re: [Dtls-iot] Further analysis of the problem sp… Dorothy Gellert
- Re: [Dtls-iot] Further analysis of the problem sp… Rene Struik
- Re: [Dtls-iot] Further analysis of the problem sp… Michael StJohns
- Re: [Dtls-iot] Further analysis of the problem sp… Carsten Bormann
- Re: [Dtls-iot] Further analysis of the problem sp… Dorothy Gellert