IETF Logo Mail Archive

Re: [Dtls-iot] DTLS multicast security

"Kumar, Sandeep" <sandeep.kumar@philips.com> Tue, 23 September 2014 19:37 UTC

Return-Path: <sandeep.kumar@philips.com>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0C691A1AE7 for <dtls-iot@ietfa.amsl.com>; Tue, 23 Sep 2014 12:37:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.919
X-Spam-Level:
X-Spam-Status: No, score=-0.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqdg3hMwl9-O for <dtls-iot@ietfa.amsl.com>; Tue, 23 Sep 2014 12:36:59 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0771.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::771]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C60E21A1AE1 for <dtls-iot@ietf.org>; Tue, 23 Sep 2014 12:36:58 -0700 (PDT)
Received: from DB4PR04CA0035.eurprd04.prod.outlook.com (25.160.41.45) by DB4PR04MB0637.eurprd04.prod.outlook.com (10.242.221.15) with Microsoft SMTP Server (TLS) id 15.0.1034.13; Tue, 23 Sep 2014 19:36:35 +0000
Received: from AM1FFO11FD041.protection.gbl (2a01:111:f400:7e00::105) by DB4PR04CA0035.outlook.office365.com (2a01:111:e400:9852::45) with Microsoft SMTP Server (TLS) id 15.0.1034.13 via Frontend Transport; Tue, 23 Sep 2014 19:36:34 +0000
Received: from mail.philips.com (206.191.240.52) by AM1FFO11FD041.mail.protection.outlook.com (10.174.64.230) with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Tue, 23 Sep 2014 19:36:34 +0000
Received: from DBXPRD9003MB059.MGDPHG.emi.philips.com ([169.254.7.201]) by DBXPRD9003HT002.MGDPHG.emi.philips.com ([141.251.25.207]) with mapi id 14.16.0469.000; Tue, 23 Sep 2014 19:36:34 +0000
From: "Kumar, Sandeep" <sandeep.kumar@philips.com>
To: Michael StJohns <msj@nthpermutation.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>
Thread-Topic: [Dtls-iot] DTLS multicast security
Thread-Index: AQHP04DrqofHcYLhrUe3gH/qVs6rT5wIA2cAgABPEQCAADuTgIAADC6AgAAEjQCAAATOAIAABM8AgAAGcQCAAA05gIAEpV2AgAAR7wCAAN+dgIAAPd2ggACQFYCAAANzAA==
Date: Tue, 23 Sep 2014 19:36:34 +0000
Message-ID: <BE6D13F6A4554947952B39008B0DC0153E871F24@DBXPRD9003MB059.MGDPHG.emi.philips.com>
References: <6D27AD8D-3B90-4100-9440-3375946F420B@gmail.com> <541BD0E0.1090409@sics.se> <36F5869FE31AB24485E5E3222C288E1FFAFA@NABESITE.InterDigital.com> <541C452D.9090302@nthpermutation.com> <EBE85F86-00E2-40F8-9205-1B6AE20CAAE9@tzi.org> <541C5336.9040406@nthpermutation.com> <394E30E1-378D-4F37-B86D-F05297A2D8B6@tzi.org> <541C5B46.8060406@nthpermutation.com> <2819E45A-6B1B-4B14-8A7E-3B9358AA3B12@tzi.org> <541C6BC5.7070308@nthpermutation.com> <5420517B.60502@tzi.de> <54206086.1040707@nthpermutation.com> <54211C1B.6000509@sics.se> <BE6D13F6A4554947952B39008B0DC0153E86F614@DBXPRD9003MB059.MGDPHG.emi.philips.com>, <5421C8DD.5000400@nthpermutation.com>
In-Reply-To: <5421C8DD.5000400@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_BE6D13F6A4554947952B39008B0DC0153E871F24DBXPRD9003MB059_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:206.191.240.52; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(428002)(199003)(374574003)(377454003)(479174003)(189002)(51704005)(55904004)(85714005)(13464003)(24454002)(101416001)(104016003)(2656002)(55846006)(4396001)(87936001)(68736004)(16236675004)(16601075003)(83322001)(31966008)(84676001)(19580405001)(92566001)(19580395003)(50986999)(15202345003)(84326002)(120916001)(6806004)(85852003)(10300001)(83072002)(106466001)(99396002)(19625215002)(21056001)(81156004)(74502003)(81542003)(105586002)(80022003)(107886001)(512874002)(79102003)(86362001)(90102001)(46102003)(77982003)(95666004)(81342003)(107046002)(74662003)(54356999)(69596002)(93886004)(92726001)(44976005)(77096002)(76176999)(33656002)(76482002)(85306004)(106116001)(20776003)(64706001)(15975445006)(71186001)(97736003)(567094001)(19607625011); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR04MB0637; H:mail.philips.com; FPR:; MLV:sfv; PTR:ErrorRetry; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:DB4PR04MB0637;
X-Forefront-PRVS: 0343AC1D30
Received-SPF: None (protection.outlook.com: philips.com does not designate permitted sender hosts)
Authentication-Results: spf=none (sender IP is 206.191.240.52) smtp.mailfrom=sandeep.kumar@philips.com;
X-OriginatorOrg: philips.com
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/w_743ZV_27bwCyHiHnR0piLQ5dM
Subject: Re: [Dtls-iot] DTLS multicast security
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Sep 2014 19:37:01 -0000

Maybe I was not clear about what I meant by “all nodes are equal”. I am talking of a scenario where every lamp in a room has a presence sensor and if any lamp detects presence it can switch on all lamps in that room or the group. The reason why the upstairs room will not be switched on due to a basement sensor is because they are two different groups (unless one wishes to achieve that particular behavior and puts them in the same group). I am not looking for any cross domain group of devices, they have to be exactly the same kind of devices with exactly the same actions.

Sent from Windows Mail

From: Michael StJohns<mailto:msj@nthpermutation.com>
Sent: ‎Tuesday‎, ‎September‎ ‎23‎, ‎2014 ‎9‎:‎24‎ ‎PM
To: dtls-iot@ietf.org<mailto:dtls-iot@ietf.org>

Your email about the security considerations section made me go back and
look.  Sorry I missed responding to this before.

On 9/23/2014 7:08 AM, Kumar, Sandeep wrote:
> I think there is more to it
> A) only confidentiality
> B) Integrity
Not integrity, but authentication.  Integrity is a service where data
isn't changed without detection between sender and receiver, not that
you know who the sender and receiver are.
>          B.1) All devices are equal in the group (all members are senders and receivers)
Can you describe a scenario where all devices in a group both send and
receive control messages AND where the identity of a sender is in all
circumstances irrelevant to the security of the system?

In prior messages, you've mentioned a system where a sensor is
incorporated within a light and/or lightswitch.   I'm pretty sure that I
care to know the identity of a sensor that fired,  I'd be pretty stupid
to turn the heat on upstairs if the sensor that fired was in the
basement.  I might also not want to increase the supply water pressure
to a house if the sensor that fired was actually a gas sensor.

The multicast security argument is not about who sends or receives, but
whether a receiver can make useful and reliable deductions about the
security environment applicable to action it should take on a received
message.

The "all nodes are equal so we can use the same key" argument makes
sense in so few domains that the only one I can consistently come up
with is a moving swarm of sensors with a very short key life and an
ability to identify and heal immediately loss of nodes and communication
compromises.  Either that or all of them have SPEs making the capture of
the multicast key effectively impossible during the life of the mesh.

Most of the argument on the list has been about trying to fit a solution
to a set of problems.  Multicast security is *very* limited in its
applicability and in most cases requires additional mitigation in the
form of SPEs, physical separation and physical security to get past the
realities of the problem.




>          B.2) There is an asymmetric relation in the devices of the group (only some members are senders)
>
> For A and B.1 symmetric crypto would be sufficient
> B.2 requires asymmetric crypto to perform authorizations.
>
> If there is no bar to stupidity then independent of whichever crypto primitive one chooses, one can always  implement things insecurely.
> Implementers can even share the same public-private key pairs on different devices(certificates are expensive) or just put the private key everywhere although the implementer should have only put the public-keys. And these kind of artificial arguments can be constructed not just for multicast security but for any protocol in IETF.

Except that BCP guidance is that symmetric keys are shared by only two,
asymmetric private keys are never shared.  Having someone pass out the
same key pairs does happen, but it's a failure of operation, not a
failure of protocol design - the protocols are designed for 2 party
symmetric not N party unlike draft-keoh which advocates N-party.   For
draft-keoh,  I can't say that the guidance given there is sufficient to
protect the purpose of a mesh if the mesh includes a function that
requires knowledge of the identity of a sender.  E.g. control of a
physical device.  I can't say the guidance given there is sufficient to
prevent implementers from adopting it past a small mesh (say 10) of
identical devices that are all equal (e.g. where's the security break
point between 5 equal nodes, 50 equal nodes and 500 equal nodes?  At
which point do you say - oops, too many and how is that enforced??)

I keep asking one thing in lots of different ways:  "How do you
constrain the protocol so it only applies to the domains to which we can
all agree are safe enough given the security limitations?" The answer is
you can't which continues to suggest that letting this out in the wild
is a bad idea.

I've made whatever points I'm going to make.

Later, Mike

>
> I think B.2 should be resolved as part of ACE.  DICE can still work on A and B.1 (with or without DTLS).
>
> Regards
> Sandeep
>
>> -----Original Message-----
>> From: dtls-iot [mailto:dtls-iot-bounces@ietf.org] On Behalf Of Ludwig Seitz
>> Sent: Tuesday, September 23, 2014 9:07 AM
>> To: dtls-iot@ietf.org
>> Subject: Re: [Dtls-iot] DTLS multicast security
>>
>> On 09/22/2014 07:46 PM, Michael StJohns wrote:
>> ....
>>> If you use multicast symmetric key systems only for confidentiality,
>>> breaking in to a node to extract the key doesn't give you much more
>>> than you already had - the multicast traffic destined for the node you
>>> just hacked.  So things like multicast audio aren't necessarily
>>> identity-important cases.
>>>
>> Aha!
>>
>> So would it be acceptable to separate the problem?
>>
>> A.) A protocol for multicast confidentiality in CoRE (with or without DTLS, I
>> don't care)
>>
>> B.) A protocol for authorizing control messages (whether they are
>> multicasted or not)
>>
>> Where this work would be done is another question, B. seems like a task for
>> ACE.
>>
>> Would A.) alone be beneficial enough to justify working on it?
>>
>> /Ludwig
>>
>>
>>
>>
>>
>> --
>> Ludwig Seitz, PhD
>> SICS Swedish ICT AB
>> Ideon Science Park
>> Building Beta 2
>> Scheelevägen 17
>> SE-223 70 Lund
>>
>> Phone +46(0)70-349 92 51
>> http://www.sics.se
>
> ________________________________
> The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.
>
> _______________________________________________
> dtls-iot mailing list
> dtls-iot@ietf.org
> https://www.ietf.org/mailman/listinfo/dtls-iot
>

_______________________________________________
dtls-iot mailing list
dtls-iot@ietf.org
https://www.ietf.org/mailman/listinfo/dtls-iot

v2.23.0 | Report a Bug | By Email