Re: [Ace] Summary of ACE Group Communication Security Discussion

Wed, 16 Nov 2016 21:50:54 -0800 

On 11/16/2016 9:08 AM, Kepeng Li wrote:


Hello all,


We had a long discussion about group communication security topic 
since the previous F2F meeting.


Hannes and I have tried to make a summary about the discussion as follows:


·       The solution needs to define both, symmetric and an asymmetric 
group key solution.





There is no case (absent hardware mitigation) in which a symmetric group 
key solution can be made secure/safe and no one has made an offer of 
proof that they can make it secure.    I've asked repeatedly - no one 
has come forward with more than "oh we can lock the symmetric key stuff 
in a corner and make sure it isn't used for anything important".




Given the recent attacks on the internet by IOT botnets, there is a 
further consideration that should be undertaken - whether the symmetric 
group key solution applied to 10s of 1000s of IOT devices is an active 
threat to the rest of the internet (e.g. enabling DDOS, cyber physical 
issues, etc)?



The multiparty (group) symmetric key solution is only wanted for a 
single corner of the solution space - low latency, no cost systems. E.g. 
lightbulbs.  Given there is a worked example of the insecurity of 
multiparty symmetric key systems (e.g. the attack on the symmetric 
signing key of the HUE lights), I'm unclear why anyone at all would 
think that pursuing a known bad solution in the IETF is a good idea.



·       The security consideration section needs to explain under what 
circumstances what solution is appropriate.





Security consideration sections generally only address the threat *to* 
the system from security choices.  In this case, symmetric key group 
comms reduces down to the same security analysis you would use with 
shared default passwords across 1000s of devices.   An IOT security 
consideration section in the future probably needs to address the threat 
*FROM* the IOT solution to the broader internet.


Mike



If this is not accurate, please let us know.

Kind Regards
Kepeng & Hannes


BTW: it is a pity that I can't attend this meeting due to personal 
reasons, and hope you all have a nice meeting in Seoul!




_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace




_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

























					Reply via email to