Hi Guys,
I think the LLC work going on in (what will probably be) 802.15.12 will allow multiple clients of the 802.15.4 MAC/PHY, including PANA.
At the moment, vendors have coded proprietary forms of "side stacks"...for PANA and other protocols. I'm hoping there's a cleaner way to reuse the 802.15.4 MAC/PHY through a nice LLC layer (and API).
Also, the use of PANA to bootstrap secure joins to an 802.15.4 network is way past specification and functional testing - there are thousands (soon to be millions) of deployed 802.15.4/PANA/6LowPAN/RPL devices that are deployed in real networks...specifically in the Automated Meter Infrastructure (AMI) market.
Randy
On November 10, 2015 at 12:24 PM Jonathan Hui <jon...@nestlabs.com> wrote:I agree with Robert that PANA needs to be viewed as a side stack. It involves more than just restricted forwarding rules and hooks for the upper layers. It also involves resource isolation at the lower layers to help ensure that unauthorized traffic cannot interfere with authorized traffic. Logically they need to be separate, isolated stacks. Although, an implementation may choose to share a bunch of components._______________________________________________Also, I'd caution that specification and basic functional testing alone does not prove a robust solution. How much security or penetration testing has been done on existing implementations? I would argue large-scale deployment certainly helps build confidence beyond what specification and basic functional testing can do.--
Jonathan HuiOn Tue, Nov 10, 2015 at 3:00 AM, Robert Cragie <robert.cra...@gridmerge.com> wrote:Alper - I completely agree with what you say and did note earlier that, given the 7 independent implementations for ZigBee IP, it clearly isn't a serious obstacle. However, it is useful to understand potential issues with any given solution; any solution will have certain issues which have to be addresses.RobertOn 8 November 2015 at 23:28, Alper Yegin <alper.ye...@yegin.org> wrote:Robert,Right. Even though PANA is a UDP-based protocol, one cannot assume it shall be implementable just like any "UDP-based user-land application". Like you said it's a control plane traffic/application, and it needs some hooks from the stack. This is very much similar to other UDP-based protocols like Mobile IPv4 and DHCP. They also need hooks with lower layers.AlperOn Nov 9, 2015, at 1:01 AM, Robert Cragie wrote:Hi Alper,_______________________________________________PANA is UDP traffic, which is typically sent using sockets. There is no defined socket option (in e.g Linux socket API) to specify options for sending the packet when it is processed 2 layers down at the MAC layer. So some might say that specifying a layer 2 concept at layer 4 is layer violation. Also, the unprotected PANA only goes one hop and should not be routed, therefore it is treated differently from other IP packets. This is in addition to the enforcement point policing for unprotected MAC traffic. Hence thinking about it like a "side stack".Other comments inline.RobertOn 7 November 2015 at 21:26, Alper Yegin <alper.ye...@yegin.org> wrote:Hi Robert,The MAC has the ability to carry both encrypted traffic and also unencrypted traffic, right?If so, it's just about telling the MAC which traffic uses encrypted path and which does not.I don't see anything to do with layer violation here.I'd not call it a "side stack" either. It's just demultiplexing. Same stack, different code path executed depending on the characteristic of the traffic, which is explicitly conveyed by the upper layer to the lower layer.<RCC>Some stacks don't work like that though. Sure, if you have control over the stack, it is easy enough to implement and as you say, it is simply demultiplexing and conceptually quite easy to understand but there are certain points in the layer traversal that do have to be treated differently</RCC>Btw, this has to be done for any above-MAC solution.AlperGiven that the MAC can support transporting IP (with whatever payload it carries, be it PANA/UDP, or anything else), it should be able to carry both encrypted traffic and unencrypted traffic.On Nov 7, 2015, at 7:42 PM, Robert Cragie wrote:Hi Alper,The perceived issue is that, in ZigBee IP, the authentication traffic over PANA on the single hop between the unauthenticated joiner and the relay (or authenticator) has to be sent at the MAC layer without any protection. This is because MAC layer protection is used for all authenticated nodes sending and receiving traffic in the mesh and the key used is delivered at the end of the authentication process over the established secure session. Note there is no particular issue with having no MAC layer protection as the only traffic carried is for authentication purposes and thus does not carry any confidential information and is checked using verify exchanges at the end.This means there is effectively a "side stack" alongside the normal stack, which is used to handle the PANA traffic on an enforcement point. On one hand, some perceive the necessity for this side stack as layer violation, although I view this more as control plane traffic, where cross-layer interactions are not uncommon (look at what they are doing in anima with the ASAs, for example). It is also perceived as complicating the use of a typical IP stack, which is normally used for data plane traffic. Specifically, having to provide an extra parameter at the socket layer to indicate whether it should be transmitted unprotected or protected (and similar for receive) is viewed as problematic.In practice, given the fact that the 7 platform implementers managed to successfully implement PANA-based authentication, I am not sure actually how much of an issue it really is.Robert_______________________________________________On 7 November 2015 at 11:00, Alper Yegin <alper.ye...@yegin.org> wrote:Hello Robert,Thanks for this detailed insight.One question below:On Nov 6, 2015, at 5:43 PM, Robert Cragie wrote:Some comments on some of the items raised in the thread so far:* It is not about messages, it is more about how many flights occur between initiator and responder. For example, with (D)TLS, it is normal to incorporate a number of records in a single flight.* The concept of an initial phase of PANA (PCI, PAR) is often needed for DoS and rate-limiting purposes. If DTLS were used, you would still want to use HelloVerifyRequest for the reasons it was developed for DTLS, there is no overhead using PANA in this case.* Whilst it seems straightforward to use DTLS, it may not be the case where a JA is involved and it is likely that the DTLS records will need to be relayed via the JA. The only IP address which can be effectively autoconfigured at this stage is a link local address and therefore it can only go one hop to the JA (or possibly JCE direct).* Note that autoconfiguration of a link local address is pretty much zero cost as it is simply forming an IID from the L2 address and prepending fe80::/64. There may be some concerns about the privacy aspects but I think privacy concerns are much more significant for global addresses and if L2 addresses have some sort of treatment for privacy, that it probably adequate for link local addresses.* Conceptually, all these mechanisms are fundamentally the same and when it comes down to it, there is often little to choose between them. The weight of the exchanges is based on the credentials and underlying crypto used for authentication.* Agree with the comment re. 1.C and 1.D - it is not just EAP-PSK. EAP by definition requires and EAP transport and an EAP method. An EAP transport can be PANA, 802.15.9 (i.e. IEs). EAPOL, RADIUS etc. and there are numerous EAP methods (EAP-TLS, EAP-PSK, EAP-AKA, EAP-IKEV2). Therefore, I would focus on those three layers as that is fundamentally what it comes down to:1. Transport2. Protocol3. CryptoTo summarise the two authentication schemes I am familiar with:ZigBee IP:Transport: PANA/PANA relayProtocol: EAP/EAP-TLSCrypto: ECDHE-ECDSA, PSKThread:Transport: Direct/CoAP relayProtocol: DTLSCrypto: ECJPAKEOne might ask why a different approach was taken for Thread. The main reasons are that DTLS is considered a key protocol for Thread applications (which will likely use CoAP) and thus reuse of DTLS was considered paramount. Also, the Commissioner model is substantially different to the Authenticator model for ZigBee IP and it was considered more appropriate to use protocols a phone/tablet app. would be more familiar with, i.e. CoAP and DTLS as opposed to PANA/EAP/EAP-TLS. I would imagine the 6tisch architecture is closer to ZigBee IP than Thread.* The simplicity of PSK is offset by the need to manage confidential information across the devices. It is always IMHO worth including PSK as a minimal level, as it is very useful for testing purposes if nothing else* In my experience, using EAP-TLS as an EAP method in conjunction with PANA and EAP (i.e. ZigBee IP approach) allows for reuse of TLS library with application layer, thus potentially saving code.* EAP-TLS has a lot of functionality that DTLS has so one could consider using DTLS in conjunction with an appropriate transport. That transport could be PANA, CoAP or a combination of L2/L3 based.* Whatever solution is proposed for transport MUST take into consideration the JN-JA-JCE architecture, i.e. need to consider a point-to-point communication between JN and JA (unauthenticated network) and normal communication between JN and JCE.* If CoAP is used as a transport, it must be distinguishable from other CoAP traffic. This could either be through port or URI.* Whilst PANA is an additional protocol, it is pretty lightweight and is purely an authentication transport. The main issue I heard regarding PANA is the fact it uses UDP and this can cause issues for stacks (especially Linux-based stacks)What exactly is the issue there?* Using PANA in 802.15.9 is a case of transporting the data in IEs. We took a different (IMHO simpler) approach in ZigBee IP and transported the PANA UDP datagrams using 6LoWPAN over unsecured 802.15.4 packets. However, note comment above re. use of UDP.* One bonus of using PANA is the resultant PANA session, which is basically a secure session between PAC and PAA, where the PAC (PANA client) is the device requiring network access. This can be used for securely configuring network parameters on the device, for example, in ZigBee IP it was used to securely deliver the network key. There was an idea for it to deliver other parameters as well but this was considered "treading on the toes" of 6LowPAN ND's address registration and DHCP, although in both those cases, there is no way to provide the secure session with which to transport the data. So I think Tero has this wrong - PANA definitely can be used to distribute keys and be used for rekeying, however I mean this independent of the pairwise key established as part of the authentication between JN and JCE.* I agree with Rafa's point that the JCE and JN should mutually authenticate each other.AlperRobert_______________________________________________On 5 November 2015 at 00:06, Malisa Vucinic <malisa.vuci...@imag.fr> wrote:
> On 05 Nov 2015, at 00:18, Michael Richardson <mcr+i...@sandelman.ca> wrote:
>
>
> It seems to me that we need to write a document that explains the join
> *environment* in terms of radio and energy considerations.
> Some of this discussion happened orally in security design team discussions,
> but was perhaps assumed to be well known, or was simply assumed.
Some of the information is available in the introduction section of minimal, but I definitely agree that it would be useful to spell out somewhere the repercussions this has on the energy consumption during the join.
> One goal of this document is to define the simplest set of rules for
> building a TSCH-compliant network, at the necessary price of lesser
> efficiency. Yet, this minimal mode of operation MAY also be used
> during network bootstrap before any schedule is installed into the
> network so nodes can self-organize and the management and
> configuration information be distributed. In addition, the minimal
> configuration MAY be used as a fall-back mode of operation, ensuring
> connectivity of nodes in case that dynamic scheduling mechanisms fail
> or are not available.
_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
_______________________________________________
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
6tisch mailing list
6tisch@ietf.org
https://www.ietf.org/mailman/listinfo/6tisch
_______________________________________________ 6tisch mailing list 6tisch@ietf.org https://www.ietf.org/mailman/listinfo/6tisch
