lpwan Working Group A. Minaburo Internet-Draft Acklio Intended status: Standards Track L. Toutain Expires: 18 August 2023 I. Martinez Institut MINES TELECOM; IMT Atlantique 14 February 2023 SCHC Rule Access Control draft-toutain-lpwan-access-control-00 Abstract The framework for SCHC defines an abstract view of the rules, formalized with through a YANG Data Model. In its original description rules are static and share by 2 entities. The use of YANG authorizes rules to be uploaded or modified in a SCHC instance and leads to some possible attacks, if the changes are not controlled. This document summarizes some possible attacks and define augmentation to the existing Data Mode, to restrict the changes in the rule. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 18 August 2023. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights Minaburo, et al. Expires 18 August 2023 [Page 1] Internet-Draft SCHC AC February 2023 and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Attack scenario . . . . . . . . . . . . . . . . . . . . . . . 2 3. YANG Access Control . . . . . . . . . . . . . . . . . . . . . 2 4. Normative References . . . . . . . . . . . . . . . . . . . . 3 Appendix A. Security Considerations . . . . . . . . . . . . . . 3 Appendix B. IANA Considerations . . . . . . . . . . . . . . . . 3 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction 2. Attack scenario A LWM2M device, under control of an attacker, sends some management messages to modify the SCHC rules in core in order to direct the traffic to another application. This can be either to participate to a DDoS attack or to send sensible information to another application. SCHC rules are defined for a specific traffic. An attacker changes en element (for instance, the dev UDP port number) and therefore no rule matches the traffic, the link may be saturated by no-compressed messages. 3. YANG Access Control YANG language allows to specify read only or read write nodes. NACM [RFC8341] extends this by allowing users or group od users to perform specific actions. This granularity do not fit this the rule model. For instance, the goal is not to allow all the field-id leaves to be modified. The objective is to allow a specific rule entry to be changed and therefore some of the leaves to be modified. For instance an entry with field-id containing Uri-path may have his target-value modified, as in the same rule, the entry regarding the app-prefix should not be changed. The SCHC access control augments the YANG module defined in [I-D.ietf-lpwan-schc-yang-data-model] to allow a remote entity to manipulate the rules. Several levels are defined. * in the set of rules, it authorizes or not a new rule to be added . Minaburo, et al. Expires 18 August 2023 [Page 2] Internet-Draft SCHC AC February 2023 * in a compression rule, it allows to add or remove field descriptions. * in a compression rule, it allows to modify some elements of the rule, such as the target-value, the matching-operator or/and the comp-decomp-action and associated values. * in a fragmentation rule, it allows to modify some parameters. 4. Normative References [I-D.ietf-lpwan-schc-yang-data-model] Minaburo, A. and L. Toutain, "Data Model for Static Context Header Compression (SCHC)", Work in Progress, Internet-Draft, draft-ietf-lpwan-schc-yang-data-model-21, 9 October 2022, . [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, . [RFC8824] Minaburo, A., Toutain, L., and R. Andreasen, "Static Context Header Compression (SCHC) for the Constrained Application Protocol (CoAP)", RFC 8824, DOI 10.17487/RFC8824, June 2021, . Appendix A. Security Considerations TBD Appendix B. IANA Considerations TBD Authors' Addresses Ana Minaburo Acklio 1137A avenue des Champs Blancs 35510 Cesson-Sevigne Cedex France Email: ana@ackl.io Minaburo, et al. Expires 18 August 2023 [Page 3] Internet-Draft SCHC AC February 2023 Laurent Toutain Institut MINES TELECOM; IMT Atlantique 2 rue de la Chataigneraie CS 17607 35576 Cesson-Sevigne Cedex France Email: Laurent.Toutain@imt-atlantique.fr Ivan Martinez Institut MINES TELECOM; IMT Atlantique 2 rue de la Chataigneraie CS 17607 35576 Cesson-Sevigne Cedex France Email: ivan-marino.martinez-bolivar@imt-atlantique.fr Minaburo, et al. Expires 18 August 2023 [Page 4]