Re: [6lo] Address protected neighbor discovery

Wed, 20 Jul 2016 05:33:39 -0700

My numbers show that on a network, the probablity is so small that the address is statistically unique. 


Even with 50,000 devices on a network, the probably would be 6.67E-9%  
Just not there.



On 07/20/2016 02:27 PM, Pascal Thubert (pthubert) wrote:

Thanks Bob!

I think the bottom line here is what's the exposure. If the collision occurred 
on a MAC address that would effectively get packets to the wrong place and 
would partially cut off devices from the network.

No such thing here. The collision has no operational consequence. Both nodes 
will register their addresses fine and there will be no visible effect unless 
the IPv6 addresses are also in collision.

Is there a security opening then?

The exposure is that two devices may be capable of claiming one another's 
address and the 6LBR will fail to prevent this, putting us back to today's 
situation for these 2 particular devices.

Even in the highly remote chance that they are on a same subnetwork, even if 
one is a really mean device, L2 crypto does not allow node B to see what UID is 
used by device A so those 2 devices will not know they are in this situation.

It's good to add words to explain all this but the chance of accident are too 
remote to be of consequence. Instead we need to focus on getting a CGA that is 
hard enough to attack....


Regards,

Pascal


Le 20 juil. 2016 à 13:17, Robert Moskowitz <[email protected]> a écrit :




On 07/20/2016 11:59 AM, Mohit Sethi wrote:
Dear Behcet and Pascal

I have previously reviewed the draft on address protected neighbor discovery: 
draft-sarikaya-6lo-ap-nd-01.

I generally like the idea but still have some questions. I wonder what about 
collisions for cryptographic IDs. The draft defines them as 64-bits long. I 
assume that at a minimum 80 bits are needed to assume that it is collision 
free. Or is it the case that collisions are not an issue in this case?

I just ran some numbers through for another problem with a 64bit number field.  
It works out as follows.

The formula is:  1 - e^{-k^2/(2n)}

Where n is your maximum popluation size (2^64 here, 1.84E19) and K is your 
actual population.

A .01% probablity of a collision is  a bit less than 66M devices.

If everyone in the world has one device (7B), then you are up to a 73% 
probablity of a collision.

So your risk of a collision on a network is there, but really low.

ID author, you may want to put this formula into your draft.


_______________________________________________
6lo mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lo


_______________________________________________
6lo mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lo






















					Reply via email to