Re: [6lowpan] RE: [RSN] Here is the new RL2N Proposed Working Charter

Kris Pister Tue, 04 Dec 2007 09:14:42 -0800

Jonathan - until we start to get into stateful header compression, allof the information that is covered in the L4 checksum is covered by theL2 MIC. It may be in a different form, but it's all there.I'm far more concerned about corruption due to RF communication problemsthan I am about corruption due to incorrect algorithm implementation.No matter what we do, that will always be a problem - what if my motecalculates the checksum properly, but swapped some bytes in the messageformation before calculating the checksum, or just generated the wrongcommand packet in the first place? Those are errors of comparablesimplicity to not being able to compress or decompress the 6LoWPANheader properly. There's a long list of simple mistakes that can bemade by a node that aren't going to get caught by either an L4 checksumor an L2 MIC. Those aren't the ones that I'm worried about, because wehave some control over them. The ones that we can't control are theones that happen in the ether.So I'll go back to my earlier question: given your concern about peopleimproperly compressing and decompressing, and the realities of low powerwireless in a shared ISM band, which do you think will have more end toend errors?

A) n hops with L4 checksum
B) n hops with L2 MIC

Or maybe a better question is: does option B scare you so much that wedon't want to allow people to do it because it may corrupt our otherwiseflawless networks?


ksjp

Jonathan Hui wrote:

Hi Kris,
I'm still not seeing how L2 MICs negate the need for L4 MICs. L2 MICsare verified and recomputed hop by hop, where as L4 MICs are not.There are a couple reasons why L2 MICs do not cover all of thefunctionality of L4 MICs. First, an intermediate router couldincorrectly accept a corrupted packet or incorrectly mutate the L2payload yet compute a MIC that will indicate the packet is still validto the next hop. Second, the L2 MIC as currently defined by 802.15.4only covers the bits contained within the frame. It does not take inany knowledge of the upper layers. An L4 MIC necessarily covers theIPv6 pseudo-header and does so in 6LoWPAN even if some of those bitsare elided.
The only case I see where the L2 MIC covers every bit of functionalityan L4 MIC might provide is if the IPv6 datagram is carrieduncompressed within the L2 frame and communication occurs withinlink-local scope.
--
Jonathan Hui


Kris Pister wrote:
Jonathan - I'm not arguing for a different transport layer, I'marguing that there are more bits that can be compressed out of theexisting compressed UDP header.
HC_UDP bits 3 through 7 are currently reserved.
My suggestion is that we take one of them, e.g. bit 3, and use it toindicate whether the 2 byte checksum is compressed.
----------
Checksum (bit 3) :
    0: not compressed, carried inline (Section 10.3.2)
1: compressed (L2 MIC assumed). If this option is used, thepacket MUST be sent with L2 message integrity.
-----------
If the node can't send with an L2 MIC, or it doesn't know if themessage will be sent with an L2 MIC, then it sends the checksum. Ifthe packet comes in with the checksum compressed, and the node can'tsend it that way, then it calculates the checksum. I don't thinkthat you can claim that this is more of a layer violation than someof the other compression that we're specifying already.I stand by my claim that an L2 MIC and no checksum on some or allhops along a path will give you higher end to end integrity thansending the checksum with no L2 MIC. Of course, you can send both,which is what 4944 forces you to do now if you want an L2 MIC. Butthe whole premise of the document, as stated in the introduction, isthat header compression is important.If people want to avoid having an L2 MIC, that's fine. But if youuse one, then sending the 2 byte UDP checksum is silly.
ksjp

Jonathan Hui wrote:
Yes, its clear that a 32-bit MIC is stronger than a 16 bit checksum.However, a MIC at L2 no matter how many bits it is is not end-to-endand does not negate the need for L4 integrity checks. Wanting to usea stronger checksum at L4 sounds like you want a different transportlayer. You mentioned earlier on this list that losses apply to everylink, even wired ones. So if you want stronger end-to-end integritychecks, use a transport layer other than UDP. That's the beauty of IP.
--
Jonathan Hui


Kris Pister wrote:
A 16 bit checksum at L4 is redundant if every L2 hop has a 32 bit MIC.
A 16 bit checksum at L4 is not sufficient protection against biterrors without a 32 bit MIC somewhere (either L2 or L4/5, or bothas in HART).
If you run 15.4 networks without a 32 bit MIC, I guarantee you thatyou will get valid checksums on corrupted packets. Depending onthe network traffic, that might happen once per day per network.
If a node knows that it's going to send a packet with a 32 bit L2MIC, can't it be smart enough to compress out the 16 bit checksum?Is that really violating the requirement? (It's a simple enoughchange - we've got another bit in the HC2 header.)
Put another way, which do you think is safer from an L3/L4 headererror detection perspective:A) sending packets over 10 hops with a 32 bit MIC at each hop andno 16 bit checksum
B) sending packets over 1 hop with no MIC and a 16 bit checksum

The math is pretty clear.  The measured data fits the math.

ksjp

Jonathan Hui wrote:
Note that L2 message integrity doesn't provide end-to-end messageintegrity, which L4 checksums (that cover the L3 header) provide.
--
Jonathan Hui


Kris Pister wrote:
Geoff - ooh, I like exceptions.
Did we try to get an exception on the UDP checksum? It's painfulto leave that in the compressed header if we have L2 messageintegrity.
ksjp

Geoff Mulligan wrote:
We have already received an exception from the IESG to IPsec on6lowpan
devices.

    geoff

On Thu, 2007-11-29 at 16:09 +0100, Pascal Thubert (pthubert) wrote:
Hum...
I had missed that; Seems that we have to make an exception :)If you consider ISA100.11a, they already have security at L2and L5, it makes little sense to MUST IPSec on top of that.
Pascal
-----Original Message-----
From: Kris Pister [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 8:03 PM
To: Pascal Thubert (pthubert)
Cc: 6lowpan
Subject: Re: [RSN] Here is the new RL2N Proposed Working Charter

Hmm.  From 4294:
"However, while authentication and encryption can each beNULL, they
MUST NOT both be NULL."

ksjp

Pascal Thubert (pthubert) wrote:
Hi Kris:
For your question on ESP, AFAIK, RFC 4294 only mandates NULLencryption and authentication for
interoperability reasons.
On the general question of RFC 4294 itself: I'm not sure thework was ever done. I hope someone
>from the list can help?
If the answer is unclear, and considering that we arere-chartering the group, maybe we could have
a work item to specify the instantiation of RFC 4294 forLoWPAN nodes?
Pascal
________________________________________
From: Kris Pister [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 5:42 PM
To: Pascal Thubert (pthubert)
Cc: 6lowpan
Subject: Re: [RSN] Here is the new RL2N Proposed Working Charter
Is there an email thread somewhere that discusses the impacton 6LoWPAN of the security
requirements of 4294 and 4303?
My first quick readthrough makes me very uncomfortable thatsome of the mandates are going to be
ugly from a header standpoint.
ksjp

Pascal Thubert (pthubert) wrote:
Hi JP:
Thanks a bunch for this charter. I'll try not to rephrasewhat was already discussed with Christian,
Anders, Philip and Misha.
There's an additional item I'd wish to see either in ROLL or6LoWPAN and I do not know exactly
where it belongs, maybe both. The question is whether we needto and can document how RFC 4294applies for sensors, and M2M devices in general, whether theyact as hosts or as routers.
I've seen IPv6 presented as a Pandora box that drags just toomuch stuff to be incorporated in a
sensory device. For instance, at the moment, SP100.11aendorses 6LoWPAN formats but it's not so clearat all that IPv6 itself is mandated. A clear spec withwell-documented implementation could be a
formidable tool to despond to Fear, Uncertainty and Defiance.
So maybe we do not need DHCP (a MAY in RFC 4294) and maybecan do without multicast at all if ND is
supported some other way (such as suggested in:http://www.ietf.org/internet-drafts/draft-thubert-lowpan-backbone-router-00.txt). Maybe NULL encryption andauthentication is enough etc, etc...
Being able to define one minimum set and maybe a few otherprofiles for the use cases that we
selected could help tremendously.
Otherwise I find the charter real well written and easy todigest. >>From the MANEMO experience, I
expect that some arguments about the relative applicability ofexisting MANET protocols will bedifficult to prove without some good simulation work runningagreed-upon scenarios.
Finally, I'm a bit confused that it seems that both IPv4 andIPv6 seem supported. Ipv4 comes with a
lot of overhead like DHCP. I suggest that when trouble comesand things can not be done in a common
fashion for both IP protocols, hen we prioritize IPv6.
Unfortunately, I can not make it to Vancouver, but I do feelthat the work is really needed so
please count my vote in for the adoption of the WG.
Cheers,

Pascal


-----Original Message-----
From: Jean Philippe Vasseur (jvasseur)
Sent: Wednesday, November 21, 2007 9:19 PM
To: [EMAIL PROTECTED]
Subject: [RSN] Here is the new RL2N Proposed Working Charter

Dear all,
As promised, here is the new proposed Working Group, whichreflects thenumber of comments/suggestions that we received, the pre-WGconsensus, ...
Thanks to Dave Ward (RTD AD) for his input.

Proposed RL2N WG Charter

Description of Working Group
L2Ns (Low power and Lossy networks) are typically composed ofmany embeddeddevices with limited power, memory, and processing resourcesinterconnectedby a variety of wireless links, such as IEEE 802.15.4,Bluetooth, Low Power
WiFi.
L2Ns are transitioning to an end-to-end IP-based solution toavoid theproblems of non-interoperable networks interconnected byprotocoltranslation gateways and proxies. In addition, L2Ns havespecific routingrequirements that are not currently met by existing routingprotocols, suchas OSPF, IS-IS, AODV, and OLSR. L2N path selection must bedesigned to takeinto consideration the specific power, capabilities,attributes andfunctional characteristics of the links and nodes in thenetwork.
There is a wide scope of application areas for L2Ns,including industrialmonitoring, building automation (HVAC, lighting/accesscontrol), connectedhome, healthcare, environmental monitoring, agricultural,smart cities,logistics, assets tracking, and refrigeration. The L2N WGwill focus onrouting solutions for a subset of these deployment scenarios,namelyindustrial, connected home/building and urban applications.The WorkingGroup will determine the routing requirements for thesescenarios.
The Working Group will provide a routing framework for theseapplicationscenarios that provides high reliability in the presence oftime varyingloss characteristics and connectivity while permittinglow-power operation
with very modest memory and CPU pressure.
The Working Group will pay a particular attention to routingsecurity andmanageability (e.g self managing/configuration) issues, whichare
particularly critical for L2Ns.

Work Items:
- Produce use cases documents for Industrial, Connected Home,Building andurban application networks. Each document will describe theuse case and theassociated routing protocol requirements. The documents willprogress in
collaboration with the 6lowpan Working Group (INT area).
- Survey the applicability of existing protocols to L2Ns. Theaim of thisdocument will be to analyze the scaling and characteristicsof existingprotocols and identify whether or not they meet the routingrequirements ofthe L2Ns applications identified above. Existing IGPs, MANET,NEMO, DTN
routing protocols will be part of evaluation.
- Specification of routing metrics used in path calculation.This includesstatic and dynamic link/nodes attributes required for routingin L2Ns.
- Provide an architectural framework for routing and pathselection at Layer
3 (Routing for L2N Architecture)
* Decide whether the L2Ns routing protocol require adistributed,
centralized path computation models or both.
* Decide whether the L2N routing protocol requires ahierarchical routing
approach.

- Produce a security framework for routing in L2Ns.

Goals And Milestones:
April 2008 Submit Use case/Routing requirements forIndustrial, ConnectedHome, Building and Urban networks applications to the IESG tobe considered
as an Informational RFC.
August 2008: Submit Routing metrics for L2Ns document to theIESG to be
considered as an Informational RFC.
September 2008: Submit first draft of the Routing for L2NsArchitecture
document  (summary of requirements, path computation model,
flat/hierarchy,Š).
November 2008: Submit Protocol Survey to the IESG to beconsidered as an
Informational RFC.
January 2009 Submit Security Framework for L2Ns to the IESGto be considered
as an Informational RFC
February 2009: Submit the Routing for L2Ns Architecturedocument (summaryof requirements, metrics and attributes, path selectionmodel) to the IESG
as an Informational RFC.

March 2009: Recharter.


Please comment/suggest/...

See you in Vancouver.

JP and David.


_______________________________________________
RSN mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/rsn



_______________________________________________
RSN mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/rsn
_______________________________________________
6lowpan mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/6lowpan
_______________________________________________
6lowpan mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/6lowpan


_______________________________________________
6lowpan mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/6lowpan

Re: [6lowpan] RE: [RSN] Here is the new RL2N Proposed Working Charter

Reply via email to