]> RISE AB

Isafjordsgatan 22 Kista 16440 Stockholm Sweden rikard.hoglund@ri.se

RISE AB

Isafjordsgatan 22 Kista 16440 Stockholm Sweden marco.tiloca@ri.se

Internet CoRE Working Group Internet-Draft Object Security for Constrained RESTful Environments (OSCORE) uses AEAD algorithms to ensure confidentiality and integrity of exchanged messages. Due to known issues allowing forgery attacks against AEAD algorithms, limits should be followed on the number of times a specific key is used for encryption or decryption. This document defines how two OSCORE peers must follow these limits and what steps they must take to preserve the security of their communications. Therefore, this document updates RFC8613. Furthermore, this document specifies Key Update for OSCORE (KUDOS), a lightweight procedure that two peers can use to update their keying material and establish a new OSCORE Security Context.

Introduction Object Security for Constrained RESTful Environments (OSCORE) provides end-to-end protection of CoAP messages at the application-layer, ensuring message confidentiality and integrity, replay protection, as well as binding of response to request between a sender and a recipient. In particular, OSCORE uses AEAD algorithms to provide confidentiality and integrity of messages exchanged between two peers. Due to known issues allowing forgery attacks against AEAD algorithms, limits should be followed on the number of times a specific key is used to perform encryption or decryption . Should these limits be exceeded, an adversary may break the security properties of the AEAD algorithm, such as message confidentiality and integrity, e.g. by performing a message forgery attack. The original OSCORE specification does not consider such limits. This document updates as follows.

• It defines when a peer must stop using an OSCORE Security Context shared with another peer, due to the reached key usage limits. When this happens, the two peers have to establish a new Security Context with new keying material, in order to continue their secure communication with OSCORE.
• It specifies KUDOS, a lightweight key update procedure that the two peers can use in order to update their current keying material and establish a new OSCORE Security Context. This deprecates and replaces the procedure specified in .

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. Readers are expected to be familiar with the terms and concepts related to the CoAP and OSCORE protocols.

AEAD Key Usage Limits in OSCORE The following sections details how key usage limits for AEAD algorithms must be considered when using OSCORE. It covers specific limits for common AEAD algorithms used with OSCORE; necessary additions to the OSCORE Security Context, updates to the OSCORE message processing, and existing methods for rekeying OSCORE.

Problem Overview The OSCORE security protocol uses AEAD algorithms to provide integrity and confidentiality of messages, as exchanged between two peers sharing an OSCORE Security Context. When processing messages with OSCORE, each peer should follow specific limits as to the number of times it uses a specific key. This applies separately to the Sender Key used to encrypt outgoing messages, and to the Recipient Key used to decrypt and verify incoming protected messages. Exceeding these limits may allow an adversary to break the security properties of the AEAD algorithm, such as message confidentiality and integrity, e.g. by performing a message forgery attack. The following refers to the two parameters 'q' and 'v' introduced in , to use when deploying an AEAD algorithm.

• 'q': this parameter has as value the number of messages protected with a specific key, i.e. the number of times the AEAD algorithm has been invoked to encrypt data with that key.
• 'v': this parameter has as value the number of alleged forgery attempts that have been made against a specific key, i.e. the amount of failed decryptions that has been done with the AEAD algorithm for that key.

When a peer uses OSCORE:

• The key used to protect outgoing messages is its Sender Key, in its Sender Context.
• The key used to decrypt and verify incoming messages is its Recipient Key, in its Recipient Context.

Both keys are derived as part of the establishment of the OSCORE Security Context, as defined in . As mentioned above, exceeding specific limits for the 'q' or 'v' value can weaken the security properties of the AEAD algorithm used, thus compromising secure communication requirements. Therefore, in order to preserve the security of the used AEAD algorithm, OSCORE has to observe limits for the 'q' and 'v' values, throughout the lifetime of the used AEAD keys.

Limits for 'q' and 'v' Formulas for calculating the security levels as Integrity Advantage (IA) and Confidentiality Advantage (CA) probabilities, are presented in . These formulas take as input specific values for 'q' and 'v' (see section ) and for 'l', i.e., the maximum length of each message (in cipher blocks). For the algorithms that can be used as AEAD Algorithm for OSCORE shows in , the key property to achieve is having IA and CA values which are no larger than p = 2^-64, which will ensure a safe security level for the AEAD Algorithm. This can be entailed by using the values q = 2^20, v = 2^20, and l = 2^10, that this document recommends to use for these algorithms. shows the resulting IA and CA probabilities enjoyed by the considered algorithms, when taking the value of 'q', 'v' and 'l' above as input to the formulas defined in .

Probabilities for algorithms based on chosen q, v and l values.

For the AEAD_AES_128_CCM_8 algorithm when used as AEAD Algorithm for OSCORE, larger IA and CA values are achieved, depending on the value of 'q', 'v' and 'l'. shows the resulting IA and CA probabilities enjoyed by AEAD_AES_128_CCM_8, when taking different values of 'q', 'v' and 'l' as input to the formulas defined in . As shown in , it is especially possible to achieve the lowest IA = 2^-54 and a good CA = 2^-70 by considering the largest possible value of the (q, v, l) triplet equal to (2^20, 2^10, 2^8), while still keeping a good security level. Note that the value of 'l' does not impact on IA, while CA displays good values for every considered value of 'l'. When AEAD_AES_128_CCM_8 is used as AEAD Algorithm for OSCORE, this document recommends to use the triplet (q, v, l) = (2^20, 2^10, 2^8) and to never use a triplet (q, v, l) such that the resulting IA and CA probabilities are higher than 2^-54.

Probabilities for AEAD_AES_128_CCM_8 based on chosen q, v and l values.

The algorithms using AES presented in this draft all use a block size of 16 bytes (128 bits), while AEAD_CHACHA20_POLY1305 uses a block size of 64 bytes (512 bits). As 'l' is defined as the maximum size of each message in blocks, different block sizes will result in different maximum messages sizes for the same value of 'l'. presents the resulting maximum message size in bytes for the different algorithms and values of 'l' presented in this document.

Maximum length of each message (in bytes)

Additional Information in the Security Context In addition to what defined in , the OSCORE Security Context MUST also include the following information.

Common Context The Common Context is extended to include the following parameter.

• 'exp': with value the expiration time of the OSCORE Security Context, as a non-negative integer. The parameter contains a numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds, analogous to what specified for NumericDate in . At the time indicated in this field, a peer MUST stop using this Security Context to process any incoming or outgoing message, and is required to establish a new Security Context to continue OSCORE-protected communications with the other peer.

Sender Context The Sender Context is extended to include the following parameters.

• 'count_q': a non-negative integer counter, keeping track of the current 'q' value for the Sender Key. At any time, 'count_q' has as value the number of messages that have been encrypted using the Sender Key. The value of 'count_q' is set to 0 when establishing the Sender Context.
• 'limit_q': a non-negative integer, which specifies the highest value that 'count_q' is allowed to reach, before stopping using the Sender Key to process outgoing messages. The value of 'limit_q' depends on the AEAD algorithm specified in the Common Context, considering the properties of that algorithm. The value of 'limit_q' is determined according to .

Recipient Context The Recipient Context is extended to include the following parameters.

• 'count_v': a non-negative integer counter, keeping track of the current 'v' value for the Recipient Key. At any time, 'count_v' has as value the number of failed decryptions occurred on incoming messages using the Recipient Key. The value of 'count_v' is set to 0 when establishing the Recipient Context.
• 'limit_v': a non-negative integer, which specifies the highest value that 'count_v' is allowed to reach, before stopping using the Recipient Key to process incoming messages. The value of 'limit_v' depends on the AEAD algorithm specified in the Common Context, considering the properties of that algorithm. The value of 'limit_v' is determined according to .

OSCORE Messages Processing In order to keep track of the 'q' and 'v' values and ensure that AEAD keys are not used beyond reaching their limits, the processing of OSCORE messages is extended as defined in this section. A limitation that is introduced is that, in order to not exceed the selected value for 'l', the total size of the COSE plaintext, authentication Tag, and possible cipher padding for a message may not exceed the block size for the selected algorithm multiplied with 'l'. In particular, the processing of OSCORE messages follows the steps outlined in , with the additions defined below.

Protecting a Request or a Response Before encrypting the COSE object using the Sender Key, the 'count_q' counter MUST be incremented. If 'count_q' exceeds the 'limit_q' limit, the message processing MUST be aborted. From then on, the Sender Key MUST NOT be used to encrypt further messages.

Verifying a Request or a Response If an incoming message is detected to be a replay (see ), the 'count_v' counter MUST NOT be incremented. If the decryption and verification of the COSE object using the Recipient Key fails, the 'count_v' counter MUST be incremented. After 'count_v' has exceeded the 'limit_v' limit, incoming messages MUST NOT be decrypted and verified using the Recipient Key, and their processing MUST be aborted.

Current methods for Rekeying OSCORE Before the limit of 'q' or 'v' defined in has been reached for an OSCORE Security Context, the two peers have to establish a new OSCORE Security Context, in order to continue using OSCORE for secure communication. In practice, the two peers have to establish new Sender and Recipient Keys, as the keys actually used by the AEAD algorithm. When this happens, both peers reset their 'count_q' and 'count_v' values to 0 (see ). Other specifications define a number of ways to accomplish this, as summarized below.

• The two peers can run the procedure defined in . That is, the two peers exchange three or four messages, protected with temporary Security Contexts adding randomness to the ID Context. As a result, the two peers establish a new OSCORE Security Context with new ID Context, Sender Key and Recipient Key, while keeping the same OSCORE Master Secret and OSCORE Master Salt from the old OSCORE Security Context. This procedure does not require any additional components to what OSCORE already provides, and it does not provide perfect forward secrecy. The procedure defined in is used in 6TiSCH networks when handling failure events. That is, a node acting as Join Registrar/Coordinator (JRC) assists new devices, namely "pledges", to securely join the network as per the Constrained Join Protocol . In particular, a pledge exchanges OSCORE-protected messages with the JRC, from which it obtains a short identifier, link-layer keying material and other configuration parameters. As per , a JRC that experiences a failure event may likely lose information about joined nodes, including their assigned identifiers. Then, the reinitialized JRC can establish a new OSCORE Security Context with each pledge, through the procedure defined in .
• The two peers can run the OSCORE profile of the Authentication and Authorization for Constrained Environments (ACE) Framework . When a CoAP client uploads an Access Token to a CoAP server as an access credential, the two peers also exchange two nonces. Then, the two peers use the two nonces together with information provided by the ACE Authorization Server that issued the Access Token, in order to derive an OSCORE Security Context. This procedure does not provide perfect forward secrecy.
• The two peers can run the EDHOC key exchange protocol based on Diffie-Hellman and defined in , in order to establish a pseudo-random key in a mutually authenticated way. Then, the two peers can use the established pseudo-random key to derive external application keys. This allows the two peers to securely derive especially an OSCORE Master Secret and an OSCORE Master Salt, from which an OSCORE Security Context can be established. This procedure additionally provides perfect forward secrecy.
• If one peer is acting as LwM2M Client and the other peer as LwM2M Server, according to the OMA Lightweight Machine to Machine Core specification , then the LwM2M Client peer may take the initiative to bootstrap again with the LwM2M Bootstrap Server, and receive again an OSCORE Security Context. Alternatively, the LwM2M Server can instruct the LwM2M Client to initiate this procedure. If the OSCORE Security Context information on the LwM2M Bootstrap Server has been updated, the LwM2M Client will thus receive a fresh OSCORE Security Context to use with the LwM2M Server. In addition to that, the LwM2M Client, the LwM2M Server as well as the LwM2M Bootstrap server are required to use the procedure defined in and overviewed above, when they use a certain OSCORE Security Context for the first time .

Manually updating the OSCORE Security Context at the two peers should be a last resort option, and it might often be not practical or feasible. Even when any of the alternatives mentioned above is available, it is RECOMMENDED that two OSCORE peers update their Security Context by using the KUDOS procedure as defined in of this document. It is RECOMMENDED that the peer initiating the key update procedure starts it before reaching the 'q' or 'v' limits. Otherwise, the AEAD keys possibly to be used during the key update procedure itself may already be or become invalid before the rekeying is completed, which may prevent a successful establishment of the new OSCORE Security Context altogether.

Key Update for OSCORE (KUDOS) This section defines KUDOS, a lightweight procedure that two OSCORE peers can use to update their keying material and establish a new OSCORE Security Context. KUDOS relies on the support function updateCtx() defined in and the message exchange defined in . The following properties are fulfilled.

• KUDOS can be initiated by either peer. In particular, the client or the server may start KUDOS by sending the first rekeying message.
• The new OSCORE Security Context enjoys Perfect Forward Secrecy.
• The same ID Context value used in the old OSCORE Security Context is preserved in the new Security Context. Furthermore, the ID Context value never changes throughout the KUDOS execution.
• KUDOS is robust against a peer rebooting, and it especially avoids the reuse of AEAD (nonce, key) pairs.
• KUDOS completes in one round trip. The two peers achieve mutual proof-of-possession in the following exchange, which is protected with the newly established OSCORE Security Context.

Extensions to the OSCORE Option In order to support the message exchange for establishing a new OSCORE Security Context as defined in , this document extends the use of the OSCORE option originally defined in as follows.

• This document defines the usage of the seventh least significant bit, called "Extension-1 Flag", in the first byte of the OSCORE option containing the OSCORE flag bits. This flag bit is specified in . When the Extension-1 Flag is set to 1, the second byte of the OSCORE option MUST include the set of OSCORE flag bits 8-15.
• This document defines the usage of the first least significant bit "ID Detail Flag", 'd', in the second byte of the OSCORE option containing the OSCORE flag bits. This flag bit is specified in . When it is set to 1, the compressed COSE object contains an 'id detail', to be used for the steps defined in . In particular, the 1 byte following 'kid context' (if any) encodes the length x of 'id detail', and the following x bytes encode 'id detail'.
• The second-to-eighth least significant bits in the second byte of the OSCORE option containing the OSCORE flag bits are reserved for future use. These bits SHALL be set to zero when not in use. According to this specification, if any of these bits are set to 1, the message is considered to be malformed and decompression fails as specified in item 2 of .

shows the OSCORE option value including also 'id detail'.

The OSCORE option value, including 'id detail' +-+-+-+-+-+-+-+-+---+---+---+---+---+---+---+---+---------------------+ |0|1|0|h|k| n | 0 | 0 | 0 | 0 | 0 | 0 | 0 | d | Partial IV (if any) | +-+-+-+-+-+-+-+-+---+---+---+---+---+---+---+---+---------------------+ <- 1 byte -> <----- s bytes ------> <- 1 byte -> <----- x bytes ----> +------------+----------------------+---------------------------------+ | s (if any) | kid context (if any) | x (if any) | id detail (if any) | +------------+----------------------+------------+--------------------+ +------------------+ | kid (if any) ... | +------------------+ ]]>

Function for Security Context Update The updateCtx() function shown in takes as input a nonce N as well as an OSCORE Security Context CTX_IN, and returns as output a new OSCORE Security Context CTX_OUT. As a first step, the updateCtx() function derives the new values of the Master Secret and Master Salt for CTX_OUT, according to one of the two following methods. The used method depends on how the two peers established their original Security Context, i.e., the Security Context that they shared before performing KUDOS with one another for the first time.

• If the original Security Context was established by running the EDHOC protocol , the following applies. First, the EDHOC key PRK_4x3m shared by the two peers is updated using the EDHOC-KeyUpdate() function defined in , which takes the nonce N as input. After that, the EDHOC-Exporter() function defined in is used to derive the new values for the Master Secret and Master Salt, consistently with what is defined in . In particular, the context parameter provided as second argument to the EDHOC-Exporter() function is the empty CBOR byte string (0x40) , which is denoted as h''. Note that, compared to the compliance requirements in , a peer MUST support the EDHOC-KeyUpdate() function, in case it establishes an original Security Context through the EDHOC protocol and intends to perform KUDOS.
• If the original Security Context was established through other means than the EDHOC protocol, the new Master Secret is derived through an HKDF-Expand() step, which takes as input N as well as the Master Secret value from the Security Context CTX_IN. Instead, the new Master Salt takes N as value.

In either case, the derivation of new values follows the same approach used in TLS 1.3, which is also based on HKDF-Expand (see ) and used for computing new keying material in case of key update (see ). After that, the new Master Secret and Master Salt parameters are used to derive a new Security Context CTX_OUT as per . Any other parameter required for the derivation takes the same value as in the Security Context CTX_IN. Finally, the function returns the newly derived Security Context CTX_OUT.

Function for deriving a new OSCORE Security Context { EDHOC-KeyUpdate(N) // This results in updating the key PRK_4x3m of the // EDHOC session, i.e., PRK_4x3m = Extract(N, PRK_4x3m) MSECRET_NEW = EDHOC-Exporter("OSCORE_Master_Secret", h'', key_length) = EDHOC-KDF(PRK_4x3m, TH_4, "OSCORE_Master_Secret", h'', key_length) MSALT_NEW = EDHOC-Exporter("OSCORE_Master_Salt", h'', salt_length) = EDHOC-KDF(PRK_4x3m, TH_4, "OSCORE_Master_Salt", h'', salt_length) } else { Master Secret Length = < Size of CTX_IN.MasterSecret in bytes > MSECRET_NEW = HKDF-Expand-Label(CTX_IN.MasterSecret, Label, N, Master Secret Length) = HKDF-Expand(CTX_IN.MasterSecret, HkdfLabel, Master Secret Length) MSALT_NEW = N; } < Derive CTX_OUT using MSECRET_NEW and MSALT_NEW, together with other parameters from CTX_IN > Return CTX_OUT; } Where HkdfLabel is defined as struct { uint16 length = Length; opaque label<7..255> = "oscore " + Label; opaque context<0..255> = Context; } HkdfLabel; ]]>

Establishment of the New OSCORE Security Context This section defines the actual KUDOS procedure performed by two peers to update their OSCORE keying material. Before starting KUDOS, the two peers share the OSCORE Security Context CTX_OLD. Once completed the KUDOS execution, the two peers agree on a newly established OSCORE Security Context CTX_NEW. In particular, each peer contributes by generating a fresh value R1 or R2, and providing it to the other peer. The byte string concatenation of the two values, hereafter denoted as R1 | R2, is used as input N by the updateCtx() function, in order to derive the new OSCORE Security Context CTX_NEW. As for any new OSCORE Security Context, the Sender Sequence Number and the replay window are re-initialized accordingly (see ). Once a peer has successfully derived the new OSCORE Security Context CTX_NEW, that peer MUST terminate all the ongoing observations it has with the other peer as protected with the old Security Context CTX_OLD. Once a peer has successfully decrypted and verified an incoming message protected with CTX_NEW, that peer MUST discard the old Security Context CTX_OLD. KUDOS can be started by the client or the server, as defined in and , respectively. The following properties hold for both the client- and server-initiated version of KUDOS.

• The initiator always offers the fresh value R1.
• The responder always offers the fresh value R2.
• The responder is always the first one deriving the new OSCORE Security Context CTX_NEW.
• The initiator is always the first one achieving key confirmation, hence able to safely discard the old OSCORE Security Context CTX_OLD.
• Both the initiator and the responder use the same respective OSCORE Sender ID and Recipient ID. Also, they both preserve and use the same OSCORE ID Context from CTX_OLD.

The length of the nonces R1, and R2 is application specific. The application needs to set the length of each nonce such that the probability of its value being repeated is negligible; typically, at least 8 bytes long.

Client-Initiated Key Update shows the KUDOS workflow with the client acting as initiator.

Client-Initiated KUDOS Workflow | | OSCORE Option: | CTX_1 = | ... | update(R1, | d flag: 1 | CTX_OLD) | ... | | ID Detail: R1 | Verify with CTX_1 | ... | | | Generate R2 | | | | CTX_NEW = | | update(R1|R2, | | CTX_OLD) | | | Response #1 | |<-------------------| Protect with CTX_NEW CTX_NEW = | OSCORE Option: | updateCtx(R1|R2, | ... | CTX_OLD) | d flag: 1 | | ... | Verify with CTX_NEW | ID Detail: R2 | | ... | Discard CTX_OLD | | | | // The actual key update process ends here. // The two peers can use the new Security Context CTX_NEW. | | | Request #2 | Protect with CTX_NEW |------------------->| | | Verify with CTX_NEW | | | | Discard CTX_OLD | | | Response #2 | |<-------------------| Protect with CTX_NEW Verify with CTX_NEW | | | | ]]>

First, the client generates a random value R1, and uses the nonce N = R1 together with the old Security Context CTX_OLD, in order to derive a temporary Security Context CTX_1. Then, the client sends an OSCORE request to the server, protected with the Security Context CTX_1. In particular, the request has the 'd' flag bit set to 1 and specifies R1 as 'id detail' (see ). Upon receiving the OSCORE request, the server retrieves the value R1 from the 'id detail' of the request, and uses the nonce N = R1 together with the old Security Context CTX_OLD, in order to derive the temporary Security Context CTX_1. Then, the server verifies the request by using the Security Context CTX_1. After that, the server generates a random value R2, and uses the nonce N = R1 | R2 together with the old Security Context CTX_OLD, in order to derive the new Security Context CTX_NEW. Then, the server sends an OSCORE response to the client, protected with the new Security Context CTX_NEW. In particular, the response has the 'd' flag bit set to 1 and specifies R2 as 'id detail'. Upon receiving the OSCORE response, the client retrieves the value R2 from the 'id detail' of the response. Since the client has received a response to an OSCORE request it made with the 'd' flag bit set to 1, the client uses the nonce N = R1 | R2 together with the old Security Context CTX_OLD, in order to derive the new Security Context CTX_NEW. Finally, the client verifies the response by using the Security Context CTX_NEW and deletes the old Security Context CTX_OLD. After that, the client can send a new OSCORE request protected with the new Security Context CTX_NEW. When successfully verifying the request using the Security Context CTX_NEW, the server deletes the old Security Context CTX_OLD and can reply with an OSCORE response protected with the new Security Context CTX_NEW. From then on, the two peers can protect their message exchanges by using the new Security Context CTX_NEW.

Server-Initiated Key Update shows the KUDOS workflow with the server acting as initiator.

Server-Initiated KUDOS Workflow | | | Verify with CTX_OLD | | | | Generate R1 | | | | CTX_1 = | | updateCtx(R1, | | CTX_OLD) | | | Response #1 | |<-------------------| Protect with CTX_1 CTX_1 = | OSCORE Option: | updateCtx(R1, | ... | CTX_OLD) | d flag: 1 | | ... | Verify with CTX_1 | ID Detail: R1 | | ... | Generate R2 | | | | CTX_NEW = | | updateCtx(R1|R2, | | CTX_OLD) | | | | | Request #2 | Protect with CTX_NEW |------------------->| | OSCORE Option: | CTX_NEW = | ... | updateCtx(R1|R2, | d flag: 1 | CTX_OLD) | ... | | ID Detail: R1|R2 | Verify with CTX_NEW | ... | | | Discard CTX_OLD | | // The actual key update process ends here. // The two peers can use the new Security Context CTX_NEW. | Response #2 | |<-------------------| Protect with CTX_NEW Verify with CTX_NEW | | | | Discard CTX_OLD | | | | ]]>

First, the client sends a normal OSCORE request to the server, protected with the old Security Context CTX_OLD and with the 'd' flag bit set to 0. Upon receiving the OSCORE request and after having verified it with the old Security Context CTX_OLD as usual, the server generates a random value R1 and uses the nonce N = R1 together with the old Security Context CTX_OLD, in order to derive a temporary Security Context CTX_1. Then, the server sends an OSCORE response to the client, protected with the Security Context CTX_1. In particular, the response has the 'd' flag bit set to 1 and specifies R1 as 'id detail' (see ). Upon receiving the OSCORE response, the client retrieves the value R1 from the 'id detail' of the response, and uses the nonce N = R1 together with the old Security Context CTX_OLD, in order to derive the temporary Security Context CTX_1. Then, the client verifies the response by using the Security Context CTX_1. After that, the client generates a random value R2, and uses the nonce N = R1 | R2 together with the old Security Context CTX_OLD, in order to derive the new Security Context CTX_NEW. Then, the client sends an OSCORE request to the server, protected with the new Security Context CTX_NEW. In particular, the request has the 'd' flag bit set to 1 and specifies R1 | R2 as 'id detail'. Upon receiving the OSCORE request, the server retrieves the value R1 | R2 from the request. Then, the server verifies that: i) the value R1 is identical to the value R1 specified in a previous OSCORE response with the 'd' flag bit set to 1; and ii) the value R1 | R2 has not been received before in an OSCORE request with the 'd' flag bit set to 1. If the verification succeeds, the server uses the nonce N = R1 | R2 together with the old Security Context CTX_OLD, in order to derive the new Security Context CTX_NEW. Finally, the server verifies the request by using the Security Context CTX_NEW and deletes the old Security Context CTX_OLD. After that, the server can send an OSCORE response protected with the new Security Context CTX_NEW. When successfully verifying the response using the Security Context CTX_NEW, the client deletes the old Security Context CTX_OLD. From then on, the two peers can protect their message exchanges by using the new Security Context CTX_NEW.

Retention Policies Applications MAY define policies that allows a peer to also temporarily keep the old Security Context CTX_OLD, rather than simply overwriting it to become CTX_NEW. This allows the peer to decrypt late, still on-the-fly incoming messages protected with CTX_OLD. When enforcing such policies, the following applies.

• Outgoing messages MUST be protected by using only CTX_NEW.
• Incoming messages MUST first be attempted to decrypt by using CTX_NEW. If decryption fails, a second attempt can use CTX_OLD.
• When an amount of time defined by the policy has elapsed since the establishment of CTX_NEW, the peer deletes CTX_OLD.

Discussion KUDOS is intended to deprecate and replace the procedure defined in , as fundamentally achieving the same goal, while displaying a number of improvements and advantages. In particular, it is especially convenient for the handling of failure events concerning the JRC node in 6TiSCH networks (see ). That is, among its intrinsic advantages compared to the procedure defined in , KUDOS preserves the same ID Context value, when establishing a new OSCORE Security Context. Since the JRC uses ID Context values as identifiers of network nodes, namely "pledge identifiers", the above implies that the JRC does not have anymore to perform a mapping between a new, different ID Context value and a certain pledge identifier (see ). It follows that pledge identifiers can remain constant once assigned, and thus ID Context values used as pledge identifiers can be employed in the long-term as originally intended.

Security Considerations This document mainly covers security considerations about using AEAD keys in OSCORE and their usage limits, in addition to the security considerations of . Depending on the specific key update procedure used to establish a new OSCORE Security Context, the related security considerations also apply. TODO: Add more considerations.

IANA Considerations This document has the following actions for IANA.

OSCORE Flag Bits Registry IANA is asked to add the following entries to the "OSCORE Flag Bits" registry within the "Constrained RESTful Environments (CoRE) Parameters" registry group.

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation. CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols. Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252. The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. Ericsson AB Ericsson AB Ericsson AB This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios and a main use case is to establish an OSCORE security context. By reusing COSE for cryptography, CBOR for encoding, and CoAP for transport, the additional code size can be kept very low. Informative References This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations. JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. This document describes the environment, problem statement, and goals for using the Time-Slotted Channel Hopping (TSCH) Medium Access Control (MAC) protocol of IEEE 802.14.4e in the context of Low-Power and Lossy Networks (LLNs). The set of goals enumerated in this document form an initial set only. This document describes a minimal mode of operation for an IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) network. This minimal mode of operation specifies the baseline set of protocols that need to be supported and the recommended configurations and modes of operation sufficient to enable a 6TiSCH functional network. 6TiSCH provides IPv6 connectivity over a Time-Slotted Channel Hopping (TSCH) mesh composed of IEEE Std 802.15.4 TSCH links. This minimal mode uses a collection of protocols with the respective configurations, including the IPv6 Low-Power Wireless Personal Area Network (6LoWPAN) framework, enabling interoperable IPv6 connectivity over IEEE Std 802.15.4 TSCH. This minimal configuration provides the necessary bandwidth for network and security bootstrapping and defines the proper link between the IETF protocols that interface to IEEE Std 802.15.4 TSCH. This minimal mode of operation should be implemented by all 6TiSCH-compliant devices. This document describes the minimal framework required for a new device, called a "pledge", to securely join a 6TiSCH (IPv6 over the Time-Slotted Channel Hopping mode of IEEE 802.15.4) network. The framework requires that the pledge and the JRC (Join Registrar/Coordinator, a central entity), share a symmetric key. How this key is provisioned is out of scope of this document. Through a single CoAP (Constrained Application Protocol) request-response exchange secured by OSCORE (Object Security for Constrained RESTful Environments), the pledge requests admission into the network, and the JRC configures it with link-layer keying material and other parameters. The JRC may at any time update the parameters through another request-response exchange secured by OSCORE. This specification defines the Constrained Join Protocol and its CBOR (Concise Binary Object Representation) data structures, and it describes how to configure the rest of the 6TiSCH communication stack for this join process to occur in a secure manner. Additional security mechanisms may be added on top of this minimal framework. Combitech Ericsson Spotify AB Arm Ltd. This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE- OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases. Ericsson AB Combitech Ericsson AB RISE This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token. ETH Zurich Mozilla Cloudflare An Authenticated Encryption with Associated Data (AEAD) algorithm provides confidentiality and integrity. Excessive use of the same key can give an attacker advantages in breaking these properties. This document provides simple guidance for users of common AEAD functions about how to limit the use of keys in order to bound the advantage given to an attacker. It considers limits in both single- and multi-key settings. Open Mobile Alliance Open Mobile Alliance

Acknowledgments The authors sincerely thank Christian Amsuess, John Mattsson and Goeran Selander for their feedback and comments. The work on this document has been partly supported by VINNOVA and the Celtic-Next project CRITISEC; and by the H2020 project SIFIS-Home (Grant agreement 952652).